EncryptServer2018 Ransomware

The EncryptServer2018 Ransomware is an encryption ransomware Trojan that carries out a typical version of this tactic by encrypting the victims' files and then demanding payment of a ransom in exchange for the decryption key. The EncryptServer2018 Ransomware seems to be designed to compromise servers and may be delivered manually by taking advantage of poorly protected servers due to open RDP (Remote Desktop Protocol) ports, unpatched software or weak passwords. The EncryptServer2018 Ransomware was first observed in the third week of January 2018. The EncryptServer2018 Ransomware includes some obfuscation mechanisms that prevent security software from stopping its attack.

How the EncryptServer2018 Ransomware may Infect a Computer

The basic mechanism that most encryption ransomware Trojans use tends to be the same from one infection to the other. The EncryptServer2018 Ransomware will target a wide variety of file types, including images, videos, music and numerous others. The file types below are examples of the files that may be at risk in infections like the EncryptServer2018 Ransomware:

.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.

The EncryptServer2018 Ransomware, like most other encryption ransomware Trojans, will delete the Windows Shadow Volume Copies and the System Restore points, with the goal of holding the victim's files hostage. Unfortunately, once the EncryptServer2018 Ransomware has finished the files' encryption, the only way to restore the original files is to obtain the decryption keys, which the cybercrooks store in their Command and Control server, away from the affected computer users.

The EncryptServer2018 Ransomware and Its Ransom Demands

The EncryptServer2018 Ransomware will threaten the victims with the permanent loss of their data unless a ransom is paid. The EncryptServer2018 Ransomware will mark the files encrypted by the attack by adding the file extension '.2018' to the affected file's name and renaming the affected files following the pattern:

'[32 RANDOM CHARS] ID [8 RANDOM CHARS].2018'

The EncryptServer2018 Ransomware delivers a ransom note in a text file named 'Attention!!!!.txt,' dropped onto the infected computer. The full text of the EncryptServer2018 Ransomware ransom note reads:

'Attention !!!
All your files on this server have been encrypted.
Write this ID in the title of your message
To restore the files need to write to us on e-mail: tornado_777@aol.com or BM-2cXXgKAo8HzUmijt8KMywZYHm8xDHhxwZg@bitmessage.ch
The price for restoration depends on how quickly you write tous.
After payment we will send you a decryption tool that willdecrypt all your files.
GUARANTEES!!!
You can send us up to 3 files for free decryption.
-files should not contain important information
-and their total size should be less than 1 MB
HOW TO OBTAIN BITCOINS!!!
The easiest way to buy bitcoins is the LocalBitcoins website.
You need to register, click "Buy bitcoyne" and select theseller
by method of payment and price
https://localbitcoins.com/buy_bitcoins
IMPORTANT !!!
Do not rename encrypted files
Do not try to decrypt your data with third-party software,this can lead to permanent data loss!
Your ID [redacted]'

Dealing with the EncryptServer2018 Ransomware

PC security researchers warn that contacting the people responsible for the EncryptServer2018 Ransomware attack, besides not recommended, may end up bringing additional problems. Instead, the encrypted files should be restored from a backup copy. Because of this, file backups on the cloud or an external memory device are the most effective protection against these threats.