Ender Ransomware

The Ender Ransomware pretends to be an encryption ransomware Trojan that is used to lure inexperienced computer users. Threats like the Ender Ransomware are quite common today, all using very similar tactics. The Ender Ransomware and similar threats will encrypt the victim's files using a strong encryption algorithm. The files encrypted by the Ender Ransomware attack become inaccessible. The Ender Ransomware delivers a ransom demand, asking the victim to make a large payment using BitCoins to receive the decryption key necessary to recover the files affected by the attack once the victim's files have been compromised by the ransomware Trojan. However, the Ender Ransomware doesn't carry out this attack, although it pretends to do so. The Ender Ransomware is a screen locker ransomware Trojan. The Ender Ransomware delivers a ransom note, which prevents the victims from accessing their computers, but does not encrypt the victim's files (only pretending to do so).

The Ender Ransomware Attack is a Make-Believe

The Ender Ransomware was first observed on October 9, 2017. The Ender Ransomware was submitted to online anti-virus platforms. Con artists will do this frequently to check whether the ransomware Trojan is capable of evading current anti-virus technology. The main consequence of an attack from the Ender Ransomware consists in the victims being unable to access their computers. To do this, the Ender Ransomware displays a full-screen message that blocks access to the desktop and the victim's applications. It is very likely that the Ender Ransomware is still in development since the attack the Ender Ransomware carries out can be undone with the use of a password embedded into the Ender Ransomware's code. Furthermore, although the Ender Ransomware claims that the victim's files were encrypted, this is not the case; the Ender Ransomware does not have encryption capabilities. It is uncertain whether this is intentional, or it is because the Ender Ransomware is unfinished and the encryption capabilities are planned to be added sometime in the future.

How the Ender Ransomware Tries to Fool Computer Users

It is likely that the creators of the Ender Ransomware are amateurs or do not have the same resources as more sophisticated attackers. The Ender Ransomware is very similar to numerous other encryption ransomware Trojans that have been released in recent months. The Ender Ransomware makes changes to the infected computer's Registry and startup programs, making sure that the Ender Ransomware's harmful file starts up automatically when Windows boots. When the victim starts the infected computer, the Ender Ransomware will run automatically, displaying a full-screen window and preventing the victim from using the keyboard shortcuts, the Windows Task Manager, or other utilities that could be used to bypass these invasive elements. The Ender Ransomware displays a message that claims that the victim's files were encrypted. Then, the payment of a ransom needs to be made in exchange for a decryption key. The full text of the Ender Ransomware's screen locker message reads:

'[the Ender Ransomware|WINDOW NAME]
Your PC was locked by Ender!
the Ender Ransomware appeared!
Your PC was locked!
You have luck... i am encrypted your PC Access, but i don't stealed your PC!
But if you leave it alone... your PC will be encrypted forever!
How to get the decryption key?
[Yeah, how?|BUTTON]
You have VALID encryption key? Type in here please:
[TEXT BOX] [Submit|BUTTON]'

Dealing with the Ender Ransomware

The Ender Ransomware has the password needed to bypass the Ender Ransomware screen locker embedded in its code. Computer users can recover from the Ender Ransomware attack by inputting the following string:

aRmLgk8wb0WK5q7

The people responsible for the attacks update Ransomware and screen locker Trojans like the Ender Ransomware constantly. It is very likely that these people will release a version of the Ender Ransomware that does not allow recovery using the above password or has encryption capabilities. Because of this, taking preventive measures is the best bet against these threats.