Enmity Ransomware

The Enmity Ransomware is a potent form of malware that targets computers with the harmful intent of encrypting the files stored on them. Once activated, the Enmity Ransomware conducts an extensive scan of the targeted system's files and encrypts a diverse range of file types, encompassing documents, photos, archives, databases, PDFs, and more. As a result, the victim loses access to these files, rendering them practically unrecoverable without the unique decryption keys possessed by the attackers.

A notable characteristic of this ransomware is its distinct process of modifying the original names of the encrypted files. In the case of the Enmity Ransomware, it appends a complex pattern to the filenames, following the format: -Mail[]ID-[].. While the email address used in the file extensions is 'iwillhelpyou99@zohomail.eu,' the rest of the pattern is dynamically generated for each victim individually.

Furthermore, to make their demands known, the ransomware leaves behind a text file named 'Enmity-Unlock-Guide.txt' on the infected device. This text file serves as a ransom note. It contains detailed instructions from the malicious operators of Enmity Ransomware, providing guidance to the victims on how to proceed with the ransom payment and potential decryption process.

The Enmity Ransomware Demands a Ransom Payment in Cryptocurrency

The ransom note dropped by Enmity Ransomware contains critical information designed to instill urgency in the victims. It includes payment and contact details from the cybercriminals. The attackers explicitly state that they only accept payments in Bitcoin, one of the most widely used cryptocurrencies.

Moreover, the 'Enmity-Unlock-Guide.txt' file offers victims a potential way to test the attackers' decryption capabilities at no cost by providing the option to send two small encrypted files to the attackers. To initiate communication with the threat actors, victims are given the 'iwillhelpyou99@zohomail.eu' email address and a Telegram account with the handle '@Recoveryhelper.'

In many ransomware incidents, victims often feel compelled to pay the attackers as they are left with few alternatives to regain access to their encrypted data. This is primarily because the decryption tools necessary for data recovery are typically under the exclusive control of the attackers. However, it is crucial to emphasize that paying the ransom is strongly discouraged. There is no guarantee that the attackers will uphold their end of the bargain and provide the decryption tools even after receiving the payment. Therefore, succumbing to their demands may not lead to data restoration, and it may also perpetuate and support illegal activities.

Ensuring the Safety of Your Devices and Data is Crucial

Protecting devices and data from ransomware infections requires a combination of preventive measures and safe online practices. Here are some essential steps users can take to enhance their protection against ransomware:

• Keep Your Software Up-to-Date: Regularly update applications, the operating system and security software on all devices. Software updates often include patches that address known vulnerabilities that could be exploited by ransomware.
•  Install Anti-Malware: Use reputable anti-malware software to detect and block ransomware threats. Ensure that these security tools are updated regularly to stay effective against new variants of ransomware.
•  Enable Firewall: Activate and configure the device's built-in firewall to append an extra layer of protection against unauthorized network access and potential ransomware attacks.
•  Backup Data Regularly: Routinely back up all critical data to an external device or a secure cloud storage service. Regular backups enable data recovery without paying ransom in the event of a ransomware infection.
•  Use Strong Passwords: Employ solid and unique passwords for all online accounts and devices. Consider implementing multi-factor authentication (MFA) for added security.
•  Disable Macro Scripts: Configure office applications to turn off macro scripts by default. This can prevent malicious macros from executing and infecting the system with ransomware.
•  Educate and Raise Awareness: Educate all users about ransomware risks and safe online practices. Teach your employees how to perceive phishing attempts and avoid falling victim to social engineering tactics.

By following these proactive measures and staying cautious while using the internet and email, users can significantly reduce the risk of ransomware infections and protect their devices and valuable data from falling into the hands of cybercriminals.

The full text of the Enmity Ransomware's message to its victims is:

'Your files have been blocked by Enmity Ransomware
you have to pay bitcoin for the unlock process
you can send a small file (less than 1 or 2 mb) for test decryption (if we decide that the file is important, we may ask you to send another one)
Contact us and pay and get a transcript
Contact us by Email: iwillhelpyou99@zohomail.eu
if there is no answer by email send a message to my telegram id below
Telegram ID: @Recoveryhelper
Your ID:'