EnybenyCrypt Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 2 |
| First Seen: | November 17, 2018 |
| Last Seen: | July 23, 2019 |
| OS(es) Affected: | Windows |
The EnybenyCrypt Ransomware is an encryption ransomware Trojan that was first observed on October 29, 2018. The EnybenyCrypt Ransomware is commonly delivered to victims' PCs through corrupted email attachments, often taking the form of damaged PDF or DOCX files with embedded scripts that download and install the EnybenyCrypt Ransomware onto the victim's computer. Once the EnybenyCrypt Ransomware is installed, it carries out a typical version of the encryption ransomware tactic, taking the victim's files hostage and demanding a ransom payment from the victim in exchange for the return of the affected data.
How the EnybenyCrypt Ransomware can Enter a Computer
The EnybenyCrypt Ransomware is a variant of HiddenTear, an open source ransomware platform that has been responsible for countless versions of these infections. Once the EnybenyCrypt Ransomware has been installed, this threat uses the AES and RSA encryptions to make the victim's files inaccessible, marking every file encrypted in the attack by adding the file extension '.crypt888' to the files' name. This file marker has been seen in a different ransomware Trojan known as the Crypt888 Ransomware, pointing to a possible connection between these threats. The EnybenyCrypt Ransomware targets the user-generated files, which may include files with the following file extensions:
.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.
After the victim's files are encrypted, the EnybenyCrypt Ransomware delivers a ransom note. The EnybenyCrypt Ransomware ransom note takes the form of an HTML file named 'Hack.html' that is dropped on the infected computer's desktop. The EnybenyCrypt Ransomware ransom note is a short message telling the victim to contact the criminals via email and using expletives to insult and threaten the victim of the attack. The text that has been associated with the EnybenyCrypt Ransomware variants reads:
'Your files was encrypted with AES-256 Millitary Grade Encryption
Contact to rsupp@protonmail.ch or im flush your files to toilet and fuck using my dick!'
The average ransom amount that the victims of the EnybenyCrypt Ransomware are asked to pay is close to 600 USD in Bitcoin.
Protecting Your Data from Threats Like the EnybenyCrypt Ransomware
The best protection against threats like the EnybenyCrypt Ransomware is to have file backups, stored on the cloud or a detached memory device. Apart from file backups, computer users should use a security program that is fully up-to-date to protect their data. Keeping backup copies of your files ensures that you can recover your data without having to negotiate with the criminals responsible for this attack.
