Evil Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 80 % (High) |
Infected Computers: | 26 |
First Seen: | January 11, 2017 |
Last Seen: | June 16, 2022 |
OS(es) Affected: | Windows |
The Evil Ransomware is an encryption ransomware Trojan that is written in JavaScript. The Evil Ransomware encrypts its victims' files, adding the extension 'fie0locked' to each affected file. Once the victim's files are encrypted and no longer accessible, the Evil Ransomware displays a ransom note, dropping it on the affected computer's Desktop. The Evil Ransomware is designed to take its victims' files hostage until a ransom is paid.
Table of Contents
The Evil Ransomware Uses a JavaScript Exploit to be Distributed
There are several ways in which threats like the Evil Ransomware may be distributed. One of the most common ways of distributing the Evil Ransomware is through corrupted email attachments distributed in spam email campaigns. The Evil Ransomware has been linked to a JavaScript exploit that is used to install this threat on the victim's computer. The Evil Ransomware has been observed on social media spam messages, as well as hidden in torrents on file sharing networks. Because of this, computer users are advised to exercise caution when handling any unsolicited emails or messages and avoid potentially harmful websites such as illegal file sharing sites.
How the Evil Ransomware Attack Works
Encryption ransomware Trojans like the Evil Ransomware are designed to take over the victim's files, making them inaccessible. These threats display a ransom note on the victim's computer, which alerts the victim of the attack and demands the payment of a ransom. The Evil Ransomware will create several files on the victim's computer, including the following:
'HOW_TO_DECRYPT_YOUR_FILES.TXT
HOW_TO_DECRYPT_YOUR_FILES.HTML
background.png
list.txt'
The first two of these files contain the Evil Ransomware's ransom note in the form of a text file and an HTML file opened by the victim's Web browser. The second file is the image used to change the victim's Desktop background. The 'list.txt' file contains a listing of all of the files that were encrypted during the Evil Ransomware attack. The Evil Ransomware displays its ransom note after the victim's files are encrypted. The ransom note contains information on payment and the attack. The full text of the ransom note reads as follows:
'Hello.
Your UID: [Redacted] Its the Evil ransomware. As you can see some of your files have been encrypted!
Encryption was made using a unique strongest AES key.
If you want restore your files you need to BUY (sorry, nothing personal, its just business) the private key, send me your UID to r6789986@mail.kz'
During its attack, the Evil Ransomware will encrypt numerous file types, including the following:
.3fr, .accdb, .ai, .arw, .bay, .cdr, .cer, .certs, .cr2, .crt, .crw, .dbf, .dcr, .der, .dng, .doc, .dwg, .dxf, .dxg, .eps, .erf, .img, .indd, .jpg, .kdc, .mdb, .mdf, .mef, .mrw, .nef, .nrw, .odb, .odc, .odm, .odp, .ods, .odt, .orf, .p12, .p7b, .p7c, .pdd, .pef, .pem, .pfx, .ppt, .psd, .pst, .ptx, .pub, .r3d, .raf, .raw, .rtf, .rw2, .rwl, .sr2, .srf, .srw, .wb2, .wpd, .wps, .x3f, .xlk, .xls.
Dealing with the Evil Ransomware
PC security analysts strongly advise against paying the Evil Ransomware ransom. In many cases, the people responsible for these attacks will ignore the victim's payment, ask for more money, or deliver a decryption utility that does not work. Unfortunately, once the attack has been carried out, the victim's files will remain inaccessible. This is what makes these attacks so effective. Because of this, preventive measures are the most important aspect of dealing with ransomware threats. PC security researchers strongly advise computer users to use a reliable security program that is fully up-to-date to protect their computers. The use of a good anti-spam filter can stop the email messages used to distribute the Evil Ransomware. Most importantly, computer users should have backups of their files. Being able to recover the affected files from a backup copy makes the Evil Ransomware attack completely ineffective.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.