EV Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 100 % (High) |
Infected Computers: | 7 |
First Seen: | August 23, 2017 |
Last Seen: | September 10, 2021 |
OS(es) Affected: | Windows |
The EV Ransomware is a ransomware Trojan that is used to extort computer users. Like most encryption ransomware Trojans, the EV Ransomware is designed to take the victims' files hostage, encrypt them with a strong encryption algorithm and then demand the payment of a ransom in exchange for the decryption key. This is a typical threat attack, which can be devastating for unprepared computer users. The best protection against the EV Ransomware and similar Trojans is to have file backups, which can allow computer users to recover their files quickly and easily.
Table of Contents
The Targets Of the EV Ransomware are the Files Related to WordPress Websites
PC security analysts discovered that the EV Ransomware is being used to attack websites on the WordPress platform. According to these reports, malware researchers have caught several attempts to upload the EV Ransomware to a server to encrypt the files related to WordPress websites. The EV Ransomware has received this name because it marks the files encrypted in the attack by adding the file extension '.ev' to each affected file's name. The con artists must first compromise a WordPress website to carry out the attacks involving the EV Ransomware. To do this, they will take advantage of poor password protection or other lax security measures (such as the lacking of the latest updates to the website's software). These people can upload the EV Ransomware to the website through a Web user's interface, simply clicking on the 'submit button' once the website has been compromised.
How the EV Ransomware Carries out Its Attack
Once the EV Ransomware has been uploaded to a server, it will encrypt most of the victim's files. The EV Ransomware uses mcrypt to encrypt the victim's files, using the Rijndael 128 encryption algorithm. After encrypting the victim's data, the decryption key itself is encrypted, making it nearly impossible to recover the affected files. Even if the victims pay the ransom that the EV Ransomware demands, the affected files will be extremely difficult to recover. This is because the EV Ransomware allows the con artists to encrypt the victims' files, but it does not include a decryption program or functionality. Because of this, in the case of the EV Ransomware, it is crucial to refrain from paying the ransom, since the creators of the EV Ransomware will not restore the affected files. In fact, if they provide a decryption key, it will still be necessary to enlist an experienced programmer to fix the affected files and reverse the effects on the affected files.
Protecting Your Websites from the EV Ransomware
Fortunately, WordPress has released protections against the EV Ransomware, which computer users can implement by installing the latest versions of the platform. Computer users also must secure their platforms in the best way possible, using strong passwords and implementing other security measures. Most importantly, they should have a reliable backup system, which must be stored offline to avoid having the backups themselves encrypted by threats like the EV Ransomware.
Tracing the Origins of the EV Ransomware and Similar Threats
PC security researchers have noted that the variants of the EV Ransomware were observed on GitHub publicly, with some of the oldest dating back to at least Spring of 2016. These versions of the EV Ransomware seem to be related to a group of Indonesian con artists, which have been associated with various other threat campaigns. However, the current version of the EV Ransomware is still incomplete although in its current version it is already capable of extorting victims. The EV Ransomware is likely to evolve into a more complete ransomware Trojan, which can attack more files apart from WordPress databases. These attacks have been observed before but had not become widespread. For example, in the first few months of 2016, malware analysts received reports of a variant of the CTB Locker being used to encrypt websites for ransom in a way similar to the current EV Ransomware campaign.
SpyHunter Detects & Remove EV Ransomware
File System Details
# | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
---|---|---|---|
1. | just.exe | 83928680592d674bfe0b420a20e7fbb6 | 3 |