FileEngineering Ransomware

Two different versions of FileEngineering Ransomware has been observed to be unleashed in the wild. The two variants operate in a perfectly identical way - they aim to infiltrate users' computer systems, encrypt the files found there with an uncrackable cryptographic algorithm, and then extort their victims in exchange for the potential decryption of the locked data. The main and only differences between the two FileEnginerring Ransomware threats are the specific email address they leave to their victims as communication channels.

Files encrypted by either of the two FileEngineering Ransomware variants will have their original names changed drastically. The threats will first append a string representing the unique ID designated to the PC user, followed by an email address that belongs to the hackers, and finally '.encrypted' as a new file extension. The email address utilized by one of the variants is 'FileEngineering@mailfence.com,' while the other places 'FileEngineering@rape.lol' as part of the filename. As for the ransom note, both threats drop it as text files named 'Get your files back!.txt,' which are placed inside any folder containing encrypted data.

The ransom notes provided by the threats are, once again, virtually identical apart from the email addresses. Victims infected by one of the variants will be told to use 'FileEngineering@mailfence.com' as the main email address, but if no answer arrives in the next 12 hours, they should try one of the two alternate addresses at 'FileEngineering@tutanota.com' and 'FileEngineering@elude.in.' Users affected by the other FileEngineering Ransomware variant are instead instructed to send a message to the 'FileEngineering@rape.lol' email with an alternate address at 'FileEngineering@elude.in.'

While neither of the notes mentions the exact sum that the cybercriminals demand as payment, it is clarified that the transaction will have to be made using Bitcoin.

The full text of the notes delivered by the FileEngineering Ransomware variants are:

'Hello

I am a security engineer.

I noticed that your system security is very weak and I hacked it.

And all your files are encrypted!

I can return your files for a fair amount of Bitcoin and also tell you your security vulnerabilities.

Send an email to this address : FileEngineering@mailfence.com

And write this ID in its subject : -

If I did not reply to you within 12 hours, send an email to : FileEngineering@tutanota.com

or this email : FileEngineering@elude.in

For more trust you can send a small file to me and I will show you Your files are decryptable

There is no way to decrypt your files, so pay attention to the following:

* Never change the name of your files, you may have problems with the decrypt

* Never try to decrypt files with another tool

* You may have a backup of your files but you will never notice your system bugs and I can hack your system again

Hello

I am a security engineer.

I noticed that your system security is very weak and I hacked it.

And all your files are encrypted!

I can return your files for a fair amount of Bitcoin and also tell you your security vulnerabilities.

Send an email to this address : FileEngineering@rape.lol

And write this ID in its subject : -

If I did not reply to you within 12 hours, send an email to : FileEngineering@elude.in

There is no way to decrypt your files, so pay attention to the following:

* Never change the name of your files, you may have problems with the decrypt

* Never try to decrypt files with another tool

* You may have a backup of your files but you will never notice your system bugs and I can hack your system again.'

What to do if your Computer is Infected With FileEngineering Ransomware

There are numerous cases where people who trust cyber criminals enough to pay the ransom to receive nothing in return. The attackers don't provide the decryption key even if victims meet their demands. There is no way to track criminals after they get your money. If you send money to the criminals and don't get a key that works, you lose your money and data. The good news is that it may be possible to save both.

The first thing to do is to remove the virus as quickly as possible. Antimalware and antivirus programs can do that. You can then recover your data from a backup after removing FileEngineering from your device. Removing the virus won't undo the data encryption, but it will prevent backed-up data from being encrypted too. Software recovery programs may be of assistance if you don't have a data backup.

How Does FileEngineering Ransomware Get On Computers?

FileEngineering spreads through malicious payloads that download and install the ransomware. These payload files are spread across social media and free file sharing websites in the hopes of catching people unawares. Some freeware programs you find online also have the cryptovirus bundled with them or could be viruses themselves.

Cybercriminals typically spread malware through email attachments. Emails appear to come from legitimate sources and encourage the reader to interact with an attachment or link. Doing so will infect your computer. Payload files are also uploaded to torrent websites, pirated content, and malicious advertisements.

How to Protect Against FileEngineering And Other Ransomware

Your first priority when protecting against ransomware is to be careful when using your computer. Ensure you install some antivirus software to protect against infections. High-quality antivirus programs can catch problems like this before they set in and prevent viruses from installing themselves in the first place. Other things you can do to protect your computer are;

• Avoid torrenting websites
• Keep software and operating systems up to date with official updaters
• Avoid using cracking tools or other illegal programs
• Avoid opening links and attachments from unknown and suspicious emails