Santa Encryptor Ransomware

The Santa Encryptor Ransomware is an encryption ransomware Trojan that seems to be Christmas themed since it displays a picture of Santa Claus along with its ransom note during the attack. PC security researchers first observed the Santa Encryptor Ransomware being delivered to victims on December 7, 2017. Trojans like the Santa Encryptor Ransomware are designed to encrypt victims' files using a strong encryption algorithm to demand payment of a ransom from the victim. The Santa Encryptor Ransomware seems to be under development and may not be carrying out an effective encryption attack. According to portions of the Santa Encryptor Ransomware code, the Santa Encryptor Ransomware seems to try to implement the XOR encryption in its attack, although it is certainly not effective. One aspect of the Santa Encryptor Ransomware that is not especially effective is the fact that its ransom note does not include an email address, a Bitcoin wallet, or another way of carrying out a ransom payment effectively.

The Santa that will Take Instead of Giving

The Santa Encryptor Ransomware is used to encrypt the victims' files using its encryption algorithm. Ransomware Trojans like the Santa Encryptor Ransomware will target the user-generated files while avoiding the Windows system files. The Santa Encryptor Ransomware targets several files types in its attack, which include:

.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.

Once the files are encrypted, they become inaccessible without the decryption key, which the cybercrooks would hold in their possession (in case a full, functional version of the Santa Encryptor Ransomware is eventually released).

The Santa Encryptor Ransomware’s Ransom Demand

Once the Santa Encryptor Ransomware encrypts the victim's files, the Santa Encryptor Ransomware displays a program window named 'Santa Encryptor' with a picture of Santa Claus. The Santa Encryptor Ransomware's ransom note is designed to mimic the ransom note displayed by WannaCry, attempting to trick the victims into believing that their computers were encrypted with a more threatening ransomware Trojan than the Santa Encryptor Ransomware. The full text of the Santa Encryptor Ransomware's ransom note reads:

'Oop's Your File's Have Been Encrypted!
What Happened To Your PC?
Your Important File's Have Been Encrypted Many Of Your Documents, Photos, Databases And Other File's Are No Longer Accessible. Because They Have Been Encrypted Using AES-256
How Can I Decrypt My File's?
Your Lucky Santa Is Here To Help You To Decrypt Your File's With the Power Of Christmas Spirit! Santa Needs You To Send $150 Worth Of Bitcoin To The Given Bitcoin Address Below
How Do I Pay? Their Are A Few Links For You To Buy The Bitcoin, Send $150 Worth Of Bitcoin To The Given Address To Decrypt Your FIles
Send $150 Worth Of Bitcoin To This Address:
[34 RANDOM CHARCTERS] [Copy|BUTTON]
[Check Payment|BUTTON] [Decrypt|Button]'

The best protection against the Santa Encryptor Ransomware is to have file backups, either on the cloud or a detachable memory device. Having file backups means that computer users do not need to pay the ransom or interact with the cybercrooks, which nullifies the Santa Encryptor Ransomware attack completely. This, coupled with a reliable security program that is fully up to date, can help computer users recover from these annoying attacks.

SpyHunter Detects & Remove Santa Encryptor Ransomware