Trojan.Encoder.6491 Ransomware Variant Proves to Be Failure for Cybercrooks

Recent malware that is touted under the generic techy name of Trojan.Encoder.6491 (Exotic Squad Ransomware) has been masquerading as a ransomware variant originating from Russian attackers. Among ransomware, the botched Trojan.Encoder.6491 variation is the very first to utilize the Google Go (GoLang) programming language.

With high hopes from cybercrooks, who are actively exploiting Trojan.Encoder.6491 (Exotic Squad Ransomware) by infecting machines and then encrypting files to demand a ransom fee, the Trojan.Encoder.6491 threat has ultimately failed.

The failure of Trojan.Encoder.6491, similar to the KillerLocker and Kostya Ransomware, starts and ends with computer security researchers cracking the encryption coding and releasing a free decryptor for victimized PC users. IN itself, releasing ransomware that others are able to crack defeats the primary purpose of the threat extorting money from its victims. In essence, Trojan.Encoder.6491 using the advanced AES algorithm to encrypt and target about 140 different file types is a fundamental waste of efforts put in by its creators.

While ransomware has taken the computer security world by storm, threats like Trojan.Encoder.6491 are watering down the effectiveness of new ransomware in that it computer users no longer have to pay the ransom to restore their encrypted files.

Dr.Web researchers were the first on the scene to discover Trojan.Encoder.6491 and its weak ability to hold true to its file encryption for the purpose of demanding a ransom from victimized computer users. The fundamentals of Trojan.Encoder.6491 uncovered by Dr.Web show that the ransomware takes files and encodes its name using a Base64 algorithm. Afterward, it appends the ENC extension (.enc), which in turn becomes an actual encrypted file. The flaw within the ransomware turns out that users may utilize a key that is provided by Dr.Web to decrypt the files fully.

While Dr.Web remains one of the only providers for a usable decryption key for Trojan.Encoder.6491, there may be other sources that provide a method for decrypting files encrypted by ransomware related to Trojan.Encoder.6491. Until then, we strongly urge computer users to utilize antimalware resources to eliminate the threat of Trojan.Encoder.6491, in addition to using caution when opening spam email attachments, which is the primary method for spreading ransomware.