Trojan.Encoder.94
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 90 % (High) |
| Infected Computers: | 8 |
| First Seen: | April 20, 2012 |
| Last Seen: | March 3, 2021 |
| OS(es) Affected: | Windows |
The Trojan.Encoder.94 Trojan is a dangerous malware infection which can detect music, text, video and other types of files on the victim's computer and then encrypts them with a simple encryption algorithm. This Trojan infection seems to have a particular predilection for Microsoft Office files. Trojan.Encoder.94 demands payment of a fifty Euro or British Pound ransom in exchange for the decryption of the infected files. This payment, like with most ransomware infections, is demanded via Ukash or PaySafeCard, a money transfer service similar to Western Union or PayPal.
While in its initial stages, this malware threat was mainly confined to Russia and Eastern Europe, and by the second week of April, Trojan.Encoder.94 had spread to various countries in Western Europe. As of the writing of this report, Trojan.Encoder.94 Trojan attacks have been detected in various countries in South America, and Trojan.Encoder.94 seems to have gained further hold in countries in the European Union. The earliest versions of Trojan.Encoder.94 included an interface that was written in Cyrillic characters. However, ESG security researchers have now detected the spread of versions of Trojan.Encoder.94 with a menacing message written in English. ESG malware analysts have detected five distinct versions of Trojan.Encoder.94, using five different messages in English. While they use the same attack pattern and encryption algorithm, they differ in each Trojan's particular decryption key.
Preventing and Dealing With a Trojan.Encoder.94 Trojan Attack
If your PC has become infected with Trojan.Encoder.94, there are several steps you can do to restore your computer system to normal without having to pay the criminals behind this malware attacker. First of all, avoid reinstalling your operating system. You should also avoid deleting your encrypted files or try to restore the encrypted files without professional support. While PC security researchers have managed to decrypt files encoded using Trojan.Encoder.94, most security programs still are not capable of restoring encrypted files, only of removing Trojan.Encoder.94 from the infected computer system. To restore your files, it will usually be necessary to contact the technical support department of your security software provider and to request this service, which should be free of charge in most cases. Usually, the technicians will require that you send them a text or Microsoft Office file that was encrypted by Trojan.Encoder.94 along with your request.
