FileEncrypted ransomware – a dangerous crypto-virus, a latest variant of Cryptgh0st ransomware that demands Bitcoin payment for releasing files. This file locking virus was first spotted by security researchers in late July 2018. The malware infection can be avoided by employing best practices on the web and keeping your computer updated and well protected.
The FileEncrypted ransomware is capable of affecting machines only when its main executable is launched manually. In order to achieve this, hackers often employ various tactics to make the victims initiate this action. The criminals are know to send out malicious payloads inside phishing emails, or even disguise them on file-sharing sites. Thus, being attentive online is important to reduce the risk of infection by this malware.
Once the FileEncrypted virus enters the device, it proceeds to scan and locate personal files. The targeted data types include:
MS Office documents
Image and Video files, etc.
Once the files are selected, the ransomware replaces the original name with random characters and adds the .FileEncrypted extension. For instance, a file named picture.jpg may be changed into isaj14dds.FileEncrypted. The ransomware uses AES-256 to lock up files and adds the FileEncrypted extension.
Once the data is encrypted, the ransomware proceeds to connect to the Command & Control server, that then sends back a unique personal key and also delivers a ransom note file – usually under the title FILES_ENCRYPTED.html or READ_TO_DECRYPT.html. This contains information about what happened to the data and what needs to be done next.
Also included is an email ([email protected]) to contact the hackers as well as a bitcoin wallet address to which the payment of 1BTC is to be made.
Users are asked to pay up the ransom demand to regain access. Cybercrooks usually demand 1 BTC for releasing files, and is stated explicitly in the ransom note: A sample ransom note will contain the below.
YOUR DATA HAS BEEN ENCRYPTED. WE USE A STRONG ALGORITHM.
YOU SEND 1 BTC TO THE FOLLOWING BITCOIN WALLET ADDRESS 1EATMEBVDRmUPjaBeN9hsoj2ffFiUKArma
AFTER PAYMENT EMAIL TO [email protected] WITH YOUR IDENTIFICATION AND THE BITCOIN TRANSACTION ID TO GET THE RECOVER KEY NECESSARY TO DECRYPT FILES
In spite of being pressured, an impacted user should never agree to pay the ransom. Instead they should try and remove the FileEncrypted ransomware. You can always get your data back from backups or through third-party tools (as explained below).
However, it’s best not to try and get rid of the FileEncrypted ransomware manually. The malware infects the computer system in multiple ways and professional help is recommended to restore the full functionality. Anti-virus software such as Malwarebytes Anti Malware or Avast are capable of the task after duly performing a full system scan.
However, all this trouble is unnecessary to protect yourself from dangerous viruses like ransomware. Users are advised to follow these simple security tips:
Beware of spam emails – they might hide ransomware virus inside. Some of them can trick even those who are relatively tech-savvy. Do not ever open attachments or click links inside an email without making sure that they are legitimate.
Use a reliable anti-virus program and keep it updated at all times;
Regularly update your operating system and other installed programs;
Avoid questionable websites and never click on dubious advertisements;
Regularly take backups of your data and store them securely.
These simple rules will help you avoid getting infected with most computer ransomware.