Defend what you create

Other Resources

Close

Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Back to news

Dangerous encryption ransomware spreading via email

March 20, 2015

Russian anti-virus company Doctor Web is warning users about the dangerous encryption ransomware Trojan.Encoder.514 which is being distributed by attackers in mass spam mailings. Unfortunately, it is currently impossible to decrypt files affected by Trojan.Encoder.514.

Over the past few months, attackers have organized many spam campaigns to spread different encryption ransomware versions. For example, last week witnessed a growing number of incidents involving mass mailings of new incoming fax messages with the headline "Incoming Fax Report". Disguised as a fax message, the attached ZIP archive contains a malicious SCR file—a Windows executable. These SCR files are detected by Dr.Web anti-virus software as Trojan.DownLoader11.32458.

screen

If an attempt is made to open the attachment, the malicious program Trojan.DownLoader11.32458 extracts and launches the encryption ransomware Trojan.Encoder.514 on the target machine. The ransomware then encrypts data stored on the disk and demands a ransom for its recovery. Files affected by Trojan.Encoder.514 do not have their filename extension changed, but get the string "!crypted!" appended at the beginning of their names. During the encryption process, the malware creates temporary files with the extension *.cry which are later deleted.

It is currently impossible to decrypt files affected by Trojan.Encoder.514. Doctor Web encourages users to make timely backups of their most valuable data, and to stay vigilant and refrain from opening files attached to emails from unknown senders.

Use Data Loss Prevention to protect your files from encryption ransomware

Only available in Dr.Web Security Space 9 and 10
More about encryption ransomware Configuration presentations tutorial Free decryption

Tell us what you think

You will be awarded one Dr.Webling per comment. To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.


Other comments

The Russian developer of Dr.Web anti-viruses

Doctor Web has been developing anti-virus software since 1992

Dr.Web is trusted by users around the world in 200+ countries

The company has delivered an anti-virus as a service since 2007

24/7 tech support

© Doctor Web
2003 — 2019

Doctor Web is the Russian developer of Dr.Web anti-virus software. Dr.Web anti-virus software has been developed since 1992.

2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125040