© Doctor Web
2003 — 2024
Encryption ransomware—Threat № 1
The first encryption ransomware appeared in
2006-2007.
Since January 2009, the number of ransomware versions has increased by about
1900%!
Currently, Trojan.Encoder programs (Cryptolockers) are one of the most dangerous threats for users. This Trojan family includes several thousand modifications.
Since mid-April 2013, Doctor Web's virus laboratory has received more than 40 000 decryption requests to restore files affected by Trojan encoders.
Doctor Web's anti-virus laboratory receives over 40 decryption requests daily.
Trojan.Encoder programs (Cryptolockers) use dozens of different encryption algorithms of users’ files.
For example, it will take
107902838054224993544152335601 years
to simple search a key to restore files compromised by Trojan.Encoder.741.
According to Doctor Web’s statistics, the probability of restoring corrupted files is roughly 1%.
That means that most of user data has been lost for good!
Today criminals demand up to 20 bit coins for decryption.
1bit coin is equal to 6459,54 euros or 7167 dollars.
A demanded ransom can reach 143 340 dollars.
Even if you pay your attacker a ransom, there is no guarantee that you’ll get your data back.
Things can even get rather peculiar. In one situation, a user paid a ransom to their attackers, but their attackers could not decipher the files encrypted by their own Trojan.Encoder (Cryptolocker), and advised the user to seek help… from Doctor Web's technical support service!
Decryption is available free of charge for users of commercial Dr.Web licenses.
In over 90%
of the incidents users launch encryption Trojans on their own computers themselves.
Dr.Web Security Space (versions 9 and 10) comes with a simple solution to the problem of data security—the “Data Loss Prevention” feature.
And, even if a Trojan gets to your files, you will be able to restore them on your own without having to request support from Doctor Web.
Unlike common backup programs, Dr.Web creates and protects backup storage from intruders.
If you are out of luck and your files have been encrypted by the Trojan, contact Doctor Web’s technical support service to decrypt them :
- Do not use the infected computer until you receive instructions from Doctor Web's technicians, even if you need it for your business.
- Do not attempt to reinstall the operating system!
- Do not attempt to remove any files or programs from the disk!
- If you have started a virus scan, do not take any irreversible actions including curing/removing the malware. Consult Doctor Web's specialists before you do anything with the found viruses/Trojans, or at least keep back-up copies of all the discovered malware; they may be necessary to determine the key to decrypting the data.
Visit Legal sеction to learn how to submit a request to Doctor Web’s support service