A ransomware virus by the name of Simple_Encoder has been detected by cyber-security experts. The ransomware uses the .~(tilde sign) extension to encrypted files. Simple_Encoder also employs the strong AES encryption algorithm. The virus changes the wallpaper of the infected computer with a ransom note, demanding payment for the decryption of the infected files. We advise against paying the ransom. Read this article to find out why.
Name |
Simple_Encoder Ransomware |
File Extensions |
.~ |
Ransom |
0.8 Bitcoins |
Solution #1 |
Simple_Encoder ransomware can be removed easily with the help of an anti-malware tool, a program that will clean your computer from the virus, remove any additional cyber-security threats, and protect you in the future. |
Solution #2 |
Simple_Encoder Ransomware can be removed manually, though it can be very hard for most home users. See the detailed tutorial below. |
Distribution |
The Simple_encoder ransomware virus can spread to PC by e-mail spam. |
Simple_Encoder Ransomware Virus – Methods of Infection
The Simple_encoder ransomware virus can spread to PC by e-mail spam. Cyber-criminals often launch spam campaigns to infect as many users as possible. These e-mails often mimic those of legitimate software, banking, or customer service companies, anything the user might click without thinking too much. Once opened, the email can infect the computer with malicious attachments.
Another way to get infected with ransomware is by clicking on a connection that redirects you to the virus. Browser hijackers often cause this, which makes them even more dangerous.
Simple_Encoder ransomware – In Depth Analysis
Once the system has been breached by the Simple_Encoder ransomware, the virus may create new files. The following Windows system folders are often targeted:
- C:\ Users\ [ Windows username]\ Appdata\ Roaming
- C:\ Users\ [ Windows username]\ Appdata
- C:\ Windows
- C:\ Windows\ Temp
- C:\ User\[Windows username]\ AppData\ Local
The new files may have various names, from legitimate Windows file names, to complete gibberish.
Once the malicious files are made, the ransomware can begin to encrypt your files and add new registry values. The virus does that so it can start on your Windows’ bootup. They may be located in these keys:
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
Simple_Encoder might scan a wide range of files, mainly videos, music, photos, virtual drives, databases, and others. After the virus finds the files it’s looking for, Simple_Encoder encrypts them with the strong AES algorithm. That locks the files, rendering them useless until decryption. The files have the .~ extension after their names, for example, “YourPicture.jpg.~”
The virus will change your desktop wallpaper to the Simple_Encoder ransom note. Here’s the note in its entirety.
“All your system is encrypted.
All your files (documents, photos, videos) were encrypted.
It’s impossible to get access to your files without necessary decrypt key.
All your attempts to solve problem yourself will be unsuccessful!
We suggest you to read some articles about this type of encryption:
https://en.wikipedia.org/wiki/RSA_(cryptosystem)
https://en.wikipedia.org/wiki/Advanced_Encryption_Standard
Now you have two options to solve the problem:
1. Format your hard disk. This way you’ll lose all your files.
2. Pay 0.8 Bitcoin and get key of decryption. At the end of this ad you’ll see your personal ID and our contact information.
Now you should send us email with your personal ID. This email
will be as confirmation you are ready to pay for decryption key.
After payment we’ll send you key of decryption with instructions how to decrypt the system.
Please, don’t send us emails with threats. We don’t read it and don’t reply!
We guarantee we’ll send you the decryption key after your payment so you’ll get access to all your files.
Our e-mail address: [email protected]
YOUR PERSONAL IDENTIFIER: ***”
Simple_Encoder Ransomware Virus – Summary, Removal and File Restoration
If your computer got infected with the virus, you should attempt to remove it completely. Don’t pay the ransom, as that would only aid the cyber-criminals in their future schemes. You can try to remove the malware from your computer by using an anti-malware tool. You can also attempt to delete file-by-file, but that can be a complex and time-consuming process that can also damage from system data if you’re not careful.
How to Remove Malware from Your Computer
Since malware attacks are increasing and users suffer from daily attacks, we have decided to make a tutorial which will help you delete malware, try and restore files in case they are encoded by crypto-viruses and protect yourself in the future as well.
Try to Load Your PC in Safe Mode
For various Windows OS’s:
1) Hit WIN Key + R
2) A Run window will appear. In it, write “msconfig” and then press Enter.
3) A Configuration box shall appear. In it Choose the menu named “Boot”.
4) Choose the Safe Boot preference and then go to Network under it to tick it.
Eliminate the malicious processes
1) hit the following key combination: CTRL+ESC+SHIFT
2) Get over to Processes.
3) Choose the suspicious process if you have found it and then right click it after which click on “Open File Location”.
4) End the malicious process by again right-clicking and choosing “End Process”.
Delete registry objects created by malware.
For all Windows versions:
1) Again type simultaneously the Windows Button + R. key combination.
2) In the type box, write “regedit”(without the inverted comas) and hit Enter.
3) Type the CTRL+F key combination and then write the malicious name in the search type field to locate the malicious executable.
4) In case you have discovered registry keys and values related to the name, you should delete them, but be careful not to delete legitimate keys.
Recover files encrypted by Crypto-Vriuses.
If you want to try recovering files yourself, you have several options:
Option One: By using Windows’s System Restore
1) Hit the Windows Button + R. key combination.
2) After the “Run” Window pops up, write “rstrui” and hit on the Enter button.
3) Choose a restore point and continue.
IMPORTANT: If you want to be more effective, we strongly suggest booting in safe mode if you are to do this!
Option Two: By using Windows’s Shadow Volume Copies
To access shadow volume copies you may require a program, like Shadow Explorer. Install it open it and make it scan for shadow copies. If you have them enabled, this method will work, in case the crypto-virus has not deleted them.
Option Three: By using various Recovery Software
This option will not ensure maximum effectiveness and recovery rate but still, you may restore several files. Most data recovery programs are available for free online, simply Google “Data Recovery Software”.
Prevent viruses from damaging your files in the future.
To protect your important data we suggest that you store it in the cloud. Programs that makes online backup possible also enable you to schedule auto backup on different time periods and this way, even if you lose your data, you can find it uploaded in securely encrypted account, access to which only you have.
SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter