In our discussion of ransomware evolution, we have talked about the two major types of ransomware i.e. the ones that carry out extensive encryption activity on the targeted devices and the ones that only work at a superficial level and just lock the screen of the affected device.
There are many cybersecurity experts who constantly and actively look for cryptovirological strains on in the cyberspace in order to immediately devise their ransomware removal solutions. A team of such malware hunters has recently detected a screen locker that goes with the name EncryptedBatch.
EncryptedBatch Doesn’t Perform Any Encryption
EncryptedBatch is a locker ransomware so its malicious activity doesn’t involve any encryption. Instead, it makes changes in the Windows Registry files due to which a screen appears on the desktop whenever users open the affected device. According to the note written on the lock screen, EncryptedBatch encrypts all the files on the affected device and appends them with these extensions: Encrypted0, Encrypted1, Encrypted2.
Security experts have confirmed that it’s just a trick played by its operators to lure impressionable and least tech familiar users in their trap. They are trying to capitalize on the frightening reputation of cryptovirological scripts to rip off the victims. In actual, EncryptedBatch malware is just a screen locker where every file remains in its original unencrypted form below the locked desktop.
An Incomplete Ransom Note
The note that appears on the screen after EncryptedBatch infection seems to be incomplete. The attackers haven’t mentioned the amount of ransom, nor have they provided their contact ID for further correspondence. So it’s not clear what the actual motive of EncryptedBatch operators is. Some experts think that it’s just a prank played out by some ambitious youngsters with the penchant of coding and hacking.
EncryptedBatch Infection is Still Serious
Notwithstanding the fact that no encryption is involved, EncryptedBatch infection shows that the targeted device is exposed to malicious cyber attacks. In the case of EncryptedBatch or any other screen locker infection, it is recommended to practice the same diligence as a cryptovirological attack. Ask for the help of professional ransomware removal experts to disinfect your device. Also, beef up the security of the device following the attack.
Infected Executables Files
Like fully fledged cryptovirological scripts, screen locker developers also use executable files to pack the malicious code. They also use the same delivery methods of phishing and compromised web domains to distribute the payload among the targeted devices.
It’s a safe internet practice to not open any attachment sent from an unknown ID. Also, refrain from surfing on untrustworthy web domains and never download any executable file from a site without the ‘https’ protocol.