ENCODED Ransomware Asks for Modest Ransom

ENCODED is a type of ransomware that encrypts data and appends the ".ENCODED" extension to filenames.

It also drops a "HOW TO DECRYPT FILES.txt" file, which contains ransom notes, and changes the desktop wallpaper. The ransom note states that files are encrypted using the RSA-1024 algorithm and can only be decrypted by paying a ransom of $120.

Victims must contact datafinder@fastmail.fm for further payment instructions. If no payment is made within a certain number of days, all encrypted files will be deleted permanently, making restoration impossible.

It is important to note that ransomware such as ENCODED can cause serious damage to your computer system and should be taken seriously if encountered. Therefore, it is recommended to take preventive measures such as regularly backing up your data and keeping your antivirus software up-to-date in order to protect yourself from ransomware attacks.

The full ransom note used by the ENCODED ransomware

The full text of the note used by the ENCODED ransomware reads as follows:

All your personal files (photo, documents, texts, databases, certificates, kwm-files, video) have been encrypted by a very strong cypher RSA-1024. The original files are deleted. You can check this by yourself - just look for files in all folders.
There is no possibility to decrypt these files without a special decrypt program! Nobody can help you - even don't try to find another method or tell anybody. Also after n days all encrypted files will be completely deleted and you will have no chance to get it back.
We can help to solve this task for 120$ via wire transfer (bank transfer SWIFT/IBAN). And remember: any harmful or bad words to our side will be a reason for ingoring your message and nothing will be done.
For details you have to send your request on this e-mail (attach to message a full serial key shown below in this 'how to..' file on desktop): datafinder@fastmail.fm

How can ransomware like ENCODED infect your computer?

Ransomware is a type of malicious software that can infect your home computer and encrypt your data, making it inaccessible unless you pay a ransom. Ransomware typically spreads through malicious links or attachments in emails, downloads from untrusted websites, or by exploiting security vulnerabilities in outdated software. Once installed on your computer, ransomware will encrypt all of your files and demand payment for the decryption key. It may also change your desktop wallpaper to display a ransom note with instructions on how to pay the ransom.

It is important to take preventive measures against ransomware attacks such as regularly backing up your data and keeping your antivirus software up-to-date. Additionally, it is important to be cautious when opening emails or downloading files from unknown sources as these could contain ransomware. If you do encounter ransomware on your computer, it is best not to pay the ransom as there is no guarantee that you will receive the decryption key even after paying. Instead, contact an IT professional who can help you remove the malware from your system and restore any encrypted data if possible.

January 18, 2023