Encryptile Ransomware

Posted by Lisa Blanc on November 2, 2016

What is Encryptile Ransomware?

Encryptile Ransomware is a recently created threat that targets both private and program data. The infection might enter the system after launching a suspicious file and encrypt all photos, documents, and other personal files. Also, if some of your programs cannot be opened that is probably because the malicious program locked their files as well. Since the infection manages to encrypt a wide range of file types, it might do a lot of harm to the user. As a consequence, deleting the malware manually is quite complicated too. The good news is that our specialists found a way to eliminate Encryptile Ransomware and if you want to learn how to delete the malicious application too, you should take a look at the instructions available at the end of the article.testtesttest

Where does Encryptile Ransomware come from?

Based on other similar threats, our specialists at Anti-spyware-101.com think that Encryptile Ransomware could travel with Spam emails. The email should contain an attached file infected with the malware. It is possible that such data might be disguised as invoices, video files, pictures, text documents, and so on. In other words, it may not necessarily look suspicious, which could make it hard to identify it as malicious. Therefore, the next time you receive a file from an unknown source, it would be advisable to scan it with your antimalware tool first. It will take only a minute or a few to scan an attachment, but it can prevent you from launching a harmful infection.

How does Encryptile Ransomware work?

The malicious application installs itself on the system by placing a couple of executable files with a random name. Later it should add two registry entries in the Run or RunOnce keys. As a result, your system should launch the malicious program each time you either restart or turn on the computer. Unfortunately, if you try to restart in a Safe Mode, the infection is also launched. At the same time, Encryptile Ransomware may block some of the system programs, and other software may not run as its data could be encrypted. As it appears to be, the threat targets all folders inside the %HOMEDRIVE% directory except data located in %WINDIR% and a couple of folders in %PROGRAMFILES%.

Besides the program data, this threat should lock your private files, such as photographs, pictures, video files, documents, and so on. You can quickly indicate the data that was locked by an additional extension. Compared to extensions added by other similar malware, Encryptile Ransomware appends a rather specific one. To give you an example, a locked audio file could look like this song.mp3. EncrypTile.mp3. Sadly, the extension cannot be modified or deleted, so there is no way to open already encrypted files.

Lastly, the malware changes user’s background picture, places files with ransom notes or instructions in every folder containing locked data, and opens a separate window. This window provides with payment instructions. The cyber criminals promise to decrypt all data if the ransom is paid. However, we should remind you that doing so might be risky as you cannot know if they would keep up to their promises.

How to erase Encryptile Ransomware?

Removing Encryptile Ransomware manually might appear to be complicated, but you can use the instructions we placed below the article. They will show you how to use Hiren’s BootCD and restart the computer without the malicious application. Just keep it in mind that Hiren’s BootCD should be obtained and placed on a CD or USB drive while using another computer. For further instructions, slide below and check the provided instructions. Once, you get rid of the infection; it is advisable to check the system with a reliable antimalware tool too. That way you would be able to see if you erased the malware completely. Also, the tool could help you clean the system from other possible threats.

Remove Encryptile Ransomware

  1. Burn Hiren’s BootCD to a USB drive or CD.
  2. Connect the USB drive or insert the CD into the infected PC and Restart it.
  3. Boot into the USB drive or CD and select Mini Windows XP.
  4. Click on Hirens BootCD Program Launcher icon available on Desktop.
  5. Choose Registry and select the Registry Editor PE.
  6. Look for the provided directories one by one:
    HKLM\_REMOTE_SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    HKLM\_REMOTE_SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
  7. Locate value names with random titles, e.g. Service Runtime, Unikey Manager, and so on.
  8. Right-click such value names and choose Delete.
  9. Boot up your usual Windows.
  10. Press Windows Key+E to open the Explorer and locate this directory: %LOCALAPPDATA%
  11. Search for suspicious .exe files with random names, e.g. encryptile.exe.
  12. Right-click malicious executable files and press Delete.
  13. Locate and remove .html, .jpg, and .txt files with ransom notes and empty your Recycle bin.
100% FREE spyware scan and
tested removal of Encryptile Ransomware*
Disclaimer
Disclaimer
Trojans

Leave a Comment

Enter the numbers in the box to the right *