Remove Enc1 Ransomware (+_Enc1 File Recovery)

How to Remove Enc1 Ransomware?

Readers recently started to report the following message being displayed when they boot their computer:

Ooops. your important files are encrypted.
If you see this text, then your files are no longer accessible,
because they
have been encrypted.Perhaps you are busy looking for a way to recover your
files, but don’t waste your time. Nobody can recover your files without our
decryption service.
We guarantee that you can recover all your files safely and easily.All you
need to do is submit the payment and purchase the decryption key.
Do not try to recover your files on your own or with someone else,
because after the intervention you can remain without your data forever.
Please follow the instructions :
1.Contact us at e-mail: zazakuku@protonmail.com
or bitmessage: BM-2cVs4XGzzFtA7wiM6TPDnohTKh47vvCS1k
2.Get your KEY and IV
3.Have a Nice Day
Key: tWEY8zHJabpyNapKGHcFR***A6zDo=
IV: 67+TjI1EikzpMpONPOI8Og==

Enc1 is the name of the latest ransomware threat, plaguing the web. Users have come to call it so, because of the extension it appends, upon encryption. Confused? Let’s explain. Ransomware tools are nasty cyber threats that slither into your PC via trickery. Then, once inside, spread their nastiness and corruption. They encrypt all the data, you keep on your computer. Lock it by attaching an extension at the end of each file. In the case of Enc1, that extension is ‘_enc1.’ Once they add it, your files get rendered inaccessible. Moving or renaming them changes nothing. The only way to free them of the infection’s hold is via compliance. Upon completing the encryption, the tool leaves you a ransom note. It’s a text file, called ‘decrypt_.txt.’ It’s brief and to the point. It explains your predicament, how you’ve fallen victim to a ransomware. And, how your only way out, is by paying a ransom. When you pay the ransom, the cyber kidnappers will send you a decryption key. Apply it, and your files are free. They promise it’s that simple! They even “guarantee that you can recover all your files safely and easily.” But, here’s the thing. Simply stating ‘we guarantee’ guarantees nothing. You have no proof payment will do anything. Well, aside from lose you money. Don’t put your faith into cyber extortionists with malicious intentions. They don’t care for anything other than make money off of your naivety. If you rely on them to keep their word, you will get disappointed.

How did I get infected with?

Infections, like Enc1, turn to the usual antics to invade. They use freeware and fake updates to conceal their presence. As well as, corrupted links, sites or torrents. They have a myriad of methods, they can use to slip by you unnoticed. But, they can only do that, if you let them. The infection relies on your carelessness. If you’re careless, it can slither past you, unnoticed. If not, you can catch it in the act, and prevent its successful invasion. Always make sure to do your due diligence. Read terms and conditions, double-check everything, and look for the fine print. Don’t give into naivety. That’s what these tools count on. Among the most common means of invasion, are spam emails. Say, you get one that seems to be legitimate. It appears to come from a well-known company like Amazon. And, it urges you to click a specific link, or download an attachment. It may claim that you need to do so, to confirm an order, and check an invoice or receipt. Whatever it feeds you, don’t buy it. Caution helps you to spot such deceptions. Don’t fall for the trickery of ransomware. Remember! Vigilance can save you a ton of money.

Why is Enc1 dangerous?

With its ransom note, the Enc1 tool, tries to make sure you know that resistance is futile. It stresses that the ONLY way to recover your data, is to comply. That, turning to the help of others, will achieve nothing. They even add that, if you did try that, “you can remain without your data forever.” These promises and guarantees are worth nothing. Even if you comply to the fullest, what’s to say you’ll get your data back? Think about it. Examine your options. Say, you pay the ransom, and await contact from the cyber kidnappers. What if they don’t reach out at all? What if they don’t send you the promised decryption key? And, even if they send one, what if it’s the wrong one? There are many ways for these people to double-cross you. So, save your money! But even if everything goes well and, you pay and get the key, what then? You paid money to remove the encryption. Not the infection that did the encryption. You got rid of a mere symptom. The ransomware remains on your PC, ready to strike again, and put you back to square one. Whichever way you look at it, you lose. Either your data, money, or both. Make the tough, but right call, and do not pay these people.

Enc1 Removal Instructions

STEP 1: Kill the Malicious Process

STEP 2: Reveal Hidden Files

STEP 3: Locate Startup Location

STEP 4: Recover Enc1 Encrypted Files

STEP 1: Stop the malicious process using Windows Task Manager

• Open your task Manager by pressing CTRL+SHIFT+ESC keys simultaneously
• Locate the process of the ransomware. Have in mind that this is usually a random generated file.
• Before you kill the process, type the name on a text document for later reference.

• Locate any suspicious processes associated with Enc1 encryption Virus.
• Right click on the process
• Open File Location
• End Process
• Delete the directories with the suspicious files.
• Have in mind that the process can be hiding and very difficult to detect

STEP 2: Reveal Hidden Files

• Open any folder
• Click on “Organize” button
  
• Choose “Folder and Search Options”
• Select the “View” tab
• Select “Show hidden files and folders” option
• Uncheck “Hide protected operating system files”
• Click “Apply” and “OK” button

STEP 3: Locate Enc1 encryption Virus startup location

• Once the operating system loads press simultaneously the Windows Logo Button and the R key.

• A dialog box should open. Type “Regedit”
• WARNING! be very careful when editing the Microsoft Windows Registry as this may render the system broken.

Depending on your OS (x86 or x64) navigate to:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

• and delete the display Name: [RANDOM]

• Then open your explorer and navigate to:

Navigate to your %appdata% folder and delete the executable.

You can alternatively use your msconfig windows program to double check the execution point of the virus. Please, have in mind that the names in your machine might be different as they might be generated randomly, that’s why you should run any professional scanner to identify malicious files.

STEP 4: How to recover encrypted files?

• Method 1: The first and best method is to restore your data from a recent backup, in case that you have one.

• Method 2: File Recovery Software – Usually when the ransomware encrypts a file it first makes a copy of it, encrypts the copy, and then deletes the original. Due to this you may try to use file recovery software to recover some of your original files.
• Method 3: Shadow Volume Copies – As a last resort, you can try to restore your files via Shadow Volume Copies. Open the Shadow Explorer part of the package and choose the Drive you want to recover. Right click on any file you want to restore and click Export on it.