Linux.Encoder.1 ransomware free removal and decryption tool
Linux.Encoder.1 ransomware is the first attempt to encrypt linux users. However after all the attention and panic linux ransomware has caused, it’s easy to fix. Calling this virus Linux ransomware is not exactly right. It is not linux security bridge. Linux.Encoder.1 ransomware relies on a security bridge in the Magento web e-commerce platform owned by eBay. What it does is encrypts files on infected web servers. Interesting facts about this is that the decryption tool was not always working, surprisingly because victims were infected multiple times. This means that encryption will perform multiple times and adding multiple set of keys. Which means users have to pay the ransom multiple times of one Bitcoin approximately 600$ depending on the bitcoin value.
Since malware virus creates variety of malicious modified registry entries and different files, we strongly advise you to use anti-malware tool. Removing the virus manually requires high computer skills and knowledge.>>Click here to download free anti-malware removal tool.<<
So many ransomware were thrown lately to windows and mac users so in the future linux will be no exception. This is the first linux ransomware attack looking to be related with similar behavior like CryptoWall. How does it work is like any other ransomware. After remote attackers Linux.Encoder.1 is executed on the victim’s Linux box by Magento app. Once Trojan executed it looks for the /home, /root and /var/lib/mysql folders and encrypts the content. This virus will also encrypt contents of the root/ only living system files so users can boot up back again. The following file README_FOR_DECRYPT.txt will be crated, which means you are infected, however good news is it’s easy to get rid of this malware. Paying the ransom is not recommended since you can recover the damage easy. False encryption of advanced encryption will make victims more scared, but we can see crucial mistakes. Rather than generating random keys and IVs AES key is generated locally on the victim’s computer. For most of you not familiar with AES, Bitdefender is offering a free script to access your infected server. In fact Bitdefenders tool works better than the one developed by the cybercriminals and you have a better chance of recovering for free rather than paying.
Linux.Encoder.1 ransomware recovery simply follow the steps below or go to Bitdefenders website to find more info about this.
- Download the script from the link above or Bitdefenders website.
- (Since the system may be also affected users might need to boot from Linux bootable storage device or USB stick) run the script as root.
- Mount the encrypted partition using the mount /dev/[encrypted_partition]
- Generate a list of encrypted files by issuing the following command: /mnt# sort_files.sh encrypted_partition > sorted_list
- Issue a head command to get the first file: /mnt# head -1 sorted_list
- Run the decryption utility to get the encryption seed: /mnt# python decrypter.py –f [first_file]
- Decrypt everything using the displayed seed: /mnt# python /tmp/new/decrypter.py -s [timestamp] -l sorted_list
NOTE: The steps above are provided from Bitdefender security researcher. As the steps are very complex for a regular user, Bitdefender provide free support to any user in need of assistance.
- Name – Linux.Encoder.1
- Type Spamming – Malware, Ransomware, Trojan Horse
- Danger Level – High
- Brief Description – Encrypt files and demand ransom.
- Symptoms – Poor pc performance or freezing, ransom massages.
- Method – Via Trojan Horse.
Manual steps to remove ransomware or malware. How to prevent ransomware or malware.For now, removing ransomware or malware manually will only be able for IT specialists. If you don't know one don't worry. We have a solution for you. Over here we will use Malwarebytes to remove the virus. The Malwarebytes anti-malware is a collection of programs that can be used to scan for malware and clean infected computers. You can also use full anti-malware program in this case which is the better option because it also offers protection.
How to remove "ransomware or malware"NOTE: In this option the virus will be removed but the files will remain locked! You have to decrypt your files.
- Download Malwarebytes anti-malware.
- 2. After program has been downloaded, double-click to open it. User will have to install the program. Clik on Malwarebytes.exe to start the process.
- 3. Update the software before scanning. Once program has been updated go to scan. You can choose from a free trial version or activate license. It is recommended to buy full version as the trial will not protect computer system.
- 4. The scan process will begin. The scan process may take awhile, depending on a computer system performance.
- 5. Once the scan is complete you can choose between delete or quarantine the viruses. The quarantine option is recommended and since the malware is active a reboot will be required to finish process.