Linux.Encoder.1 ransomware free removal and decryption tool

Linux.Encoder.1 ransomware is the first attempt to encrypt linux users. However after all the attention and panic linux ransomware has caused, it’s easy to fix. Calling this virus Linux ransomware is not exactly right. It is not linux security bridge. Linux.Encoder.1 ransomware relies on a security bridge in the Magento web e-commerce platform owned by eBay. What it does is encrypts files on infected web servers. Interesting facts about this is that the decryption tool was not always working, surprisingly because victims were infected multiple times. This means that encryption will perform multiple times and adding multiple set of keys. Which means users have to pay the ransom multiple times of one Bitcoin approximately 600$ depending on the bitcoin value.Linux.Encoder.1 ransomware

So many ransomware were thrown lately to windows and mac users so in the future linux will be no exception. This is the first linux ransomware attack looking to be related with similar behavior like CryptoWall. How does it work is like any other ransomware. After remote attackers Linux.Encoder.1 is executed on the victim’s Linux box by Magento app. Once Trojan executed it looks for the /home, /root and /var/lib/mysql folders and encrypts the content. This virus will also encrypt contents of the root/ only living system files so users can boot up back again. The following file README_FOR_DECRYPT.txt will be crated, which means you are infected, however good news is it’s easy to get rid of this malware. Paying the ransom is not recommended since you can recover the damage easy. False encryption of advanced encryption will make victims more scared, but we can see crucial mistakes. Rather than generating random keys and IVs AES key is generated locally on the victim’s computer. For most of you not familiar with AES, Bitdefender is offering a free script to access your infected server. In fact  Bitdefenders tool works better than the one developed by the cybercriminals and you have a better chance of recovering for free rather than paying.

Linux.Encoder.1 ransomware recovery simply follow the steps below or go to Bitdefenders website to find more info about this.

  1. Download the script from the link above or Bitdefenders website.
  2. (Since the system may be also affected users might need to boot from Linux bootable storage device or USB stick) run the script as root.
  3. Mount the encrypted partition using the mount /dev/[encrypted_partition]
  4. Generate a list of encrypted files by issuing the following command: /mnt# encrypted_partition > sorted_list
  5. Issue a head command to get the first file: /mnt# head -1 sorted_list
  6. Run the decryption utility to get the encryption seed: /mnt# python –f [first_file]
  7. Decrypt everything using the displayed seed: /mnt# python /tmp/new/ -s [timestamp] -l sorted_list

NOTE: The steps above are provided from Bitdefender security researcher. As the steps are very complex for a regular user, Bitdefender provide free support to any user in need of assistance.

  • Name – Linux.Encoder.1
  • Type Spamming – Malware, Ransomware, Trojan Horse
  • Danger Level – High
  • Brief Description – Encrypt files and demand ransom.
  • Symptoms – Poor pc performance or freezing, ransom massages.
  • Method – Via Trojan Horse.

Manual steps to remove ransomware or malware. How to prevent ransomware or malware.

For now, removing ransomware or malware manually will only be able for IT specialists. If you don't know one don't worry. We have a solution for you. Over here we will use Spyhunter to remove the virus. The Spyhunter anti-malware is a collection of programs that can be used to scan for malware and clean infected computers. You can also use full anti-malware program in this case which is the better option because it also offers protection.

How to remove "ransomware or malware"

NOTE: In this option the virus will be removed but the files will remain locked! You have to decrypt your files.
  1. Download Spyhunter anti-malware.
  1. 2.  After program has been downloaded, double-click to open it. User will have to install the program. Click on Spyhunter.exe to start the process.
User Account Control dialog may appear, asking you to allow the following program to make changes to this computer. Click "Yes" or "Run" to proceed with the installation. User can also choose variety of languages. Click Ok and the installation will begin with a welcome massage for Spyhunter. Click Next to continue to the next step. User will also have to accept Spyhunter license agreement by clicking on "I accept the agreement" and click Next. Spyhunter will ask user to read important information provided before continuing. Once done click on next to go to the next step. User can choose where to install the program. By default - C:Program FilesEnigma Software GroupSpyHunter. The process will continue and then Spyhunter will install. The installation process may take awhile, depending on a computer system performance. Once the installation is done, click Finish.
  1. 3. Update the software before scanning. Once program has been updated go to scan. You can choose from a free trial version or activate license. It is recommended to buy full version as the trial will not protect computer system.
  1. 4. The scan process will begin. The scan process may take awhile, depending on a computer system performance.
  1. 5. Once the scan is complete you can choose between delete or quarantine the viruses. The quarantine option is recommended and since the malware is active a reboot will be required to finish process.

Click here for guide of how to uninstall spyhunter.

Decrypt ransomware files.

Good news is that we can now use decryption programs. A lot of security companies like Kasperky lab, bitdefender and more has developed a program that is fully capable of decryption key for ransomware malware. You can find this programs anywhere on the internet but it is strongly suggested to download this programs from official websites. NOTE: It may take a long time for your files to be decrypted depending on your PC performance.