FANDOM


Trojan.Encoder.6491 is a trojan that encrypts files. It wasn't really successful unlike most ransomware.

Payload

Transmission

It is distributed in the form of Windows_Security.exe file.

Infection

Trojan.Encoder.6491 ransomware uses the same technique and locks the files with advanced encryption standard (AES cipher). The virus encrypts files by file extensions they have, and it targets more than 140 different file types. Once it finds target file, encrypts it and appends a .enc file extension to it.

Trojan.Encoder.6491 malware does not only append new file extension but also distorts the filename by applying the Base64 algorithm. This modification does not allow the victim to identify corrupted files.

After applying all changes to victim’s files, the virus displays a ransom note, which contains all information about the data encryption and decryption processes. The victim is asked to pay around 25 USD in Bitcoins, which is 0.052300 BTC. There is also an e-mail provided at the end of the note for those who have any questions – helpmedecrypt@protonmail.com.

Community content is available under CC-BY-SA unless otherwise noted.