You cannot be careless even if you are already full of Christmas spirit because cyber criminals are still developing malware. Santa Encryptor Ransomware is one of the newest infections they have developed. It belongs to the group of crypto-malware because it locks files on compromised machines right after the successful infiltration. Just like all other ransomware-type infections, it does that so that it would be possible for crooks to extract money from computer users. To tell you the truth, the version analyzed by researchers at 411-spyware.com did not encrypt a single file, but it is only a question of time when it is fixed and starts working normally because the analysis of its source code has clearly shown that it is set to lock .txt, .doc, .docx, .odt, .pages, and other files with the XOR encryption algorithm. You can find out which version of Santa Encryptor Ransomware you have encountered by closing the window opened on your Desktop (click X in the top-right corner or kill the malicious process via Task Manager) and checking your personal files. If you can access them, it means you are lucky – the version that is still in the development phase has infiltrated your computer. Needless to say, the ransomware infection must be deleted from the system as soon as possible no matter if your files have been encrypted or not. Luckily, the removal of this malicious application will not be a difficult job since it does not create any registry entries and does not drop any additional files on victims’ computers.
Even though our specialists did not see any encrypted files during the analysis of Santa Encryptor Ransomware, they managed to find out more about this malicious application. The first thing they noticed in its source code is that this threat had been programmed to lock users’ personal files with XOR. It should not touch any system files, specialists say, so if this ransomware infection ever slithers onto your computer, you could continue using your PC normally. Also, researchers discovered that Santa Encryptor Ransomware is set to demand a ransom of 150 USD. This amount of money has to be sent by users to the provided Bitcoin address (3GwQqxAy9EtRGxJAGyhuXEAgQCDNtSMovu) if they want to be able to decrypt their files. Never send money to malicious software developers because the chances are high that transferring money to them will not change anything. That is, you could still not access a single file, so if you ever encounter any ransomware infection asking money, you should delete it from your system right away instead of sending the money demanded.
It is hard to say how Santa Encryptor Ransomware is distributed because there are not many users who have encountered this malicious application. It seems that it is not finished yet and thus not distributed actively, but our specialists suspect that it will be spread using well-known distribution methods. Specifically speaking, the chances are high that it will be spread via malicious emails. Also, it might be possible to get it from hacked websites so make sure you are cautious when you surf the web and always download software from sources you know can be fully trusted. Without a doubt, other distribution methods might be adopted too to reach more users, so we cannot promise that you will prevent malware from entering your computer by ignoring suspicious emails and downloading software only from trustworthy sources. We do not try to say here that it is impossible to prevent malicious applications from entering the system. You will not encounter new malware if you install a powerful antimalware tool on your computer. It does not mean that you can start acting carelessly after installing that security application on your system.
Some ransomware infections make a bunch of modifications on compromised machines, but Santa Encryptor Ransomware is not one of them. It did not drop any new files during the analysis. Also, our specialists could not find any new registry keys in the system registry. This suggests that it will be possible to implement the Santa Encryptor Ransomware removal by simply deleting the malicious file (its launcher). Before you do this, you will need to close the red window with the Santa Claus image in the top-left corner first. If clicking X does not make it disappear (which is not very likely), kill the malicious process representing this ransomware infection.
|#||File Name||File Size (Bytes)||File Hash|
|1||Santa Encryptor.exe||239616 bytes||MD5: 4b58d0cb58e33a6e733129487145eb18|
|#||Process Name||Process Filename||Main module size|
|1||Santa Encryptor.exe||Santa Encryptor.exe||239616 bytes|