What is Santa Encryptor ransomware? And how does it implement its attack?
Santa Encryptor ransomware is obviously a Christmas-themed ransomware infection which started appearing on December 7 2017. Security experts were already able to analyze this file-encrypting Trojan and found out that it is still under development at the time of writing. Based on the analysis made, the developers of Santa Encryptor ransomware might be trying to implement the XOR encryption into their crypto-malware threat judging by the snippets of code found. There is also no wallet address or email address indicated in the program window of Santa Encryptor ransomware. And once officially released, Santa Encryptor ransomware will target the following file formats:
.PNG .PSD .PSPIMAGE .TGA .THM .TIF .TIFF .YUV .AI .EPS .PS .SVG .INDD .PCT .PDF .XLR .XLS .XLSX .ACCDB .DB .DBF .MDB .PDB .SQL .APK .APP .BAT .CGI .COM .EXE .GADGET .JAR .PIF .WSF .DEM .GAM .NES .ROM .SAV CAD Files .DWG .DXF GIS Files .GPX .KML .KMZ .ASP .ASPX .CER .CFM .CSR .CSS .HTM .HTML .JS .JSP .PHP .RSS .XHTML. DOC .DOCX .LOG .MSG .ODT .PAGES .RTF .TEX .TXT .WPD .WPS .CSV .DAT .GED .KEY .KEYCHAIN .PPS .PPT .PPTX ..INI .PRF Encoded Files .HQX .MIM .UUE .7Z .CBR .DEB .GZ .PKG .RAR .RPM .SITX .TAR.GZ .ZIP .ZIPX .BIN .CUE .DMG .ISO .MDF .TOAST .VCD SDF .TAR .TAX2014 .TAX2015 .VCF .XML Audio Files .AIF .IFF .M3U .M4A .MID .MP3 .MPA .WAV .WMA Video Files .3G2 .3GP .ASF .AVI .FLV .M4V .MOV .MP4 .MPG .RM .SRT .SWF .VOB .WMV 3D .3DM .3DS .MAX .OBJ R.BMP .DDS .GIF .JPG ..CRX .PLUGIN .FNT .FON .OTF .TTF .CAB .CPL .CUR .DESKTHEMEPACK .DLL .DMP .DRV .ICNS .ICO .LNK .SYS .CFG
Santa Encryptor ransomware is set to use the AES 256 encryption algorithm in encoding the targeted files but as per the recently released report, it might only be using XOR cryptography. When it’s done with the encryption process, it opens a program window called “Santa Encryptor” which includes a stylized image of Santa Claus and has an uncanny similarity to the infamous WannaCry ransomware. The program window offers the following text:
“Oop’s Your File’s Have Been Encrypted!
What Happened To Your PC?
Your Important File’s Have Been Encrypted
Many Of Your Documents, Photos, Databases And Other File’s Are No Longer Accessible.
Because They Have Been Encrypted Using AES-256
How Can I Decrypt My File’s?
Your Lucky Santa Is Here To Help You To Decrypt Your File’s
With the Power Of Christmas Spirit! Santa Needs You To Send $150 Worth Of Bitcoin To
The Given Bitcoin Address Below
How Do I Pay?
There Are A Few Links For You To Buy The Bitcoin,
Send $150 Worth Of Bitcoin To The Given Address To Decrypt Your File’s
Send $150 Worth Of Bitcoin To This Address: [34 RANDOM CHARACTERS] [Copy|BUTTON][Check Payment|BUTTON][Decrypt|BUTTON]”
Though it hasn’t been released yet, you should not underestimate this file-encrypting threat as it might be stronger than it looks and its developers might enhance this ransomware even more. So as early as now, you should create backup copies of your important files before it’s too late.
How does Santa Encryptor ransomware proliferate?
Santa Encryptor ransomware is not actively spread yet but it most likely will spread in the near future using malicious spam emails, fake applications or fake software updates, illegal downloads, as well as malicious ads.
Obliterate Santa Encryptor ransomware and all its malicious processes from your computer with the help of the removal guide below.
Step 1: Tap Win + E to open the File Explorer.
Step 2: After opening File Explorer, navigate to the following locations below and look for Santa Encryptor ransomware’s malicious components such as ChristmasPresent.exe as macro-enabled document responsible for installing the crypto-malware on your computer.
- C:\Users\<your username>\AppData\Local\Temp
Step 3: Tap Ctrl + Shift + Esc keys to open the Task Manager.
Step 4: After opening the Task Manager, look for Santa Encryptor ransomware’s malicious process, right click on it and select End Process or End Task.
Step 5: Close the Task Manager and open Control Panel by pressing the Windows key + R, then type in appwiz.cpl and then click OK or press Enter.
Step 6: Look for Santa Encryptor ransomware or any suspicious program and then Uninstall it/them.
Step 7: Close the File Explorer. Before you proceed to the next steps below, make sure that you are tech savvy enough to the point where you know exactly how to use and navigate your computer’s Registry. Keep in mind that any changes you make will highly impact your computer. To save you the trouble and time, you can just use PC Cleaner Pro, this system tool is proven to be safe and excellent enough that hackers won’t be able to hack into it. But if you can manage Windows Registry well, then, by all means, go on to the next steps.
Step 8: Tap Win + R to open Run and then type in regedit in the field and tap enter to pull up Windows Registry.
Step 9: Navigate to the listed paths below and look for the registry keys and sub-keys created by Santa Encryptor ransomware.
- HKEY_CURRENT_USER\Control Panel\Desktop\
- HKEY_USERS\.DEFAULT\Control Panel\Desktop\
Step 10: Delete the registry keys and sub-keys created by Santa Encryptor ransomware.
Step 11: Close the Registry Editor.
Step 12: Empty your Recycle Bin.
Use the antivirus program to make sure that Santa Encryptor ransomware is removed completely from your computer – just follow the instructions below to do so.
Perform a full system scan using SpyRemover Pro. To do so, follow these steps:
- Turn on your computer. If it’s already on, you have to reboot
- After that, the BIOS screen will be displayed, but if Windows pops up instead, reboot your computer and try again. Once you’re on the BIOS screen, repeat pressing F8, by doing so the Advanced Option shows up.
- To navigate the Advanced Option use the arrow keys and select Safe Mode with Networking then hit
- Windows will now load the SafeMode with Networking.
- Press and hold both R key and Windows key.
- If done correctly, the Windows Run Box will show up.
- Type in explorer http://www.fixmypcfree.com/install/spyremoverpro
A single space must be in between explorer and http. Click OK.
- A dialog box will be displayed by Internet Explorer. Click Run to begin downloading the program. The installation will start automatically once a download is done.
- Click OK to launch it.
- Run SpyRemover Pro and perform a full system scan.
- After all the infections are identified, click REMOVE ALL.
- Register the program to protect your computer from future threats.