My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets



Added to the Dr.Web virus database: 2015-11-16

Virus description added:


  • 14ffe3ef5ccfbbc9a03ebd67d70b7cbf521db3f2
  • 541966dd25ce48a8f54b270b9aed2fba3f021d29
  • 57cf90a1cea89e13c3fd625854dd6b81228796b9
  • aebb9bf852d848e22e8a7bba4d64874c7953460d
  • b45f8f33ff54ece377fad73a8f89857c2bc114ac

Encryption ransomware for Linux written in C using the OpenSSL library. In most ways, it is similar to Linux.Encoder.1. However, in this modification cybercriminals implemented some other features as well:

  1. Does not save access privileges in encrypted file headers.
  2. Employs another pseudorandom number generator.
  3. Instead of PolarSSL, uses the OpenSSL library.
  4. Encrypts files in the AES-OFB-128 mode with context reinitialization every 128 bytes, that is every 8 AES blocks.

Doctor Web security researchers have developed a new technique that, in most cases, can help decrypt files compromised by the malware.

News about the Trojan

Curing recommendations


After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number