FOR CUSTOMERS

Close

Library
My library

+ Add to library

Search
Search

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

A query form

Call us

+7 (495) 789-45-86

Forum

Your tickets

New ticket

Call us

+7 (495) 789-45-86

Profile

EN

RU CN DE EN ES FR IT JP KZ UZ PL BY
Close
Support services
Scanners
Dr.Web vxCube
Trial
VCI investigations
Virus library
Knowledge base

Technologies

Terminology

Training and education

Myths

News

Linux.Encoder.2

Added to the Dr.Web virus database: 2015-11-16

Virus description added:

SHA1:

  • 14ffe3ef5ccfbbc9a03ebd67d70b7cbf521db3f2
  • 541966dd25ce48a8f54b270b9aed2fba3f021d29
  • 57cf90a1cea89e13c3fd625854dd6b81228796b9
  • aebb9bf852d848e22e8a7bba4d64874c7953460d
  • b45f8f33ff54ece377fad73a8f89857c2bc114ac

Encryption ransomware for Linux written in C using the OpenSSL library. In most ways, it is similar to Linux.Encoder.1. However, in this modification cybercriminals implemented some other features as well:

  1. Does not save access privileges in encrypted file headers.
  2. Employs another pseudorandom number generator.
  3. Instead of PolarSSL, uses the OpenSSL library.
  4. Encrypts files in the AES-OFB-128 mode with context reinitialization every 128 bytes, that is every 8 AES blocks.

Doctor Web security researchers have developed a new technique that, in most cases, can help decrypt files compromised by the malware.

News about the Trojan

Curing recommendations

Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number