Defend what you create

Other Resources

Close

Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Linux.Encoder.3

Added to the Dr.Web virus database: 2016-01-07

Virus description added:

SHA1:

  • 21e4dc8307109bdd3a31292c655bb4cb152520cd (x86_64)
  • 989750746f58904c377ba7edc22c5dfad3e40855 (UPX, x86_64)
  • cccec1a6ee56741745adac5d190c30cadb7eea5b (x86)
  • f1b8da40feb1abeaa1b7f1322f48f9d96a018a00 (UPX, x86)

Encryption ransomware for Linux written in C using the PolarSSL library. It is an advanced modification of Linux.Encoder.1 and Linux.Encoder.2. However, in this version cybercriminals implemented some other features as well:

  1. Encryption mode is changed to AES-CBC-256.
  2. The Trojan restores dates of files creation or modification to those that were before the encryption.

An encryption key for every file is generated from two buffers: one is permanent and is created based on parameters of an encrypted file; and the other is based on 32 random numbers received by sequential call of the rand() system function.

Doctor Web security researchers have developed a new technique that, in most cases, can help decrypt files compromised by the malware.

News about the Trojan

Curing recommendations


Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number

The Russian developer of Dr.Web anti-viruses
Doctor Web has been developing anti-virus software since 1992
Dr.Web is trusted by users around the world in 200+ countries
The company has delivered an anti-virus as a service since 2007
24/7 tech support

Dr.Web © Doctor Web
2003 — 2021

Doctor Web is the Russian developer of Dr.Web anti-virus software. Dr.Web anti-virus software has been developed since 1992.

2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125124