EncrypTile Ransomware Data Recovery

What is EncrypTile Ransomware?

EncrypTile ransomware is a type of malware that encrypts files on your computer and demands a ransom for the decryption key. This ransomware is relatively new, first appearing in early 2017. EncrypTile targets businesses and individuals alike and can cause significant financial damage. Attackers spread EncrypTile through email attachments and malicious websites. Once it’s on your system, it will scan for specific file types to encrypt. Encrypted files will have the “.encrypted” extension added to them. The EncrypTile ransomware will also drop a text file named “README_FOR_DECRYPTION.txt” which contains instructions on how to pay the ransom and decrypt your files.

How much is the ransom?

The EncrypTile ransomware demands a ransom of 1 Bitcoin. The EncrypTile developers threaten to delete the decryption key if you do not make payment within 7 days. They also warn that the price will double after 7 days.

What encryption methods does EncrypTile use?

EncrypTile uses the RSA-2048 and AES-256 algorithms to encrypt files. This makes it very difficult to decrypt files without the encryption key.

What types of files does EncrypTile encrypt?

EncrypTile will encrypt a wide variety of files, including documents, images, videos, and more. The full list of file extensions that EncrypTile targets are:

.3g2, .3gp, .7z, .accdb, .aes, .arc, .asc, .asf, .asmx, .avi, .backup, .bak, .bmp, .brd, .cgm ,.class ,.cmd ,.cpp ,.cs ,.csv ,.djvu,.dbf,.dch,.der,.dif,.diff,.doc,.docm,.docx ,.dwg,,.

History

The EncrypTile ransomware first appeared in early 2017. We believe it to be a variant of the Encryptor RaaS (Ransomware-as-a-Service) which first appeared in late 2016. Encryptor RaaS is a type of ransomware that allows anyone to create their version of the malware and distribute it. This makes it very difficult to track down the attackers behind EncrypTile.

What was the biggest EncrypTile ransomware attack?

In May 2017, EncrypTile ransomware attacked the City of Farmington, New Mexico. Over 10,000 files were encrypted, causing significant disruption to city operations.

The city did not pay the ransom and is still working on recovering its data.

What should you do?

We do not recommend paying the ransom, as there is no guarantee that you will receive the decryption key. Additionally, EncrypTile has been known to encrypt backups, making it impossible to recover your files without paying the ransom. The best way to protect yourself from EncrypTile is to have a reliable backup system in place. That way, if your computer does get infected, you can simply restore your files from backup and avoid having to pay the ransom.

How can I remove EncrypTile from my computer?

If attackers infected your computer with EncrypTile, you should run a reputable anti-malware program to remove it. Malwarebytes Anti-Malware is known to be effective at removing this ransomware.

Is there a public decryption tool for EncrypTile?

Yes, The No More Ransom Project has released a free decryption tool for EncrypTile.

This tool will only work if you have not rebooted your computer after the ransomware has encrypted your files. If you have rebooted, the decryption tool will not work.

Contact a data recovery service

If you have rebooted your computer and the decryption tool does not work, you will need to contact a data recovery service. These services specialize in recovering data from encrypted files. They usually require you to send them a sample of the encrypted file so that they can determine the encryption key. Once they have the key, they will be able to decrypt your files.

SalvageData is a reputable data recovery service that offers free quotes and has experience with EncrypTile. Contact us right now!