Do you know what EnyBeny Ransomware is?
When EnyBeny Ransomware encrypts files, it should add the “.PERSONAL_ID:.Nuclear” extension to those files. That is how it is supposed to work. However, when our team of malware analysts looked at the threat, it did not attach extensions to files because it did not encrypt them in the first place. Despite this, ransom note files were created, and copies were scattered all across the PC to ensure that the victim found them. One of the files was called “Hack.txt,” and the second one was called “Hack.png.” Needless to say, the first file is a text file, and it displays a message. The PNG file also displays a message, but this message is presented in a form of an image. Whether or not your files are encrypted, these TXT and PNG files created by the infection should intimidate you. Hopefully, instead of panicking, you delete EnyBeny Ransomware right away to prevent the threat from doing more harm.
You might not remember when EnyBeny Ransomware entered your operating system. The threat can enter and attack successfully only if it stays hidden, and so it is likely to employ disguises or use security backdoors to slither in without any notice at all. If you do not realize what happened, and you do not remove EnyBeny Ransomware immediately, it should encrypt your personal files right away. When our malware experts researched this infection, its code revealed two things. First of all, the name given by the creators is EnybenyNuclear Ransomware. Second, the code is that of EnybenyCrypt Ransomware, an infection, whose removal we have discussed in the past. It is unknown whether or not these threats were created by the same creator, but if they were, the newer variant must be in development still.
EnyBeny Ransomware screenshot
Scroll down for full removal instructions
Once EnyBeny Ransomware attacks, it does not encrypt files. That is what we observed when looking at the obtained sample. It is possible that the infection will be completed or updated to work efficiently. If that happens, the ransom note should be modified too. At the moment, it informs that the price of the decryptor – that, allegedly, can decrypt files – is 0.00000001 BTC, and that, basically converts to $0. Nonetheless, the ransom note lists brianmaps@gmail.com and amigo_a@india.com, and less careful users might decide to email the attackers. Do NOT do that, unless you want the attackers behind EnyBeny Ransomware to learn your email address and terrorize you in the future. Also, note that even if you pay the ransom, your chances of obtaining a decryptor and then restoring files (if they are encrypted) are slim to none. The JPG file changes the Desktop wallpaper and informs about encryption, but it also warns that “Before eight hours your files a clear,” which means that the threat should delete encrypted files.
Whether or not EnyBeny Ransomware has encrypted your personal files, you want to delete it as soon as possible. You certainly do not want to wait 8 hours because you do not know what could happen then. Hopefully, your files are not encrypted, and you can remove EnyBeny Ransomware without hesitation. If files are encrypted, do not pay the ransom, and start taking better care of your personal files. We strongly recommend backing them up to ensure that you always have backup copies to replace originals. As for the removal, you might have a hard time eliminating the threat manually if you cannot identify the launcher .exe file. Even if you can delete the threat manually, can you secure it against other threats? To ensure complete removal of active threats and protection against all kinds of malware, we strongly suggest implementing a trusted and beneficial anti-malware program.
Delete EnyBeny Ransomware
- Find and Delete the [unknown name].exe that executed the ransomware.
- Delete the ransom note files called Hack.txt and Hack.png.
- Empty Recycle Bin and then quickly perform a full system scan to check if nothing malicious was left behind.
In non-techie terms:
It is crucial to protect the operating system against EnyBeny Ransomware and similar malicious threats because they can put your personal files at risk. If this malware successfully encrypts your files, it might push victims into paying a ransom for a decryptor that might not even exist. Hopefully, if this malware strikes, the victims’ files are backed up, and they can easily replace corrupted files with backups. Of course, removing EnyBeny Ransomware is the priority in this case, and while some might be able to erase this malware manually, we recommend relying on a legitimate anti-malware tool. Once all existing threats are eliminated, the tool will keep protecting you.