.enc Files Virus (ENCRYPTION_DETAILS.TXT) – Remove + Restore Data

.enc File Ransomware (ENCRYPTION_DETAILS.TXT) – Remove and Restore Data

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

This article has been created in order to help you by explaining how to remove the .enc file version of Meine_ransomware_PGP_DANGEROUS from your computer and try to restore files that have been encrypted by it.

A new ransomware infection has been detected by malware researchers to use a combination of strong ciphers to encrypt the files on It’s victims’ computers and then leave behind the .enc file extension as a file suffix. The ransomware virus then leaves behind a ransom note, called ENCRYPTION_DETAILS.txt. In this ransom note it aims to scare victims to visit a custom URL where they are asked to pay ransom in order to recover their encrypted files.

Update October 2019. Our research indicates that the .enc ransomware is once again attacking users, so be careful with opening attached files in emails and downloading from freeware websites.

Threat Summary

Name.enc Files Virus
TypeRansomware, Cryptovirus
Short DescriptionThe .enc files virus encrypts the files on your PC and asks for hefty ransom to be paid in order to restore them back to their working state.
SymptomsThe files on your computer are encrypted after which the malware sets the .enc file extension as a suffix and adds the ransom note ENCRYPTION_DETAILS.txt.
Distribution MethodSpam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by .enc Files Virus


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss .enc Files Virus.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

.enc Files Virus – How Does It Spread

The main method which is used by this variant of Meine Ransomware is believed to be e-mail spam messages that contain deceptive content. The end goal of those e-mails that are sent to victims is to convince them into opening an e-mail attachment or clicking on a web link. To do that, the e-mails often have interesting statements, that make them appear trustworthy, similar to what that example e-mail below shows:

In addition to this, the malware may also come as a result of the hackers uploading a malicious file, posing as a legitimate one the victim might be searching for, like:

  • Setup of a program.
  • Software license activator.
  • Patch.
  • Crack.
  • Key generator.

.enc Files Virus – More Information

Once the .enc version of Meine Ransomware has infected your computer, the virus may start dropping it’s payload on the victim’s computer. The payload may consist of various types of files being dropped on the victim’s PC, primarily in the following Windows directories:

  • %AppData%
  • %Local%
  • %LocalLow%
  • %Roaming%
  • %Temp%

Once the malicious files have been dropped on the victim’s computer, the malware may begin it’s malicious activities. The first one of those is believed to be modifying the following Windows registry sub-keys, responsible for multiple different types of activities, the main of which is to run the malicious file of the .enc virus automatically when you login Windows. The sub-keys targeted for this purpose are believed to be the Run and RunOnce ones, with the following locations:

→ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

In addition to this, the .enc ransomware may also modify the following sub-keys as well:

→ HKEY_CURRENT_USER\Control Panel\Desktop\
HKEY_USERS\.DEFAULT\Control Panel\Desktop\

After having done this, the Meine Ransomware which is believed to be a variant of PGP ransomware virus is reported to possibly delete the shadow volume copies by injecting a script which runs Windows Command Prompt with the following commands in it:

→ process call create “cmd.exe /c
vssadmin.exe delete shadows /all /quiet
bcdedit.exe /set {default} recoveryenabled no
bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures

The ransomware also drops it’s ransom note, called ENCRYPTION_DETAILS.txt and it’s primary goal is to get victims to visit a randomly generated URL which may lead to further ransom instructions. The ransom note has the following message in it:

Your files have been encrypted! Follow this URL
{random google.com URL}
to get the decryption key and the program

The URL is believed to lead to further instructions for decryption where the victim is likely going to pay the ransom.

.enc Files Virus – Encryption Process

In order to encrypt the files on the victim’s computer, this ransomware virus uses a combination of the RSA and AES encryption algorithms. They are used in a way that one cipher encrypts the files on the computer, like:

  • Documents.
  • Videos.
  • Images.
  • Audio files.
  • Video files.
  • Archives.
  • Virtual Drive files.
  • Other files.

The other cipher, which is usually the RSA (Rivest-Shamir-Adleman), which is quite the headache and cannot be solved even by supercomputers aims to encrypt the AES asymmetric decryption key afterwards. After the encryption process has finished, the Meine Ransomware sets the .enc file extension to the encrypted files, making them to appear like the following:

Remove .enc Files Virus and Restore Encrypted Files

To delete this ransomware infection from your computer, security researchers strongly advise using an advanced anti-malware program. It’s primary goal is to help you to effectively delete all of the malicious objects associated with this virus from your PC either manually or automatically. In the scenario that you lack the experience of removing this virus manually or you feel unsure that the virus files may still remain on your PC, be advised that security experts always recommend to use an advanced anti-malware software. It will automatically get rid of Meine Ransomware and make sure that your PC remains protected against future infections as well.

In addition to this, if you want to restore the files encrypted by this ransomware, reccomendations are to follow the alternative file recovery methods underneath in step “2. Restore files, encrypted by .enc Files Virus”. They may not be 100% effective and able to restore all of your files, but may help to recover at least some of them.


Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share