Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Enjey Ransomware – Remove It and Restore .Enjey Files

The article will help you remove Enjey ransomware efficiently. Follow the ransomware removal instructions at the bottom of this article.

Enjey is a ransomware cryptovirus. Malware researchers see a relation to the RemindMe ransomware and it might be based on it, too. Your files will become encrypted and the Enjey cryptovirus will leave a ransom message with demands for payment. Keep on reading below to see how you could try to restore some of your data.

Threat Summary

NameEnjey
TypeRansomware
Short DescriptionThe ransomware encrypts files on your computer and demands payment for unlocking them.
SymptomsThe ransomware will encrypt your files and put the extension .enjey after it completes its encryption process.
Distribution MethodSpam Emails, Email Attachments
Detection Tool See If Your System Has Been Affected by Enjey

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss Enjey.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

Enjey Ransomware – Infection

Enjey ransomware could spread its infection via different methods. The payload file that initiates the malicious script for this ransomware, which in turn infects your computer machine, is circling the Internet and a malware sample has been found by malware researchers. You can see the VirusTotal detections for different security programs of that sample by checking the screenshot below:

Enjey ransomware might also distribute its payload file on social media websites and networks for file-sharing. Freeware that is found on the Web could be presented as useful but at the same time could hide the malicious script for the cryptovirus. Refrain from opening files just as you have downloaded them, especially if they come from suspicious sources such as links or e-mails. Instead, you should scan them beforehand with a security tool, while also checking the size and signatures of these files for anything that seems out of the ordinary. You should read the tips for ransomware prevention topic in our forum.

Enjey Ransomware – Overview

Enjey ransomware is also a cryptovirus. Some malware researchers think that the virus is related or based on the RemindMe ransomware virus. Major similarities in the ransom note can be seen as well. Files will get encrypted with a custom-made extension, that ends in .enjey, while also containing the contact e-mail inside it.

Enjey ransomware could make entries in the Windows Registry to achieve persistence, launch and repress processes in Windows. Some entries are designed in a way that will start the virus automatically with each launch of the Windows Operating System, such as the example given right here below:

→“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run”

The ransom note will show up after the encryption process is complete. The note is written in English and gives details about what the ransom is, along with other instructions about what it will take to restore your files. The note is inside a file named README_DECRYPT.txt ransomware developers. You can view the ransom message that loads after file encryption down here:

That ransom note reads the following:

//============================================= [ ENJEY CRYPTER ] =============================================\
Hello, your personal identity:
All of your documents, photos, databases and other important data has been encrypted.
To get a decoder, please contact me by e-mail: [email protected]
In the message write the following: ‘ ‘ Hey, I need a decoder + your personal identifier ‘ ‘
You will receive Bitcoin wallet, which will need to pay.

If you have no Bitcoin wallet
– Create a Bitcoin wallet https://blockchain.info/wallet/#/signup~~dobj
– Buy cryptocurrency.
– Https://en.bitcoin.it/wiki/Help:FAQ (for beginners),
Attention!
– Do not try to do something on their own, you can lose all your data!
– Do not rename all files are encrypted!
\>//============================================= [ ENJEY CRYPTER ] =============================================//

The note of the Enjey ransomware states that your files are encrypted and to get them back you have to pay in Bitcoin. You should NOT in any circumstance pay these cybercriminals. Your files may not get restored, and nobody could give you a guarantee for that. Furthermore, giving money to these criminals will likely motivate them to create more ransomware or do other criminal activities.

Enjey Ransomware – Encryption Process

A list with file extensions that the Enjey ransomware seeks to encrypt is not available yet. However, the article will get duly updated if such one is found. The extensions which are most likely to get encrypted are the following:

→.7z, .bmp, .doc, .docm, .docx, .html, .jpeg, .jpg, .mp3, .mp4, .pdf, .php, .ppt, .pptx, .rar, .rtf, .sql, .tiff, .txt, .xls, .xlsx, .zip

Every file that gets encrypted will receive the same extension appended to each one of them, and that is .enjey or more precisely, the .[email protected] extension.

The Enjey cryptovirus is quite likely to delete the Shadow Volume Copies from the Windows operating system by utilizing the following command:

→vssadmin.exe delete shadows /all /Quiet

Read on through and check out what type of ways you can try to potentially restore some of your data.

Remove Enjey Ransomware and Restore Your Files

If your computer got infected with the Enjey ransomware virus, you should have a bit of experience in removing malware. You should get rid of this ransomware as quickly as possible before it can have the chance to spread further and infect other computers. You should remove the ransomware and follow the step-by-step instructions guide provided below.

Manually delete Enjey from your computer

Note! Substantial notification about the Enjey threat: Manual removal of Enjey requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove Enjey files and objects
2.Find malicious files created by Enjey on your PC

Automatically remove Enjey by downloading an advanced anti-malware program

1. Remove Enjey with SpyHunter Anti-Malware Tool and back up your data
2. Restore files encrypted by Enjey
Optional: Using Alternative Anti-Malware Tools

Berta Bilbao

Berta is the Editor-in-Chief of SensorsTechForum. She is a dedicated malware researcher, dreaming for a more secure cyber space.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.