Ecovector Ransomware

Ecovector Ransomware is a dangerous threat that can slip onto your operating system without your noticing it and encrypt your personal files in order to take them hostage. We have discovered that this is yet another “green” ransomware variant that is identical to Vegclass@aol.com Ransomware and Green_ray Ransomware. We believe this is a strange way for anyone to raise awareness about climate change or any other nature-related issues. However, this seems to be an important topic for these criminals. Apart from “saving the planet,” though, they are also very much interested in extorting money from you. Therefore, you have to contact these criminals via e-mail to get the details of the ransom fee transfer. If you do not pay, there is a chance that you will have to say goodbye to your files unless you have a recent backup copy on a removable drive. We do not recommend that you pay, though, because you may not get the decryption key after all. The only way to protect your computer is to remove Ecovector Ransomware. But keep in mind that this will not recover your files. Please read our full report to understand the risks and how you can protect your computer from similar attacks.

The most likely way for you to end up with this dangerous Trojan ransomware is to open a spam e-mail that has an executable malicious file disguised as a document, image, or video. Most often criminals pretend that the mail comes from state institutions or reputable companies. It is possible that the subject refers to a fine, an invoice, or a security issue. Whatever this subject is, it has to draw your attention and make you open it and check out the attachment. This is how most Trojan ransomware infections work actually. These threats are very misleading and dangerous. If you want to protect your computer from similar infections, you should only open mails that you are expecting to get. Any unfamiliar ones, you are better off double-checking with the senders. This way you can filter out yourself the ones that may have malicious intentions. What is even more important than opening mails is the downloading of attachments. Even clicking on malicious files can activate a threat; although, usually you need to execute these files to work. All in all, you should delete Ecovector Ransomware the moment you find it on your system even if it is already too late since most probably your files have already been encrypted.

This ransomware uses the RSA-2048 encryption algorithm to cipher your documents, photos, videos, and third-party program files. This could take a very short time since this algorithm is indeed built in in the Windows system. All your targeted files get a “.id-B4500913.Ecovector3@aol.com.xtbl” extension. Once the damage is done, this infection drops "How to decrypt your files.txt" on your desktop and displays its “environment friendly” background image. By this ransom note you are instructed to send an e-mail and three infected files to either Ecovector3@aol.com or Eco_vector@india.com. Criminals usually ask for one or couple of your files to prove that they actually have the decryption key for your files so that you would pay without hesitation. However, experience shows that crooks rarely deliver the decryption key, not to mention the fact that even technical issues may emerge, such as the infection losing contact with the C&C (Command and Control) server. You also need to consider whether the lost files are worth the demanded amount.

The ransom fee is most often asked to be paid in Bitcoins and could range from 100 to 600 USD. When criminals attack corporations and hospitals, this amount can be in the thousands, of course. We have also found that if it is a test run, this fee can be as low as 10 US dollars and mainly Russian regions are targeted then. Ecovector Ransomware is a good example for you to understand the importance of making regular backups of your files on an external drive. Such a copy could save you now. If you have it, you should not rush to transfer it back before you remove Ecovector Ransomware.

It is possible that this infection deletes itself after execution, but it is safer if you check all the possible locations where it may be present. We have included instructions for you below so that you can manually remove Ecovector Ransomware from your system. Keep in mind that this Trojan ransomware has a random name that you need to identify; otherwise, you cannot eliminate it. If you are an inexperienced computer user, you may not be able to do so. Therefore, we recommend that you use a reputable malware removal program that will detect and kill all existing malware infections as well as protect your PC from any future attacks.

Remove Ecovector Ransomware from Windows

1. Press Win+E.
2. Remove the malicious executable file: "%WINDIR%\SysWOW64\[random name].exe" (64-bit!) and "%WINDIR%\system32\[random name].exe"
3. Delete “How to decrypt your files.jpg” and "How to decrypt your files.txt" if found in the following directories:
   %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu
   %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu
   %USERPROFILE%\Microsoft\Windows\Start Menu (Windows XP)
   %APPDATA%\Microsoft\Windows\Start Menu
4. Press Win+R and type in regedit. Click OK.
5. Locate and remove these registry value names:
   HKCU\Control Panel\Desktop\Wallpaper with value data: “C:\Users\user\How to decrypt your files.jpg”
   HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Wallpapers\BackgroundHistoryPath0 with value data: “C:\Users\user\How to decrypt your files.jpg”
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[random name] with value data: “C:\Windows\System32\[random name].exe”
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[random name] with value data: “C:\Users\user\AppData\Roaming\[random name].exe”
6. Restart your PC.