Eijy ransomware is a type of ransomware that encrypts files. It belongs to the Djvu/STOP ransomware family. The criminals behind this ransomware distribute new versions on a regular basis, with hundreds of variants already available. The versions are mostly identical to one another, but the extensions they append to encrypted files make them distinguishable. The .eijy extension is added by this malware, hence why it’s known as Eijy ransomware. Unless you get your hands on a decryptor, you will not be able to open the encrypted files.
Like the majority of ransomware, Eijy ransomware is designed to encrypt your personal files. All photos, videos, images, documents, and other files will be encrypted and have the .eijy extension. If image.jpg was encrypted, it would become image.jpg.eijy. Encrypted files will be unopenable until they’ve been decrypted first. The _readme.txt ransom note, which is dropped in all folders with encrypted files, explains how to obtain the decryptor. According to the note, the decryptor costs $980, but users who contact the cyber criminals within the first 72 hours would receive a 50% discount. However, paying the ransom isn’t a good idea because it doesn’t ensure you’ll get a decryptor. Ransomware operators are cybercriminals, and there’s nothing to guarantee that they’ll keep their end of the deal.
You can start recovering files as soon as you remove Eijy ransomware from your computer if you have a backup. Because Eijy ransomware is a rather complex infection, you should use anti-malware software to remove it. For those without a backup, waiting for a free Eijy ransomware decryptor to be released is the only option. Until a decryptor is available, make a backup of the encrypted files and store them safely. However, because the Djvu/STOP ransomware uses online keys to encrypt files, developing a decryptor for its versions is challenging. This means that each user’s key is unique, and a universal decryptor is unlikely unless all keys are released. It’s not impossible, though, that a free Eijy ransomware decryptor may be released in the near future.
How does ransomware infect computers?
Malware infections, including ransomware, are spread via torrents, email attachments, malicious ads, vulnerabilities, etc. If you have good online habits (e.g. you do not open random email attachments from unknown senders), you will have a much lesser chance of encountering malware. If your bad browsing habits have led to malware infections in the past, you need to develop better habits.
Malicious actors often distribute malware via email attachments. They purchase the recipients’ email addresses from hacker forums and send them emails that contain malicious attachments. So if your email address has been leaked before, you’re likely to receive malicious emails. They are, fortunately, quite easily recognizable. Malicious senders often pretend to be from legitimate companies whose services you use to trick you into lowering your guard. However, such emails are often full of grammar/spelling mistakes, which immediately seem out of place when the sender claims to be from a big company. Legitimate emails from legitimate senders will rarely contain grammar/spelling mistakes because they look unprofessional. But whether it’s because malicious senders are not fluent English speakers or they just do not care enough to put the effort in, malicious emails are always full of mistakes. Furthermore, malicious emails usually address users with generic words like User, Member, Customer, etc. Legitimate senders from companies whose services you use will address you by name but since malware distributors do not have your personal information, they’re forced to use generic words. It’s worth mentioning that malicious email campaigns can be more sophisticated. Therefore, we recommend scanning all unsolicited email attachments with anti-virus software or VirusTotal before opening them.
Torrents are also often used for malware distribution. Because torrent websites are often poorly regulated, malicious actors often upload torrents with malware in them. It’s very common to find malware in torrents for entertainment content, mostly movies, TV series, and video games. This, as well as the fact that downloading pirated content is essentially stealing, is why it’s not recommended to use torrents for pirating.
Eijy ransomware removal
Because ransomware is a very complex malware infection that requires professional software to remove, do not try to delete Eijy ransomware manually. You could accidentally cause additional damage to your computer, as well as miss some crucial ransomware components if you’re not sure about what to do. Use anti-malware software to remove Eijy ransomware from your computer. Once the ransomware is completely gone from your computer, you can connect to your backup and start recovering files.
If you do not have a backup, your only option is to wait for a free Eijy ransomware decryptor to be released. Decryptors for ransomware from the Djvu/STOP ransomware family are difficult to make because they use online keys to encrypt files. However, it’s not impossible that it would be released eventually. So back up your encrypted files and occasionally check legitimate sources like NoMoreRansom for a free Eijy ransomware decryptor.
Eijy ransomware is detected as:
- Win32:BotX-gen [Trj] by AVG/Avast
- Trojan.GenericKDZ.88965 (B) by Emsisoft
- A Variant Of Win32/Kryptik.HPWK by ESET
- Trojan.MalPack.GS by Malwarebytes
- Trojan.GenericKDZ.88965 by BitDefender
- HEUR:Trojan-Spy.Win32.Convagent.gen by Kaspersky
- Artemis!931E7C316EDC by McAfee
- Ransom:Win32/StopCrypt.PBE!MTB by Microsoft