How to easily defeat Linux Encoder ransomware: If you’re staring at your server in horror and far too many of your files are encrypted by an attacker and your directories all have a file entitled “README_FOR_DECRYPT.txt,” congratulations, you’ve got it. It appears that about 2,700 red-faced website administrators have Linux.Encoder on their servers.
The good news is it’s easy to get rid of.
You could, of course, pay the ransom fee of one Bitcoin, $325 at the moment. I do not recommend you do this. Besides just encouraging ransomware programmers, the crook’s fix doesn’t work well. Security expert Brian Krebs reports that one system administrator who paid up, got his files back but, the “decryption script that puts the data back … somehow … ate some characters in a few files, adding like a comma or an extra space … to the file.”
So, I don’t care how desperate you are, paying the ransom is a dumb move.
You can also have Dr. Web, the Russian security company, that discovered Linux.Encoder, try to recover your files for you. This service is only available to Dr. Web commercial programs subscribers. These programs are Dr. Web Security Space or Dr. Web Enterprise Security Suite.