ETHAN ransomware is a highly destructive malware strain that belongs to the MedusaLocker ransomware family. It encrypts victims’ files, appends the .ETHAN extension, and demands payment for decryption. The cybercriminals behind ETHAN also threaten to leak stolen sensitive data if the ransom is not paid within 72 hours.
Victims are presented with a ransom note in an HTML file named “READ_NOTE.html”, which instructs them to contact the attackers via email or QTox chat. The ransomware uses RSA and AES encryption algorithms, making it nearly impossible to recover files without the attacker’s intervention.
ETHAN Ransomware: Threat Summary
| Feature | Details |
|---|---|
| Name | ETHAN Ransomware |
| Threat Type | Ransomware, Crypto Virus, File Locker |
| File Extension | .ETHAN |
| Ransom Note File Name | READ_NOTE.html |
| Contact Emails | fortisram@zohomail.eu |
| Cybercriminal Communication | QTox chat |
| Detection Names | Avast (Win64:RansomX-gen [Ransom]), Combo Cleaner (Gen:Variant.Tedy.670488), ESET-NOD32 (A Variant Of Win64/Filecoder.MedusaLocker.A), Kaspersky (HEUR:Trojan-Ransom.Win32.Generic), Microsoft (Ransom:Win64/MedusaLocker) |
| Symptoms of Infection | Files are encrypted with .ETHAN extension, ransom note appears, wallpaper changes, files become inaccessible, ransom demands for decryption, threat to leak data |
| Distribution Methods | Malicious email attachments, torrents, malicious ads, pirated software, fake updates, drive-by downloads |
| Damage | Permanent file encryption, data theft, financial loss, potential installation of additional malware (trojans, keyloggers) |
| Danger Level | Severe |
Remove
ETHAN Ransomware
With SpyHunter
Download SpyHunter now, and scan your computer for this and other cybersecurity threats for free!
How ETHAN Ransomware Works
Encryption Process
Once ETHAN ransomware infiltrates a system, it scans all files and encrypts them using AES (Advanced Encryption Standard) and RSA (Rivest-Shamir-Adleman) encryption. The malware then renames encrypted files by appending the .ETHAN extension.
For example:
document.docx→document.docx.ETHANimage.jpg→image.jpg.ETHAN
Ransom Note
After encryption, ETHAN drops a ransom note titled READ_NOTE.html, which states that the victim's network has been compromised, files encrypted, and sensitive data stolen. The attackers demand a ransom payment in cryptocurrency within 72 hours, warning that failure to comply will result in a price increase and leakage of stolen data.
Threat to Leak Data
ETHAN not only encrypts files but also exfiltrates confidential and personal data. If victims refuse to pay, attackers threaten to sell or publicly release stolen files.
Text of ETHAN Ransomware Note
YOUR PERSONAL ID:
-
/!\ YOUR COMPANY NETWORK HAS BEEN PENETRATED /!\
All your important files have been encrypted!
Your files are safe! Only modified. (RSA+AES)
ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE
WILL PERMANENTLY CORRUPT IT.
DO NOT MODIFY ENCRYPTED FILES.
DO NOT RENAME ENCRYPTED FILES.
No software available on internet can help you. We are the only ones able to
solve your problem.
We gathered highly confidential/personal data. These data are currently stored on
a private server. This server will be immediately destroyed after your payment.
If you decide to not pay, we will release your data to public or re-seller.
So you can expect your data to be publicly available in the near future..
We only seek money and our goal is not to damage your reputation or prevent
your business from running.
You will can send us 2-3 non-important files and we will decrypt it for free
to prove we are able to give your files back.
Contact us for price and get decryption software.
email:
fortisram@zohomail.eu
QTOX: protonmail.com
IF YOU DON'T CONTACT US WITHIN 72 HOURS, PRICE WILL BE HIGHER.How Did ETHAN Ransomware Infect Your System?
ETHAN ransomware is typically distributed through deceptive tactics, including:
- Malicious email attachments (e.g., fake invoices, receipts)
- Torrent downloads (pirated software, games, movies)
- Fake updates (browser, Flash Player, Java)
- Drive-by downloads (malware-laden websites)
- Malvertising (malicious ads that trigger downloads)
- Remote Desktop Protocol (RDP) attacks (brute force access)
How to Remove ETHAN Ransomware
Remove
ETHAN Ransomware
With SpyHunter
Download SpyHunter now, and scan your computer for this and other cybersecurity threats for free!
Step 1: Use SpyHunter to Remove ETHAN
Since ETHAN is a dangerous ransomware, manually removing it can be complex. Instead, use SpyHunter – an advanced anti-malware tool – to scan, detect, and remove ETHAN ransomware from your system.
Download and Install SpyHunter
- Download SpyHunter.
- Run the installer and follow the on-screen instructions.
Perform a Full System Scan
- Open SpyHunter.
- Click on Start Scan Now to detect malicious programs.
- Wait for the scan to complete.
Remove ETHAN Ransomware
- Once the scan finishes, click "Fix Threats" to remove ETHAN.
- Restart your PC.
How to Restore Your Encrypted Files
Option 1: Use Backups
- Restore files from an external backup stored on a separate device.
- Ensure the backup was created before the infection.
Option 2: Use Shadow Volume Copies
- Open Command Prompt as Administrator.
- Type:
vssadmin list shadowsand press Enter. - If shadow copies exist, use software like ShadowExplorer to restore files.
Option 3: Try Data Recovery Software
Use data recovery tools like:
- Recuva
- EaseUS Data Recovery
- Stellar Data Recovery
⚠ Note: There is no free decryption tool for ETHAN ransomware at the time of writing.
How to Prevent ETHAN Ransomware Infections
Backup Your Data Regularly
- Store backups in multiple locations (offline hard drives, cloud storage).
- Encrypt backups for added security.
Enable Ransomware Protection
- Use Windows Defender’s Ransomware Protection.
- Install real-time anti-malware tools (e.g., SpyHunter, Malwarebytes).
Avoid Suspicious Downloads
- Do not download files from unverified sources.
- Be cautious of torrent sites and free software platforms.
Use Strong Passwords and 2FA
- Secure accounts with strong, unique passwords.
- Enable Two-Factor Authentication (2FA) for logins.
Disable Macros in Microsoft Office
Open Microsoft Office → Go to Options → Trust Center → Disable Macros.
Keep Your System Updated
- Update Windows, software, and antivirus regularly.
- Apply security patches to fix vulnerabilities.
Final Thoughts
ETHAN ransomware is a dangerous file-locking malware that encrypts data and demands a ransom. Paying the ransom does not guarantee file recovery, and victims risk losing their data permanently.
To remove ETHAN, use SpyHunter for a thorough malware cleanup. If your files are encrypted, restore them from backups or use data recovery tools. To prevent future infections, practice strong cybersecurity habits and keep your system secured.
Remove
ETHAN Ransomware
With SpyHunter
Download SpyHunter now, and scan your computer for this and other cybersecurity threats for free!
