What is Ransom.EncRaaS!g1?

Ransom.EncRaaS!g1 is a very dangerous System threat that deemed as a Trojan infection. This Trojan is a heuristic detection which is used to detect threats that associated with Ransom.EncRaaS family. First of all it has been discovered on 29th March 2016 and later updated on 29th August 2016 at 11:52:03 PM. This Trojan is highly affects all PC that runs on Windows based Operating System including Windows 2000, NT, XP, Vista, 7, 8, 10 and so on.

Threat Assessment :

  • No. of infections – 0-49
  • Risk Impact – Low
  • No. of sites – 0-2
  • Geographical distribution – Low
  • Threat Containment – Easy
  • Removal – Easy

Ransom.EncRaaS!g1 – Depth Analysis

Ransom.EncRaaS!g1 is a new version of Ransom.EncRaaS which works similar to it. This trojan infection usually hides itself into the targeted PC and executes series of command to corrupt user PC. It is able to intrudes into your PC secretly and cause lots of serious damages into your infected PC. This type of infection is mainly designed by cyber crooks having sole intention to make profit for third-party. It automatically alters your System and browser settings to corrupt your registry entries and windows files. what's worse, it is capable to record your browsing history, cookies, online activities and entire personal data such as IP address, banking login details, contact details, addresses, ID, username, password, debit or credit card details etc. After intruding into PC, it behaves as a ransomware infection which completely locks your System screen and demand to pay ransom money in order to get the decryptor too. But there is no any guarantee that after paying ransom money you will get the decrypter tool. Thus you should delete Ransom.EncRaaS!g1 from your compromised System rather than paying ransom amount.

After intruding into the user PC, Ransom.EncRaaS!g1 drops the following file in each folder:

[PATH TO ENCRYPTED FILES]\encryptor_raas_readme_liesmich.txt

The file is a text file which contains a ransom message. 

Then after, Ransom.EncRaaS!g1 opens the default web browser to load the following URL:



NOTE: "[MACHINE GUID]" is a string taken from the following subkey of Windows registry:


Infiltration Method of Ransom.EncRaaS!g1

Being a Trojan,  Ransom.EncRaaS!g1 uses very deceptive and unique method to intrudes into the user PC. It can injects its malicious codes secretly when you download any freeware packages, access any Spam-emails attachments that sent from the unknown sources, visiting of any malicious or porn sites, use of any infected removable devices, file sharing over the P2P network etc. Its distribution channel is different but the main source for the infiltration of this infection is Internet. Thus, it is highly advised by expert that you should pay attention carefully while surfing the Internet.

Harmful Effects of  Ransom.EncRaaS!g1

  1. Add some new icons and shortcuts on your desktop screen to mislead you.
  2. Alters your System and browser settings without any notification.
  3. Drastically slows down your System speed by eating up more memory space.
  4. Ransom.EncRaaS!g1 opens up the System backdoor to injects several other malicious infections.
  5. Create a System loopholes to exploits the vulnerabilities.

Scan PC to Remove Ransom.EncRaaS!g1

How to Uninstall Ransom.EncRaaS!g1 from Control Panel from Windows 10

  • Click and Open Start Menu option


  • Settings option is to be selected on the menu to show all the contents


  • Click on System option


  • On the system Menu, Click on Apps and features option


  • Now Click on Ransom.EncRaaS!g1 to remove it from PC.

How to Eliminate Ransom.EncRaaS!g1 from Windows 8/8.1

Step 1: Press repeatedly F8 to boot PC in Safe Mode. Restart PC and select “Safe Mode with Networking”.


Step 2: Press ALT+Ctrl+Del to open Windows Task Manager. After that, search all the Ransom.EncRaaS!g1 related processes and then click to “End Task”


Step 3: Type “regedit” in Run dialog box and open Windows Registry Editor. Search and delete all the corrupt registries added by Ransom.EncRaaS!g1 infection.


Step 4: Go to Start and then click to open Control Panel.


After that, click Add/Remove Program


Uninstall Ransom.EncRaaS!g1 associated programs from Windows 8/8.1


Uninstall Ransom.EncRaaS!g1 From Window 7/vista

Tap on F8 Key to Enter Safe Mode


Restart PC and select “Safe Mode with Networking”


First of all close all running programs and open Task manager by pressing ALT + CTRL + DEL keys on your keyboard simultaneously.


Now Click on Processes menu and select all the processes associated with Ransom.EncRaaS!g1 one by one then click on End Task.


Now go to the desktop, click on Start Menu on the left lower corner. Move to Control panel and use left mouse click over it.


The Control panel window will open, if are getting the view by Category find and click “Uninstall a program” below “Programs” group.


Now select Ransom.EncRaaS!g1 within programs list and click on Uninstall.

Steps to Eliminate Ransom.EncRaaS!g1 from Windows XP

Step 1: Restart PC in Safe Mode by continuously pressing F8 button. After that, select “Safe Mode with Networking”.


Step 2: Open Windows Task Manager by pressing Alt+Ctrl+Del together. After that, find and select all the Ransom.EncRaaS!g1 associated processes and then click to “End Task” button.


Step 3: Open Run dialog box and then enter “regedit.exe” to open Windows Registry. Search and then delete all the corrupt and infectious registries added by Ransom.EncRaaS!g1.


Step 4: Click Start button and then go to Control Panel, click to open Windows Add/Remove Program. Search all the Ransom.EncRaaS!g1 related programs and then uninstall it from Windows XP.



How to Uninstall Ransom.EncRaaS!g1 From Your Infected Browser

A. Guidelines to Remove Ransom.EncRaaS!g1 From Microsoft Edge Browser

How to Reset Default Search Engine to Uninstall Ransom.EncRaaS!g1

Select Settings after selecting More (…) on the address bar


Click and select on View advanced settings option

advance settings-edge

In order to input the search engine, Click on <Add new> under option”Search in the address bar with”


Select Search engine and adds as default by clicking on Add as default option.

How to Reset Default Homepage on Microsoft Edge to Uninstall Ransom.EncRaaS!g1

  • Select More (…) option on the address bar followed by settings
  • Select specific page or pages under Open with option
  • After selecting the Custom option, enter the URL of the homepage you wish to set as


B. How to Delete Ransom.EncRaaS!g1 from Google Chrome

Click to Open Google Chrome and then click on menu icon which is on the top right corner and then select Tools → Extensions


Select all the malicious extensions including Ransom.EncRaaS!g1 and then select trash icon


Again click on menu icon and select Settings and then click to Manage Search Engines under the Search section


In Search Engines, remove all the infectious search sites and set Google Chrome as Default Browser


C. How to Uninstall Ransom.EncRaaS!g1 From Mozilla Firefox

Launch Mozilla Firefox and find and click “Firefox” button on the top left corner on the screen.


A drop down box will appear, navigate to Add-ons option and click on it.


In the next window select and click on “Extensions” in left pane.


Find Ransom.EncRaaS!g1 add-on and click on the center area to see the border exactly and click on Disable button.
Wait a moment and let the add-on get disabled.


Now click the “Remove” button, later on uninstall the add-on Mozilla will ask you to restart the browser.


D. How to Remove Ransom.EncRaaS!g1 From Internet Explorer

First of all Launch Internet explorer by clicking the Task-bar Icon on desktop.

Now Click on Tool Menu on web browser interface.


Select and click on Manage add-ons in the drop down box.

A View and manage your Internet Explorer Add-ons window will open, now click on “Toolbar and Extensions” option in left pane.

A list of all installed ad-ons will appear, select Ransom.EncRaaS!g1 and click on “Disable” button and Reset IE


Click to Download Ransom.EncRaaS!g1 Scanner