EndPoint ransomware is a highly destructive file-locking malware belonging to the Babuk ransomware family. First discovered through malware samples uploaded to VirusTotal, this ransomware encrypts files and appends the “.endpoint” extension to them. It also leaves behind a ransom note named “How To Restore Your Files.txt”, which threatens victims by stating that their data has not only been encrypted but also stolen.
The attackers behind EndPoint demand a ransom in exchange for decryption tools and the deletion of stolen data. They provide a Session ID for communication via Session Messenger and an email address (schipkealfred@gmail.com) for negotiation. Victims are warned against modifying or attempting to restore their files independently, as this could make recovery impossible. The ransom amount depends on how quickly the victim contacts the attackers.
EndPoint Ransomware Threat Summary
| Category | Details |
|---|---|
| Threat Name | EndPoint Ransomware |
| Threat Type | Ransomware, File Encryptor, Crypto Virus |
| Encrypted File Extension | .endpoint |
| Ransom Note Filename | How To Restore Your Files.txt |
| Cybercriminal Contact | schipkealfred@gmail.com, Session ID |
| Detection Names | Avast (Win32:Dh-A [Heur]), Combo Cleaner (Generic.Ransom.Babuk.!s!.G.9F3EEFEB), ESET-NOD32 (A Variant Of Win32/Filecoder.Babyk.A), Kaspersky (UDS:Trojan.Win32.Generic), Microsoft (Ransom:Win32/Babuk.SIB!MTB) |
| Symptoms of Infection | Files become inaccessible and have the “.endpoint” extension; ransom note appears; inability to open previously working files |
| Damage | Permanent file encryption, potential data leaks, financial loss due to ransom demands |
| Distribution Methods | Malicious email attachments, torrent websites, tech support scams, software cracks, exploit kits, malicious ads, and infected USB drives |
| Danger Level | Severe |
Remove EndPoint Ransomware
With SpyHunter
EndPoint Ransomware Ransom Note Text
“Your data has been stolen and encrypted by EndPoint Ransomware… We will delete the stolen data and help with the recovery of encrypted files after payment has been made Contact me through the following session id (05bc722dbbc974e075c02a563431f0b9da38778dddac95abc0d940d187aaf38f45) or schipkealfred@gmail.com Download url: hxxps://getsession.org Do not try to change or restore files yourself, this will break them We provide free decryption for any 3 files up to 3Mb The final price depends on how fast you write to us.. Good Luck…”
This ransomware attack follows a common pattern where cybercriminals encrypt files and threaten to leak stolen data to increase pressure on victims. Unfortunately, paying the ransom does not guarantee data recovery, as attackers may refuse to provide a working decryption tool.
The Impact of EndPoint Ransomware
Once installed, EndPoint ransomware encrypts critical files on the victim’s system, making them completely inaccessible. The attackers then pressure victims to pay the ransom by leveraging data theft as an additional extortion tactic. This technique is commonly referred to as double extortion, where even if the victim retrieves their files from backups, their stolen data could still be leaked.
Since no free decryption tool is currently available, the only way to recover encrypted files is through backups or security professionals who might develop a decryption method in the future. Meanwhile, EndPoint ransomware can spread to other devices on the same network, further increasing the risk.
Similar Ransomware Attacks
EndPoint ransomware is not the only variant using this method of attack. Similar ransomware includes:
- Louis ransomware
- Hush ransomware
- Jett ransomware
These threats employ similar file encryption techniques and demand ransom payments for decryption.
Remove EndPoint Ransomware
With SpyHunter
