Ransomware Research
Enced Ransomware
Enced is a malicious ransomware strain that encrypts victim files and demands ransom payment for decryption. First observed in the wild on August 1, 2017, this ransomware has been actively targeting systems worldwide. Security researchers also track this malware under the aliases: PedoFinder, PedoFinder-2, PedoTrap, Shiva.
Quick Facts
- Ransomware Family
- Enced
- First Seen
- August 1, 2017
- Known Aliases
- PedoFinderPedoFinder-2PedoTrapShiva
How Enced Ransomware Works
Targeted Files
Unique extension for groups of files
File Encryption Patterns
Enced modifies encrypted files using specific patterns to mark them as encrypted:
File extensions added after encryption:
./\.[a-z0-9]{6}$/
Ransom Note and Payment Demands
After encrypting files, Enced displays ransom notes demanding payment for file recovery:
READ_ME.htm
Ransom message:
notes/READ_ME.htm
Note locations:
EveryFolder
READ_ME.html
Ransom message:
notes/READ_ME.html
Note locations:
RootDiscs
Technical Indicators
Associated Executable Files
The following executable files are associated with Enced ransomware:
PedoFinder.exe
Enced.exe
PC.exe
Pedo Lover.exe
PC2.exe
Pedo_Finderv2.exe
Elastio Can Help You
Don't let Enced ransomware take over your data
Elastio provides advanced ransomware protection and recovery solutions to keep your organization safe.
About This Analysis
This Enced ransomware analysis is part of Elastio's comprehensive ransomware detection database. Elastio provides advanced ransomware protection and recovery solutions, helping organizations defend against and recover from ransomware attacks like Enced.
Last updated: July 30, 2025