The Euclid Ransomware seems like a new file-locker project that is already being distributed actively with the use of phishing emails that contain bogus Microsoft Office documents. Of course, the users reviewing the document will be asked to enable the execution of macros to view the content – a common trick that cybercriminals use to trick their targets into agreeing to allow a potentially harmful script to run unknowingly. Once the Euclid Ransomware is initialized, it may need no more than a few minutes to complete its task and encrypt a large portion of its victim’s files. The file formats that this file-encryption Trojan targets are very diverse – documents, spreadsheets, presentations, videos, images, audio files, archives, etc. Whenever the Euclid Ransomware locks a file, it will append the ‘.euclid’ extension to its name.
The Euclid Ransomware also will create two other files on the compromised computer – ‘decryption_keys.euclidkeys,’ which informs the amount the attackers want to receive, and ‘how to recovery.txt,’ which contains a ransom note from the perpetrators. The attackers state that they use a state-of-the-art encryption method, which minimizes the victim’s chances of recovering their files without receiving assistance from the ransomware’s authors successfully. They tell them that the only way to undo the damage is to contact the ransomware’s operators via the Telegram ID @SalsaRecovery, and then follow their instructions.
Unfortunately, contacting the attackers is not a good way out of this unfortunate situation, because they are unlikely to offer any assistance for free. The Euclid Ransomware’s operators are likely to want to receive a hefty payment in exchange for the decryption software they claim to possess. As you can probably guess, sending money to anonymous ransomware authors is not the recommended way to proceed – doing this would make it incredibly easy for the attackers to scam you out of your money.
The suggestion is that you make use of a reputable anti-virus scanner to get rid of the Euclid Ransomware and then look into alternative data recovery options.