Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Czech Ransomware Virus Remove and Restore ??? Files

czech-ransomware-sensorstechforumA ransomware virus has been spotted to attack primarily Czech speaking users, according to malware researchers. It is dubbed Czech ransomware and uses the ??? file extension which it appends to the files encrypted by it. The affected files by Czech ransomware are appended an AES-256 encryption algorithm, one of the several military grade encryptions, for which at this stage a direct solution may take a lot of time. Czech ransomware demands users to pay the sum of 200 Czech krona which is approximately 9 USD via a Paysafe card to get their files back. This is yet another ransomware specifically oriented towards a nation. Infected users by the Czech virus are advised not to pay any ransom money and read this article to learn more about what this malware does and how to remove it and try to restore the encrypted files.

Threat Summary

Name Czech Ransomware
Type Ransomware
Short Description Encrypts widely used files on the compromised computer with an AES-256 encryption and asks for 200 Czech Kronas for decryption.
Symptoms Adds the ??? file extension and the above posted picture.
Distribution Method Spam Emails, File Sharing Networks, Executable Files
Detection Tool See If Your System Has Been Affected by Czech Ransomware

Download

Malware Removal Tool

User Experience Join Our Forum to Discuss Czech Ransomware.

Czech Ransomware Virus – How Does It Spread

To infect the maximum amount of users, Czech ransomware may use a spam oriented towards Czech speaking users. The spam may be via e-mail and may carry either a malicious URL or attachment with the opening of both leading to infection. This all looks primitive and simple, but it is not. The malware writers behind Czech crypto-virus have focused on making this malware to be undetected and widespread, and this is a huge investment of tools and spamming services they may have used to fool the antivirus of most computers.

Czech Crypto Virus – Detailed Description

Once the virus file enters your device, it may drop the payload of Czech ransomware in the following Windows folders:

  • %AppData%
  • %Roaming%
  • %Local%
  • %LocalRow%
  • %SystemDrive%
  • %User’s Profile%

The Czech ransomware may also modify the following registry keys to run everytime Windows boots:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

The Czech ransomware’s encryption process includes the modification of the code of the files and it’s replacement with the highly sophisticated and strong AES-256 encryption algorithm, decryption for which is not available unless there is a bug in the malware and researchers exploit it or the decryption key is known.

Czech ransomware looks for different types of files to encrypt, including:

  • Videos.
  • Audio files.
  • Pictures.
  • Database files.
  • Files associated with Microsoft Office.
  • Adobe Reader files.
  • Files used by widely downloaded programs that are well known.

After detecting the files, Czech ransomware begins the encryption process. The encrypted files are appended the ???, extension that may either be in front of them or after their original extension, for example:

???.New Text Document.txt
New Text Document.txt.???

After encryption, the file icon is removed, and Windows does not recognize the original type of software used to open this file. The Czech ransomware then drops the following ransom note:

→“Váš počítač a vaše soubory byly uzamknuty!
Co se stalo?
Veškeré vaše soubory byly zašifrovány šifrovacím algoritmem AES-256 společně s vaším osobním počítačem.
VAROVÁNÍ!!!
Pokud nesplníte všechny dané požadavky uvedené níže do 2 DNÍ, váš dešifrovací klíč se SMAŽE a vy své soubory a ÚČTY NIKDY NEUVIDÍTE.
Jak získat klíč?
– Stačí zakoupit kartu PaySafe Card v hodnotě 200Kč ,zadat její kód (číslo) do textového pole pod tímto textem a stisknout zelené tlačítko.
Vaše platba pak bude odeslána k ověření. Po ověření budou vaše soubory a váš počítač uvedeny do původního stavu.
– Kde koupím PaySafe Card?
PaySafe Card se dá zakoupit v jakékoliv trafice, či pumpě. Stačí se zeptat prodejce.”

Remove Czech Ransomware and Restore ??? Encrypted Files

In case you have decided to fight this threat on your own instead of paying the ransom, we recommend removing it and then attempting to decrypt your files. One method to remove Czech ransomware is to follow the removal instructions below. Malware researchers strongly advise users to use an advanced anti-malware program for best removal results, since Czech ransomware may situate multiple objects that are concealed in various places.

To try and restore files that have been encrypted by Czech ransomware, please make sure to check the alternative solutions in step “Restore file encrypted by Czech Ransomware” below.

Manually delete Czech Ransomware from your computer

Note! Substantial notification about the Czech Ransomware threat: Manual removal of Czech Ransomware requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove Czech Ransomware files and objects.
2. Find malicious files created by Czech Ransomware on your PC.
3. Fix registry entries created by Czech Ransomware on your PC.

Automatically remove Czech Ransomware by downloading an advanced anti-malware program

1. Remove Czech Ransomware with SpyHunter Anti-Malware Tool
2. Back up your data to secure it against infections and file encryption by Czech Ransomware in the future
3. Restore files encrypted by Czech Ransomware
Optional: Using Alternative Anti-Malware Tools

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.