My Decryptor Ransomware - How to Remove + Restore Encrypted Files
THREAT REMOVAL

My Decryptor Ransomware – How to Remove + Restore Encrypted Files

OFFER

SCAN YOUR PC
with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by My Decryptor Virus and other threats.
Threats such as My Decryptor Virus may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

This article is created to show how to remove My Decryptor ransomware infection virus and how to restore files that have been encrypted with added random file extensions to them.

New ransomware infection, called My Decryptor ransomware has been spotted by security analysts. The virus has a purpose to encrypt the files on the computers it infects, holding them hostage until the owner of the PC pays a hefty ransom fee in BitCoin to get them back. To encrypt the files, My Decryptor ransomware uses the AES file encryption algorithm and after the encyrption process has completed it drops the following ransom note files with instructions on how to pay the ransom – _HOW_TO_DECRYPT_MY_FILES_{file extension}_.txt and
READ_ME_FOR_DECRYPT_{file extension}_.txt. If your computer has been infected by this ransomware virus, we strongly advise you to read this article and learn how to remove this ransomware virus without having to pay the hefty ransomware fee.

Threat Summary

NameMy Decryptor Virus
TypeRansomware, Cryptovirus
Short DescriptionEncrypts the files using the AES encryption algorithm in order to extort victims into paying a hefty ransom fee to get them decrypted again.
SymptomsFiles are encoded with random file extensions. The virus also adds two ransom note files, named _HOW_TO_DECRYPT_MY_FILES_{file extension}_.txt and READ_ME_FOR_DECRYPT_{file extension}_.txt
Distribution MethodSpam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by My Decryptor Virus

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss My Decryptor Virus.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

My Decrypto Ransomware – Spread

In order for this ransomware virus to be distributed among victims computer, it may be spread via spammed e-mails as an e-mail attachment. Since most e-mail vendors block malicious attachments, ransomware viruses have switched to archiving them in .ZIP or .RAR files, similar to the example image below:

Another strategy which may be used by My Decryptor ransomware is to have the malicious e-mail attachment uploaded on online spam services, such as Dropbox or other cloud-sharing sites. Here is an example of such e-mails below:

It is also advisable to watch out for fake setups of programs or other suspicious key generators, game patches or cracks, which may be uploaded on suspicious websites or by suspicious uploads on torrent websites.

In order to best protect yourself, we advise uploading any suspicious archive on websites, whcich check if it’s malicious online, such as ZipeZip or upload a suspicious file or web link on VirusTotal to check them before opening them.

My Decryptor Ransomware – Infection and Activity

As soon as the malicious attachment carrying the files of My Decryptor ransomware has been opened, the virus may connect to different distribution websites, such as the following:

→ hxxp://27dh6y1kyr49yjhx8i3.yhicav6vkj427eox.onion/
hxxp://27dh6y1kyr49yjhx8i3.sayhere.party/
hxxp://27dh6y1kyr49yjhx8i3.goflag.webcam/
hxxp://27dh6y1kyr49yjhx8i3.keysmap.trade/
hxxp://27dh6y1kyr49yjhx8i3.segon.racing/

After connecting, the malware may download the payload files. They may be located in multiple different Windows folders, such as the following:

  • %AppData%
  • %Roaming%
  • %Local%
  • %LocalLow%

Among the files dropped are also the ransom note files, which have the following instructions for victims:

_HOW_TO_DECRYPT_MY_FILES_{extension}_.txt Contents:

ALL Y0UR D0CUMENTS, PHOTOS, DATABASES AND OTHER IMP0RTANT FILES HAVE BEEN ENCRYPTED!
===
Your files are NOT damaged! Your files are modified only. This modification is reversible.
The only 1 way to decrypt your files is to receive the private key and decryption program.
Any attempts to restore your files with the third-party software will be fatal for your files!
===
To receive the private key and decryption program follow the instructions below:
1. Download “Tor Browser” from https://www.torproject.org/ and install it.
2. In the “Tor Browser” open your personal page here:
xxxx://27dh6y1kyr49yjhx8i3.yhicav6vkj427eox.onion/N3ii3Ne9010*****
Note! This page is available via “Tor Browser” only.
===
Also you can use temporary addresses on your personal page without using “Tor Browser”:
xxxx://27dh6y1kyr49yjhx8i3.sayhere.party/N3ii3Ne9010*****
xxxx://27dh6y1kyr49yjhx8i3.goflag.webcam/N3ii3Ne9010*****
xxxx://27dh6y1kyr49yjhx8i3.keysmap.trade/N3ii3Ne9010*****
xxxx://27dh6y1kyr49yjhx8i3.segon.racing/N3ii3Ne9010*****
Note! These are temporary addresses! They will be available for a limited amount of time!

READ_ME_FOR_DECRYPT_{extension}.txt Contents:

ALL Y0UR DOCUMENTS, PHOTOS, DATABASES AMD OTHER IMPORTANT FILES HAVE BEEN ENCRYPTED!
===
Your files are NOT damaged! Your files are modified only. This modification is reversible.
The only 1 way to decrypt your files is to receive the private key and decryption program.
Any attempts to restore your files with the third-party software will be fatal for your files!
===
To receive the private key and decryption program follow the instructions below:
1. Download “Tor-браузер” from xxxxs://www.torproject.org/ and install it.
2. In the “Tor Browser” open your personal page here:
xxxx://3sk982xn91q999a7yee.yhicav6vkj427eox.onion/N3ii3Ne9010*****

The web links which are embedded on the files themselves lead to a Tor-based web page, which has the following instructions for victims to follow in order to decrypt their files:

In addition to this, the ransomware offers 1 decryption of a file from the infected computer as a guarantee the decryption works:

My Decryptor Virus – Encryption Process

For the encryption process, the My Decryptor ransomware virus uses the Advanced Encryption Standard (AES) to encode the files of the infected PC. This algorithm encodes a portion of data of the encrypted files, resulting in the files becoming no longer able to be opened. For encryption, My Decryptor ransomware targets the following file types:

→ “PNG .PSD .PSPIMAGE .TGA .THM .TIF .TIFF .YUV .AI .EPS .PS .SVG .INDD .PCT .PDF .XLR .XLS .XLSX .ACCDB .DB .DBF .MDB .PDB .SQL .APK .APP .BAT .CGI .COM .EXE .GADGET .JAR .PIF .WSF .DEM .GAM .NES .ROM .SAV CAD Files .DWG .DXF GIS Files .GPX .KML .KMZ .ASP .ASPX .CER .CFM .CSR .CSS .HTM .HTML .JS .JSP .PHP .RSS .XHTML. DOC .DOCX .LOG .MSG .ODT .PAGES .RTF .TEX .TXT .WPD .WPS .CSV .DAT .GED .KEY .KEYCHAIN .PPS .PPT .PPTX ..INI .PRF Encoded Files .HQX .MIM .UUE .7Z .CBR .DEB .GZ .PKG .RAR .RPM .SITX .TAR.GZ .ZIP .ZIPX .BIN .CUE .DMG .ISO .MDF .TOAST .VCD SDF .TAR .TAX2014 .TAX2015 .VCF .XML Audio Files .AIF .IFF .M3U .M4A .MID .MP3 .MPA .WAV .WMA Video Files .3G2 .3GP .ASF .AVI .FLV .M4V .MOV .MP4 .MPG .RM .SRT .SWF .VOB .WMV 3D .3DM .3DS .MAX .OBJ R.BMP .DDS .GIF .JPG ..CRX .PLUGIN .FNT .FON .OTF .TTF .CAB .CPL .CUR .DESKTHEMEPACK .DLL .DMP .DRV .ICNS .ICO .LNK .SYS .CFG”

After the encryption process has completed, the files become appended a random file extension to them and can no longer able to be opened by any type of software.

Remove My Decryptor Ransomware and Restore Encrypted Files

If you want to remove this virus, we strongly suggest that you follow the removal instructions down below. They are specifically created to help you isolate and then remove the malicious files of My Decryptor virus manually or automatically. For maximum effectiveness and fastest removal, malware research experts strongly advise using an advanced anti-malware software to help you automatically eliminate all malicious files and objects related to My Decryptor ransomware.

If you want to restore files encrypted by My Decryptor ransomware, we suggest that you follow the unstructions underneath this article in step “2. Restore files encrypted by My Decryptor Virus”. They are specifically created to help you recover at least some of your encrypted files without having to pay the ransom.

Note! Your computer system may be affected by My Decryptor Virus and other threats.
Scan Your PC with SpyHunter
SpyHunter is a powerful malware removal tool designed to help users with in-depth system security analysis, detection and removal of threats such as My Decryptor Virus.
Keep in mind, that SpyHunter’s scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter’s malware removal tool to remove the malware threats. Read our SpyHunter 5 review. Click on the corresponding links to check SpyHunter’s EULA, Privacy Policy and Threat Assessment Criteria.

To remove My Decryptor Virus follow these steps:

1. Boot Your PC In Safe Mode to isolate and remove My Decryptor Virus files and objects
2. Find files created by My Decryptor Virus on your PC

Use SpyHunter to scan for malware and unwanted programs

3. Scan for malware and unwanted programs with SpyHunter Anti-Malware Tool
4. Try to Restore files encrypted by My Decryptor Virus

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...