The malicious file extension .INCANTO is associated with a new data locker ransomware of undetermined family. Ransomware is a type of malware that penetrates the PC to take control over the system and corrupt valuable data stored on it. Then it drops a file named !!!GetBackData!!!.txt which holds the ransom note. The message blackmails victims to pay a ransom in Bitcoins for .INCANTO files recovery.
This article has the goal to provide support for the .INCANTO file virus removal process and reveal more information about its adverse impact on the infected computer.
|Name||.INCANTO file virus|
|Short Description||Encrypts the files on the infected computer. Demands ransom payoff in BitCoin. The ransom varies.|
|Symptoms||The files are encrypted with the .INCANTO file extension added to them. The virus drops a ransom note, named !!!GetBackData!!!.txt.|
|Distribution Method||Spam Emails, Email Attachments, Executable files|
|Detection Tool|| See If Your System Has Been Affected by .INCANTO file virus |
Malware Removal Tool
|User Experience||Join Our Forum to Discuss .INCANTO file virus.|
|Data Recovery Tool||Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
.INCANTO File Virus – Delivery
.INCANTO File Virus – Overview
This new ransomware is named after the specific file extension it uses for encrypted files – .INCANTO. The threat can be triggered by an executable file that controls all subsequent impacts. In order to fulfill the attack, .INCANTO crypto virus is considered to create or drop additional malicious files. They may be situated in some of the stated Windows folders below:
Being a typical ransomware .INCANTO virus is believed to access Windows Registry targeting the Run and RunOnce keys. All it needs to do to ensure its stable presence on the computer is adding specific values in the mentioned registry keys. These keys enable the automatic execution of ransomware payload each time the Windows is started. They can be also used at the end of the attack when the ransom message should be noticed by the victim. The ransom note is a text file called !!!GetBackData!!! that reads the following:
All your important files were encrypted on this PC.
All files with .INCANTO extension are encrypted.
Encryption was produced using unique private key RSA-1024 generated for this computer.
To decrypt your files, you need to obtain private key + decrypt software.
The single copy of the private key, with will allow you to decrypt the files, is locate on a secret server on the internet.
To retrieve the private key, you need to contact us by email email@example.com send us an email your !!!GetBackData!!!.txt file and wait for further instructions.
For you to be sure, that we can decrypt your files – you can send us a 1-2 not very big encrypted files and we will send you back it in a decrypted form free.
To send files you can use http://dropmefiles.com/
Your personal id:[redacted]
E-mail address to contact us:
Reserve email address to contact us:
Contact, negotiations and payments should be restricted as security researchers are still investigating the ransomware samples. Hopefully, they will crack its code and release a freely available decryption tool.
Another damage caused by .INCANTO file virus is preventing one of the possible recovery options. This is possible once it accesses the Command Prompt and writes the command:
→ vssadmin.exe delete shadows /all /quiet
.INCANTO File Virus – Encryption
For the encryption .INCANTO crypto virus is believed to use the RSA cipher algorithm that transforms the original code of target files making them completely unworkable. It is likely to attempt to corrupt different frequently used files like: documents, archives, databases, backups, text files, configuration files, music, photos, videos and etc. All encrypted files receive the extension .INCANTO at the end of their names and remain unusable. They can be decrypted with the unique decryption key possessed by crooks. However, it is better to try all you can do by yourself to recover .INCANTO files. The good news is that there are alternative data recovery solutions that appear to be efficient in many similar cases. Check the step “Restore files encrypted by .INCANTO Ransomware” in the guide below.
Remove .INCANTO File Virus and Restore Data
To completely get rid of the .INCANTO file virus, carefully follow the step-by-step removal instructions provided below. After ransomware removal follows the data recovery step.