Remove .aztecdecrypt@protonmail.com Cryptovirus (Scarab)
THREAT REMOVAL

Remove .aztecdecrypt@protonmail.com Cryptovirus (Scarab)

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Remove .aztecdecrypt@protonmail.com Cryptovirus sensorstechforum

This article explains the impacts caused by a crypto virus dubbed .aztecdecrypt@protonmail.com and presents you a complete set of removal and data recovery steps.

The so-called .aztecdecrypt@protonmail.com cryptovirus is nasty malware infection that is designed to plague computer systems in order to locate and encrypt valuable files. For the encryption, it utilizes a strong cipher algorithm that modifies parts of the code of all target files and renders them inaccessible. Once encrypted the files contain the extension .aztecdecrypt@protonmail.com in their names. Your access to these files is restricted. As a consequence hackers demand a ransom payment for data decryption.

Threat Summary

Name.aztecdecrypt@protonmail.com Cryptovirus
TypeRansomware, Cryptovirus
Short DescriptionA data locker ransomware that utilizes strong cipher algorithm to encrypt target files so it can then demands a ransom for their decryption.
SymptomsImportant files are locked and renamed with .aztecdecrypt@protonmail.com extension. Ransom message extorts a ransom payment.
Distribution MethodSpam Emails, Email Attachments
Detection Tool See If Your System Has Been Affected by .aztecdecrypt@protonmail.com Cryptovirus

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss .aztecdecrypt@protonmail.com Cryptovirus.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

.aztecdecrypt@protonmail.com Cryptovirus – Distribution

In general, cryptoviruses like .aztecdecrypt@protonmail.com land on computer devices via spam email messages. The reason why hackers often choose this spread method is their goal to reach as many users as possible.

Once such an email appears in your inbox it attempts to trick you into executing the ransomware code on your device. For this purpose such emails often pose as representatives of legitimate websites, services, and even governmental institutions.

As of the malicious code that triggers the infection process, it could be concealed as a file attachment (document, image, PDF, archive, etc. ) or an URL address. All these commonly used types of files are then spread via massive email spam campaigns as file attachments. Currently, the campaigns may be targeting users worldwide. What happens once you download the email attachment and open it on your PC is the activation of the ransomware payload.

Another malicious element that may appear in emails part of ransomware spread campaigns is URL address being it in the form of an in-text link, button, coupon, banner, image or other clickable form. The load of the page behind this URL address results in the unnoticed execution of ransomware payload.

.aztecdecrypt@protonmail.com Cryptovirus – Overview

When the payload file of .aztecdecrypt@protonmail.com cryptovirus is triggered on your device, a sequence of various malicious activities plague essential system settings and leave valuable data unusable. However, the attack could be completed only with the help of additional malicious files. These additional files could be both created directly on the infected system or downloaded from a remote server.

When established on the system malware files and objects may be located in some of the following system folders:

  • %AppData%
  • %Local%
  • %LocalLow%
  • %Roaming%
  • %Temp%
  • %Windows%

What happens as a result of infection of this nasty threat is the corruption of various system components. Affected could be the Registry Editor. It is a hierarchical database that contains keys which contain values which control the proper system performance. By adding malicious values under some of the keys, .aztecdecrypt@protonmail.com crypto virus becomes able to manipulate their functionalities.

Two keys – Run and RunOnce could be among the affected keys by this threat. This could be explained with ransomware’s mission to obtain persistent presence on the infected system. Once it adds certain values under the key Run, its infection files are automatically executed on each system start.

By exploiting the RunOnce key, this crypto virus could load its ransom note on the screen at the end of the attack. The note associated with .aztecdecrypt@protonmail.com is named HOW TO DECRYPT FILES.TXT and all it reads is:

Your files are now encrypted!
All your files have been encrypted due to a security problem with your PC.
Now you should send us email with your personal identifier.
This email will be as confirmation you are ready to pay for decryption key.
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us.
After payment we will send you the decryption tool that will decrypt all your files.
Contact us using this email address: aztecdecrypt@protonmail.com or aztecdecryptor@mailfence.com
If you don’t get a reply or if the email dies, then contact us using Bitmessage.
Download it form here: https://bitmessage.org/wiki/Main_Page
Run it, click New Identity and then send us a message at BM-NBRCUPTenKgYbLVCAfeVUHVsHFK6Ue2F
Free decryption as guarantee!
Before paying you can send us 1 files for free decryption.
The total size of file must be less than 10Mb (non archived), and file should not contain
valuable information (databases, backups, large excel sheets, etc.).
How to obtain Bitcoins?
* The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click
‘Buy bitcoins’, and select the seller by payment method and price:
https://localbitcoins.com/buy_bitcoins
* Also you can find other places to buy Bitcoins and beginners guide here:
http://www.coindesk.com/information/how-can-i-buy-bitcoins
Attention!
* Do not rename encrypted files.
* Do not try to decrypt your data using third party software, it may cause permanent data loss.
* Decryption of your files with the help of third parties may cause increased price
(they add their fee to our) or you can become a victim of a scam.
Your personal identifier:
pAQAAAAAAABTK***Ie2xSSR+BjmyDzED

For the sake of your security, we recommend you to avoid contacting cyber criminals. Since there is no guarantee that their decryption key is a working one, they could attempt to trick you once again.

.aztecdecrypt@protonmail.com Cryptovirus – Encryption Process

Data encryption is the main infection stage implemented by .aztecdecrypt@protonmail.com ransomware. During this infection phase, the cryptovirus activates an inbuilt encryption module that scans certain drives and folders for target types of files and then utilizes sophisticated cipher algorithm to transform parts of their original code.

Since this cryptovirus is an iteration of Scarab ransomware, it is likely to encrypt almost all of the commonly used types of files including:

  • Audio files
  • Video files
  • Document files
  • Image files
  • Backup files
  • Banking credentials, etc

When encrypted these files appear with the extension . aztecdecrypt@protonmail.com appended to their names. Unfortunately, you can’t access the information they store until you apply an efficient recovery solution to revert back their code. We remind you that the decrypter offered by hackers is only one of the ways to restore encrypted files. You could find out some alternative data recovery approaches in the guide below.

Remove .aztecdecrypt@protonmail.com Cryptovirus and Restore Data

The so-called ..aztecdecrypt@protonmail.com cryptovirus is a threat with highly complex code that plagues not only your files but your whole system. So infected system should be cleaned and secured properly before you could use it regularly again. Below you could find a step-by-step removal guide that may be helpful in attempting to remove this ransomware. Choose the manual removal approach if you have previous experience with malware files. If you don’t feel comfortable with the manual steps select the automatic section from the guide. Steps there enable you to check the infected system for ransomware files and remove them with a few mouse clicks.

In order to keep your system safe from ransomware and other types of malware in future, you should install and maintain a reliable anti-malware program. Additional security layer that could prevent the occurrence of ransomware attacks is

anti-ransomware tool.

Make sure to read carefully all the details mentioned in the step “Restore files” if you want to understand how to fix encrypted files without paying the ransom. Beware that before data recovery process you should back up all encrypted files to an external drive as this will prevent their irreversible loss.

Gergana Ivanova

Gergana Ivanova

Gergana has completed a bachelor degree in Marketing from the University of National and World Economy. She has been with the STF team for three years, researching malware and reporting on the latest infections.

More Posts

Follow Me:
Google Plus

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...