A particularly dangerous ransomware has arisen from the depths of the internet, going by the name of DecryptorMax. The questionable cyber threat is reported to replicate several files in the infected user PC and scan for various files to encrypt them. The ransomware then leaves a ransom note notifying the user that they should pay if they wish to receive the decryption key and software.
|Short Description||Reported to encrypt user data and ask for ransom.|
|Symptoms||The user has unfamiliar extensions and his/her files are corrupt. A ransom message with instructions may be seen.|
|Distribution Method||Malicious URLs, Spam mails, Targeted attacks|
|Detection Tool||Download Malware Removal Tool, to See If Your System Has Been Affected by DecryptorMax Ransomware|
|User Experience||Join our forum to discuss about DecryptorMax Ransomware.|
DecryptorMax Ransomware – How Did I Get Infected?
One way to become a victim of this ransomware infection is to open spam mail with a malicious attachment in it. Usually spam mails go in campaigns and they infect users on a massive scale. This particular threat may feature a message pretending to be from a well-known recipient such as Windows, Apple or someone important. The message may contain several attachments, one of which may be the malware itself, in the following file extensions:
→.bat, .exe, .bin, .html,
Another way of getting this ransomware is via targeted attacks by social media or other software as well as physical access to the victim’s computer. What is more, this particular ransomware may also come in malicious links in case the user has a browser hijacker or other unwanted adware causing redirects to third-party sites.
DecryptorMax Ransomware – More About It
Once activated on the user PC, the ransomware may create several files that may be with .dll and .exe extensions in the following folders:
Once it has created all the necessary files to infect the user PC, a ransomware trojan may create registry values to make them run on start up. This can happen by creating an entry in the following key:
After executing its files, the ransomware may have a lot of features, such as firewall and antivirus disabling and others. The main feature however may be its scanning mechanisms that look for files with all sorts of extensions, main of which may be:
→.doc, .docx, .pdf, .jpg, .mp3, .mp4, .avi, .txt, .vdi
Once discovered, the ransomware may encrypt thousands of files with a strong encryption algorithm, the ransomware may leave a ransom note, reported by virus researchers to be the following:
→“Your documents, photos, databases and other important files have been encrypted with a military grade encryption algorithm.
The only way to decrypt your files is with a unique decryption key stored remotely in our servers.
All your files are now unusable until you decrypt them. You have 24 hours to pay the release of your decryption key. After 24 hours have passed your decryption key will be erased and you will never be able to restore your files.”
Some affected users have also reported to see instructions on how to pay online anonymously. Either way security engineers recommend not to pay the ransom and to seek other alternatives such as the removal and decryption instructions after this article.
Removing DecryptorMax Ransomware
In order to remove this ransomware, you should follow the step-by-step tutorial provided after this article. It is highly advisable to use an advanced anti-malware program that will discover every file associated with this malware and to scan your PC in Safe Mode in order to isolate the threat and remove it before starting to decrypt the files.
It is also recommended to copy the encrypted data to another device before scanning with anti-malware scanner since the malware may have scripts that could damage or delete the files after it has been removed from the user PC.
Restoring Your Files
There are several methods to restore files encrypted by ransomware. One of them is to use one of Kaspersky`s decryption software:
Another and more tech savvy method is to use python and cado-nfs in Linux: