Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Remove DecryptorMax Ransomware and Restore your Files

A particularly dangerous ransomware has arisen from the depths of the internet, going by the name of DecryptorMax. The questionable cyber threat is reported to replicate several files in the infected user PC and scan for various files to encrypt them. The ransomware then leaves a ransom note notifying the user that they should pay if they wish to receive the decryption key and software.

NameDecryptorMax Ransomware
TypeRansomware
Short DescriptionReported to encrypt user data and ask for ransom.
SymptomsThe user has unfamiliar extensions and his/her files are corrupt. A ransom message with instructions may be seen.
Distribution MethodMalicious URLs, Spam mails, Targeted attacks
Detection ToolDownload Malware Removal Tool, to See If Your System Has Been Affected by DecryptorMax Ransomware
User ExperienceJoin our forum to discuss about DecryptorMax Ransomware.

p10_0000

DecryptorMax Ransomware – How Did I Get Infected?

One way to become a victim of this ransomware infection is to open spam mail with a malicious attachment in it. Usually spam mails go in campaigns and they infect users on a massive scale. This particular threat may feature a message pretending to be from a well-known recipient such as Windows, Apple or someone important. The message may contain several attachments, one of which may be the malware itself, in the following file extensions:

.bat, .exe, .bin, .html,

Another way of getting this ransomware is via targeted attacks by social media or other software as well as physical access to the victim’s computer. What is more, this particular ransomware may also come in malicious links in case the user has a browser hijacker or other unwanted adware causing redirects to third-party sites.

DecryptorMax Ransomware – More About It

Once activated on the user PC, the ransomware may create several files that may be with .dll and .exe extensions in the following folders:

%appdata%
%temp%
%Local%
%Users%
%SystemDrive%

Once it has created all the necessary files to infect the user PC, a ransomware trojan may create registry values to make them run on start up. This can happen by creating an entry in the following key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\

After executing its files, the ransomware may have a lot of features, such as firewall and antivirus disabling and others. The main feature however may be its scanning mechanisms that look for files with all sorts of extensions, main of which may be:

.doc, .docx, .pdf, .jpg, .mp3, .mp4, .avi, .txt, .vdi

Once discovered, the ransomware may encrypt thousands of files with a strong encryption algorithm, the ransomware may leave a ransom note, reported by virus researchers to be the following:

“Your documents, photos, databases and other important files have been encrypted with a military grade encryption algorithm.
The only way to decrypt your files is with a unique decryption key stored remotely in our servers.
All your files are now unusable until you decrypt them. You have 24 hours to pay the release of your decryption key. After 24 hours have passed your decryption key will be erased and you will never be able to restore your files.”

Some affected users have also reported to see instructions on how to pay online anonymously. Either way security engineers recommend not to pay the ransom and to seek other alternatives such as the removal and decryption instructions after this article.

Removing DecryptorMax Ransomware

In order to remove this ransomware, you should follow the step-by-step tutorial provided after this article. It is highly advisable to use an advanced anti-malware program that will discover every file associated with this malware and to scan your PC in Safe Mode in order to isolate the threat and remove it before starting to decrypt the files.
It is also recommended to copy the encrypted data to another device before scanning with anti-malware scanner since the malware may have scripts that could damage or delete the files after it has been removed from the user PC.

1. Boot Your PC In Safe Mode to isolate and remove DecryptorMax Ransomware
2. Remove DecryptorMax Ransomware with SpyHunter Anti-Malware Tool
3. Remove DecryptorMax Ransomware with Malwarebytes Anti-Malware.
4. Remove DecryptorMax Ransomware with STOPZilla AntiMalware
5. Back up your data to secure it against infections and file encryptions by DecryptorMax Ransomware in the future

Restoring Your Files

There are several methods to restore files encrypted by ransomware. One of them is to use one of Kaspersky`s decryption software:
http://support.kaspersky.com/viruses/utility
Another and more tech savvy method is to use python and cado-nfs in Linux:
https://sensorstechforum.com/restore-files-encrypted-via-rsa-encryption-remove-cryptowall-and-other-ransomware-manually/

NOTE! Substantial notification about the DecryptorMax Ransomware threat: Manual removal of DecryptorMax Ransomware requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.