Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Remove SuperCrypt Ransomware and Restore .SUPERCRYPT Files

ransomware-sensorstechforumAES encryption algorithm is being used by a ransomware virus, named SuperCrypt which encrypts the files of it’s victims. The virus has been reported to also add the .SUPERCRYPT file extension to the files which it enciphers. The enciphered files can no longer be opened by any software and the only decryption method seems to be paying a hefty ransom fee of 300 euros or 1 BTC to cyber-criminals, as written In a HOW TO DECRYPT FILES.txt text file. It is strongly advisable not to pay any ransom and wait for a decryption while in the mean time try alternative methods like the ones here to restore your files after removing SuperCrypt ransomware.

Threat Summary

NameSuperCrypt
TypeRansomware
Short DescriptionThe SuperCrypt ransomware encrypts files with the AES cipher and asks a ransom of 300 Euros for decryption.
SymptomsFiles are encrypted and become inaccessible. A ransom note with instructions for paying the ransom shows as a HOW TO DECRYPT FILES.txt file.
Distribution MethodSpam Emails, Email Attachments, File Sharing Networks.
Detection Tool See If Your System Has Been Affected by SuperCrypt

Download

Malware Removal Tool

User ExperienceJoin our forum to Discuss SuperCrypt Ransomware.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

SuperCrypt Ransomware – How Does It Spread

Similar to the Zcrypt ransomware virus, SuperCrypt may be downloaded via several methods. The primary method by which SuperCrypt ransomware may spread is via e-mail. This means that you could see it attack your computer disguised in two forms – malicious URLs as well as attachments, both pretending to be legitimate. This is why it is important to always use e-mail services that have multiple spam filters enabled and also learn to scan e-mail attachments from suspicious senders.

SuperCrypt Ransomware – What Does It Do

As soon as installed on your computer, the SuperCrypt threat may connect itself remotely to the servers of cyber-criminals, allowing it to download the malicious files in several key Windows folders under different names:

commonly used file names and folders

After this has been done, the SuperCrypt virus may also create value strings in the Run and RunOnce registry entries:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

This is done with the one and only purpose of getting the virus to run automatically when Windows starts. After the SuperCrypt virus runs on a compromised computer, it may encrypt different types of widely used files, like videos, images, audion files and others. Some file extensions, SuperCrypt ransomware may scan for and encipher may be the following:

“PNG .PSD .PSPIMAGE .TGA .THM .TIF .TIFF .YUV .AI .EPS .PS .SVG .INDD .PCT .PDF .XLR .XLS .XLSX .ACCDB .DB .DBF .MDB .PDB .SQL .APK .APP .BAT .CGI .COM .EXE .GADGET .JAR .PIF .WSF .DEM .GAM .NES .ROM .SAV CAD Files .DWG .DXF GIS Files .GPX .KML .KMZ .ASP .ASPX .CER .CFM .CSR .CSS .HTM .HTML .JS .JSP .PHP .RSS .XHTML. DOC .DOCX .LOG .MSG .ODT .PAGES .RTF .TEX .TXT .WPD .WPS .CSV .DAT .GED .KEY .KEYCHAIN .PPS .PPT .PPTX ..INI .PRF Encoded Files .HQX .MIM .UUE .7Z .CBR .DEB .GZ .PKG .RAR .RPM .SITX .TAR.GZ .ZIP .ZIPX .BIN .CUE .DMG .ISO .MDF .TOAST .VCD SDF .TAR .TAX2014 .TAX2015 .VCF .XML Audio Files .AIF .IFF .M3U .M4A .MID .MP3 .MPA .WAV .WMA Video Files .3G2 .3GP .ASF .AVI .FLV .M4V .MOV .MP4 .MPG .RM .SRT .SWF .VOB .WMV 3D .3DM .3DS .MAX .OBJ R.BMP .DDS .GIF .JPG ..CRX .PLUGIN .FNT .FON .OTF .TTF .CAB .CPL .CUR .DESKTHEMEPACK .DLL .DMP .DRV .ICNS .ICO .LNK .SYS .CFG”Source:fileinfo.com

SuperCrypt ransomware has a very specific algorithm (AES) which it uses to encipher files. It scrambles the source code of the file itself, rendering it unopenable by replacing key digits of the code with the algorithm’s. The virus then generates a unique decryption key which it may send to the C&C (Command and Control) server of the cyber-criminals.

After an encryption has been done, the virus then leaves the following note to inform users their files have been encrypted:

supercrypt-mailer-sensorstechforum-ransomware

Remove SuperCrypt Ransomware and Restore Your Files

Experts have seen these type of viruses long enough to conclude that they are a very serious threat. However, experience also shows us that paying the ransom to cyber-criminals may not get your files back and helps the crooks further develop their malware and spread it to more computers. This is why it is advisable to remove SuperCrypt. One of the removal methods is by following the instructions for removal below. They are carefully devised to methodologically assist with the deletion of all files associated with SuperCrypt ransomware if you have experience. However, in case you lack technical experience when removing malware, experts advise using an advanced anti-malware tool which can easily make sure all the objects associated with this virus are gone from your computer permanently.

To restore your files, we suggest you to wait for a free decryptor to be released, which may happen sooner or later. While you do that, you are welcome to try the free restoration alternatives in step “2. Restore files encrypted by SuperCrypt” below.

Manually delete SuperCrypt from your computer

Note! Substantial notification about the SuperCrypt threat: Manual removal of SuperCrypt requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove SuperCrypt files and objects
2.Find malicious files created by SuperCrypt on your PC

Automatically remove SuperCrypt by downloading an advanced anti-malware program

1. Remove SuperCrypt with SpyHunter Anti-Malware Tool and back up your data
2. Restore files encrypted by SuperCrypt
Optional: Using Alternative Anti-Malware Tools

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.