This article will help you remove SPCT ransomware fully. Follow the ransomware removal instructions provided at the end of the article.
SPCT is the name of a new variant of the Matrix ransomware family. It is named so, due to it appending the .SPCT extension to files after their encryption. The ransom note is placed in a rich text format document in several directories of a compromised computer. The name of the ransom note is !README_SPCT!.rtf and has no change between its copies. Files are locked with both AES 128-bit and RSA 2048-bit military grade encryption algorithms. The SPCT cryptovirus is a variant of Matrix ransomware and it will demand money as a ransom to allegedly get your files restored. Keep on reading through the article to see how you could try to potentially recover some of your files.
|Name||.SPCT Files Virus|
|Short Description||The ransomware encrypts files on your computer machine and demands a ransom to be paid to allegedly recover them.|
|Symptoms||The ransomware will encrypt your files with the help of the AES and RSA encryption algorithms. All locked files will have the .SPCT extension appended to them.|
|Distribution Method||Spam Emails, Email Attachments|
|Detection Tool|| See If Your System Has Been Affected by .SPCT Files Virus |
Malware Removal Tool
|User Experience||Join Our Forum to Discuss .SPCT Files Virus.|
|Data Recovery Tool||Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
SPCT Ransomware Virus – Delivery Ways
SPCT ransomware might deliver its infection in various ways. A payload dropper which initiates the malicious script for this ransomware is being spread around the World Wide Web, and researchers have gotten their hands on a malware sample. If that file lands on your computer system and you somehow execute it – your computer system will become infected.
SPCT ransomware might also distribute its payload file on social media and file-sharing services. Freeware which is found on the Web can be presented as helpful also be hiding the malicious script for the cryptovirus. Refrain from opening files right after you have downloaded them. You should first scan them with a security tool, while also checking their size and signatures for anything that seems out of the ordinary. You should read the tips for preventing ransomware found in the forum section.
SPCT Ransomware Virus – Technical Analysis
SPCT is a virus that encrypts your files and shows a window with instructions on your computer screen. The extortionists want you to pay a ransom for the alleged restoration of your files. The cryptovirus is a variant of Matrix Ransomware.
SPCT ransomware could make entries in the Windows Registry to achieve persistence, and could launch or repress processes in a Windows environment. Such entries are typically designed in a way to launch the virus automatically with each start of the Windows operating system.
After encryption the SPCT virus will place a ransom note message inside a file named “!README_SPCT!.rtf”. You can see its contents from the following screenshot given down here:
The ransom note states the following:
HOW TO RECOVER YOUR FILES INSTRUCTION
We are realy sorry to inform you that ALL YOUR FILES WERE ENCRYP‘I‘ED
by our automatic software. it became possible because of bad server security.
Please don‘t worry. we can help you to RESTORE your server to original
state and decrypt all your files quickly and safely!
Files are not broken!!!
Files were encrypted with AES-128+RSA-2048 crypto algorithms.
There is no way to decrypt your files without unique decryption key and special software. Your unique
decryption key is securely stored on our server. For our safety, all information about your server and your
decryption key will be automaticaly DELETED AFTER 7 DAYS! You will irrevocably lose all your data!
Please note that all the attempts to recover your files by yourself or using third party tools will result only in
irrevocable loss of your data!
Please note that you can recover files only with your unique decryption key, which stored on our side. If you
will use the help of third parties, you will only add a middleman.
HOW TO RECOVER FILES???
Please write us to the e-mail (write on English or use professional translator):
You have to send your message on each of our 3 emails due to the fact that the message may not reach
their intended recipient for a variety of reasons!
In subject line write your personal ID:
We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your
Please note that files must not contain any valuable information and their total size must be less than 5Mb.
Please be sure that we will find common languge. We will restore all the data and give you recommedations
how to configure the protection of your server.
We will definitely reach an agreement ;) !!!
if you dld not receive the answer from the aforecited emails for more then 24 hours please send us Bltmessages from a web browser
through the webpage https://bitmsg.me. Below is a tutorial on how to send bitmessage via web browser:
1. Open in your browser the link https://bitmsg.me/users/sign_up and make the registration by entering name email and password.
2. You must confirm the registration, return to your email and follow the instructions that were sent to you.
3. Return to site and click “Login” label or use link https://bitmsg.me/users/sign_in, enter your email and password and click the “Sign in“ button
4. Click the ‘Create Random address“ button.
5. Click the ‘New massage” button.
6. Sending message:
To: Enter address: BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm
Subject: Enter your ID: [Redacted] Message: Describe what you think necessary.
Click the “Send message” button.
The following e-mail addresses are used for contacting the cybercriminals:
The note of the SPCT ransomware states that your files are encrypted. You are demanded to pay a ransom sum in 7 days’ time, otherwise you the cybercriminals claim that they will delete your files. However, you should NOT under any circumstances pay any ransom. Your files may not get recovered, and nobody could give you a guarantee for that. Moreover, giving money to cybercriminals will most likely motivate them to create more ransomware viruses or commit different criminal acts.
SPCT Ransomware Virus – Encryption Process
What is known for the encryption process of the SPCT ransomware is that every file that gets encrypted will receive the .SPCT extension as a secondary one. Files will be renamed and also the cybercriminals’ email address will be used. An example of a name for a file being encrypted would be the following: [firstname.lastname@example.org].8slMUNg7-43jLoy4K.SPCT.
The encryption algorithms used to lock the files are AES 128-bit and RSA 2048-bit.
The targeted extensions of files which are sought to get encrypted are currently unknown and if a list is discovered, it will be posted here as the article gets updated. The files used most by users and which are probably encrypted are from the following categories:
- Audio files
- Video files
- Document files
- Image files
- Backup files
- Banking credentials, etc
The SPCT cryptovirus could be set to erase all the Shadow Volume Copies from the Windows operating system with the help of the following command:
→vssadmin.exe delete shadows /all /Quiet
In case the above-stated command is executed that will make the encryption process more efficient. That is due to the fact that the command eliminates one of the prominent ways to restore your data. If your computer device was infected with this ransomware and your files are locked, read on through to find out how you could potentially restore your files back to normal.
Remove SPCT Ransomware Virus and Restore .SPCT Files
If your computer got infected with the SPCT ransomware virus, you should have a bit of experience in removing malware. You should get rid of this ransomware as quickly as possible before it can have the chance to spread further and infect other computers. You should remove the ransomware and follow the step-by-step instructions guide provided below.