Your files are encrypted. Your time is running out!
DecryptorMay is another encryption Trojan which locks the desktop and in the background encrypts various files like documents, photo, videos and further personal data and then demands a juicy ransom of 500 to 1000 US dollars from the computer’s owner.
Like many other known encryption Trojans such as Cryptowall 3.0, Tesla etc., DecryptorMax not only causes significant damage, but also increases the pressure on its victims by setting a deadline of 24 hours to pay the ransom, otherwise the main encryption key is deleted and the encrypted files are lost forever.
The criminals are trying to frighten and intimidate those affected, but do not pay the ransom! There is no record of the criminals keeping their word and setting the computer and the encrypted files free after receiving the ransom.
This time pressure leads to many submitting to the blackmail and paying the demanded ransom, no matter how high. However, it is rare that the promise is kept and the computer is unblocked and the encrypted files unencrypted. Once the computer has been encrypted, none of the anti-virus programs can help.
The following file types are encrypted by DecryptorMax:
3FR, mdb, ai, ARW, bucht, CDR, cer, CR2, crt, CRW, DBF, DCR, der, DNG, doc, docm, docx, DWG, DXF, DXG, eps, Hof, indd, JPE, jpg, kdc, .mdb, MDF, MEF, MRW, NEF, NRW, ODB, ODM, ODP, ods, odt, ORF, p12, P7B, P7C, PDD, PEF, PEM, PFX, ppt, pptm, PPTX, psd, pst, ptx, r3d, raf, roh, rtf, RW2, RWL, srf, SRW, wb2, wpd, wps, XLK, xls, XLSB, xlsm, xlsx etc.
There are several instructions online for how to unlock the desktop, however the files in the computer remain encrypted and cannot be used.
As there is no general solution for this type of malware, the Botfrei team recommends an individual clean. Our expert will clean your system for free. Register in our forum http://forum.botfrei.de/forumdisplay.php?51-English-Support&s=c7f3ceab47ea20e412c7ebb6931a64b6, submit a post explaining the problem and the Botfrei experts will guide you “step-by-step” through the solution. We also help you to protect your computer against future infections.
One way of removing the desktop lock
1. Boot your computer in secured mode with network drivers.
2. Install the free version of the Malwarebytes Anti-Malware and remove DecrypterMax and any other malware found on your computer.
3. Install the free program AdwCleaner and use it to remove any adware, toolbars and hijackers.
4. When the system has been cleaned restart the computer in normal mode.
This is just only one possible way to free the system of the desktop lock, however, the files on the system are still encrypted. Another possibility is to use the Kaspersky Ransomware Decryptor .
If you are interested in reading more about how ransomware works, Bleepingcomputer took a closer look at the similar virus CoinVault
How to deal with such infections in future?
1. Check your computer with our free EU-Cleaner https://www.botfrei.de/en/eucleaner.html
2. Protect your computer from an infection by keeping your system up-to-date. Install anti-viral and security patches without delay. Be careful when opening unknown emails. Do not click on integrated links in such emails and never open their attachments.
3. Are you still working on a computer using the administrator rights? Reduce the administration rights to a minimum for everyday usage. Set up User Account Control https://en.wikipedia.org/wiki/User_Account_Control for executable programs.
4. Back up your important files regularly and keep the backup separate from your computer. You should keep these handy in case your computer gets infected.
5. Use professional anti-virus software (free from Botfrei.de), also on a Mac.
6. Make sure that you have the most current version of your browser installed. You can check this and whether you are already part of a botnet here: botnet check>>