Written by Tomas Meskauskas on 18 March 2020 ▼ REMOVE IT NOW Get free scanner and check if your computer is infected.To remove malware, you have to purchase the full version of Spyhunter.DECP ransomware removal instructions What is DECP? DECP is belongs to the Matrix ransomware family.This ransomware renames files by replacing their filenames with [email protected] email address, random string of characters and the ” .DECP ” extension.For example, it renames a file named ” 1.jpg ” to ” [[email protected]].aiRtzELK-qb6kitil.DECP “, and so on.Also, DECP creates ” #DECP_README#.rtf ” file, a ransom note and drops various files on victim’s desktop.This ransomware not only encrypts files but also deletes Shadow Copies.As stated in a ransom note (“#DECP_README#.rtf” document), this ransomware encrypts files with AES-128 and RSA-2048 encryption algorithms.
Files can be decrypted only with a unique decryption key and special software.It is mentioned that attempts to decrypt files with some other software will cause permanent data loss.To get instructions on how to purchase decryption tools victims supposed to write DECP’s developers to [email protected], [email protected] or [email protected] and provide the assigned personal ID.Also, they can attach up to 3 encrypted files.These cyber criminals offer to decrypt them for free.However, those files must not contain any valuable information and be larger than 5Mb.
It is very common that cyber criminals behind ransomware-type programs are the only ones who have decryption tools and/or keys that can decrypt files encrypted by their ransomware.It means that in most cases victims of ransomware attacks have only two options: to pay a ransom or restore files from a backup.It is never a good idea to trust cyber criminals and send them money (typically, cryptocurrency).Quite often they do not send a decryption tool and/or key even after a payment.
The best (and free) option in such cases is to recover files by restoring them from a backup.As mentioned in the first paragraph, this ransomware does not leave any Shadow Copies, it deletes them.
Also, it is worthwhile to mention that files remain encrypted even if victims uninstall ransomware from a computer.However, by uninstalling ransomware they prevent if from causing further data loss (encryptions).Screenshot of a message encouraging users to pay a ransom to decrypt their compromised data: Most ransomware-type programs are designed to operate quite similarly: they block access to data by encrypting it and create and/or display ransom note (or notes).Two most common (and main) differences are cryptographic algorithm (symmetric or asymmetric) that ransomware uses to lock/encrypt files and price of a decryption tool and/or key.Examples of other ransomware are Uzuvnkyh , ATKL and ONION .
Unluckily, in most cases it is impossible to decrypt files encrypted by ransomware without tools that only cyber criminals behind it have.It becomes possible if ransomware has some bugs, flaws, it is not fully developed.That is why it is always a good idea to have data backed up and store it on a remote server (like Cloud) or some unplugged storage device.
How did ransomware infect my computer? Most of the times cyber criminals distribute malware through spam campaigns, Trojans, untrustworthy software download channels, fake software updaters or unofficial activation (‘cracking’) tools.It is common that they attempt spread malware by sending emails that contain malicious attachments or links designed to download malicious files.Usually they attach files such as MS Office documents, executable files (like .exe), archive files like RAR, ZIP, PDF documents or JavaScript files.Their main goal is to deceive recipients into opening malicious file that is designed install malicious software.
Another way to proliferate various malware is through Trojans.Trojans are malicious programs that often install other malicious software.However, they can cause chain infections only when they are installed on a computer.
Various untrustworthy file and software download sources can be used to trick users into installing malware too.Some examples of untrustworthy channels are Peer-to-Peer networks (e.g., torrent clients, eMule), freeware download, free file hosting pages, unofficial sites and third party downloaders.Malicious programs get installed when users open/execute malicious files that were downloaded through those channels.Fake software updaters infect computers by exploiting bugs, flaws of some outdated software or by installing malicious software instead of fixes, updates.Unofficial activation tools that supposed to activate licensed programs for free (bypass their activation), if used, can install malicious software too.Threat Summary:.