Your computer is infected with malicious software? Do you have pop-ups on your PC?
If so, search this blog for removal instructions or browse computer threats by category.

Tuesday, March 17, 2015

How to Remove VaultCrypt Virus and Restore Encrypted Files

Tell your friends:
VaultCrypt is a ransomware threat that uses RSA 1024 cryptosystem to encrypt your files and then asks you to pay 1 Bitcoin (about $270) to have the files decrypted. It's a quite sophisticated ransomware which uses a very effective file encryption technique and well build payment site. Unlike other CryptoWall 3.0 or CryptoLocker, it doesn't use ransom note (usually a text file) explaining what had happened to your files and how to get them back. This ransomware scans your computer for MS office files, pictures, database files and zip archives and encrypts them. Then it adds a .vault extension to each encrypted file's name. When you double-clicked on an encrypted .vault file, instead of the file opening, a pop-pup message would be shown stating that the file was "Stored in Vault" and that you needed to go to a certain website to get your decryption key. VaultCrypt does this by modifying Windows registry so that every time you try to open an infected file you will get this pop-up message.

Decryption service website looks pretty solid. It has news section and even chat which actually works. And of course, there are web pages for decryption and payment. Cyber criminals set a deadline for payment. If you won't make it on time (in 7 days) cyber criminals will increase the amount of money you need to pay in order to get your files back.

We all know that thanks to the increasing amount of time we spend connected to the Internet that we are at increasing risk of falling victim to VaultCrypt virus infestation. You don't need to be a geek to realize that hot on the heels of every new software, application or upgrade that is released, so too are their malicious counterparts. Just as Microsoft or Adobe are always fighting to stay one step ahead and offer products and services that their audience will snap up, so too are malware developers using their 'talents' to find out new ways to exploit them – and us.

So how does a computer user stay safe when we are faced with a constant onslaught of attacks, risks and threats? There are so many different types of malicious software that it can seem nigh on impossible. However, knowledge is power and learning as much as you are able will increase your chances of staying safe. This nasty malware appears to come and go – sometimes ransomware attacks are all over the technology news – and then the stories die down. Regardless, ransomware is definitely something that you should take a few minutes out of your day to learn about.

What is VaultCrypt?

You know spyware spies on you and adware shows you adverts, so if you're wondering whether ransomware is something that can hold you hostage, you are not far off the mark. If you have been infected by VaultCrypt it will 'kidnap' your files and hold them hostage until you pay for their release. It's a classic and time worn method of extorting money – the only difference is now we're dealing with online kidnapping. But this one is even more evil. It tries to delete shadow copies and even restore points to make it nearly impossible to restore your files. Luckily, it does not always succeeds, so there is a chance you can recover your original unencrypted data files using file recovery programs. Please see the removal guide below.

How does this ransomware infect a computer?

Just like most other types of malware, VaultCrypt will launch an attack on you after you download a software program or app that it has been bundled with. It can also be triggered if you open an email with an infected attachment or link, or through a website that has been compromised. This is known as a 'drive-by installation'. It can also arrive on the affected computer through exploit kits hosted through malicious ads or compromised sites, or other malware.

How do you know if you've been infected by VaultCrypt virus?

It is not designed to be subtle – after all it wants your money and it wants it now. Generally speaking you will find that you are unable to open a file or document and see that it has a .vault extension appended to each encrypted file's name. Not unsurprisingly this causes many people to panic – particularly if they are unlucky enough to have been targeted by the type of ransomware that sends you alerts that appear to have been sent by the FBI! Of course, it is in the programmer's best interests to scare you into capitulating to their demands and paying their ransom. And clearly receiving a warning from the FBI is going to be enough to frighten most people!

Is there a way to recover my files?

Unfortunately, at this time there is no way to decrypt the files without your unique decryption key which can be bought from cyber criminals for almost $300. Do not pay the ransom. Instead, follow the removal guide below how to salvage your data and clean your computer ASAP. There are a few tools that can help you to restore at least some of your files without paying a ransom.

If you have any questions, please leave a comment below. If there's anything you think I should add or correct, please let me know. And now you're done reading this, may I suggest that you back up all your files onto an external hard drive NOW. That way if you are unlucky enough to fall victim to VaultCrypt, you'll be able to simply wipe clean your internal disk drive and replace it with up to date data.

Written by Michael Kaur,

Step 1: Removing VaultCrypt and related malware:

Before restoring your files from shadow copies, make sure VaultCrypt is not running. You have to remove this malware permanently. Thankfully, there are a couple of anti-malware programs that will effectively detect and remove this malware from your computer.

1. First of all, download and install recommended anti-malware scanner. Run a full system scan and remove detected malware.

Important! If you can't download or run it, please restart your computer in Safe Mode with Networking or Safe Mode and try again.

2. Then, download ESET Online Scanner and run a second scan to make sure there are no other malware running on your computer.

That's it! Your computer should be clean now and you can safely restore your files. Proceed to Step 2.

Step 2: Restoring files encrypted by VaultCrypt virus:

Method 1: The first and best method is to restore your files from a recent backup. If you have been regularly performing backups, then you should use your backups to restore your files.

Method 2: Try to restore previous versions of files using Windows folder tools. To learn more, please read Previous versions of files.

Method 3: Using the Shadow Volume Copies:

1. Download and install Shadow Explorer. Note, this tool is available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8.

2. Open Shadow Explorer. From the drop down list you can select from one of the available point-in-time Shadow Copies. Select drive and the latest date that you wish to restore from.

3. Righ-click any encrypted file or entire folder and Export it. You will then be prompted as to where you would like to restore the contents of the folder to.

Hopefully, this will help you to restore all encrypted files or at least some of them.