Malware may reinstall itself multiple times if you don't delete its core files. This may require tracking down dozens of files in different locations.
We recommend downloading Advanced System Repair to eradicate Malware for you (it should cut down the time to about 15 minutes).
What is MaxiCrypt ransomware? And how does it execute its attack?
MaxiCrypt ransomware is a file-encrypting threat discovered by Michael Gillespie, a security researcher. This ransomware was first noticed on November 28, 2017 and is reported to arrive on the targeted computer as a corrupted Microsoft Word document. MaxiCrypt ransmoware is considered to be a mid-tier crypto-malware which is found to delete the shadow volume copies of the encrypted files and overwrites the original files to make it hard for its victims to recover the encrypted files.
MaxiCrypt ransomware uses AES cryptography in encrypting files and adds the [Maxicrypt@cock.li].maxicrypt extension on each of the files it targets. It targets user-generated files like images, videos, documents, audio, and other popular file formats. It then delivers a ransom note contained in a text file named as How to restore your data.txt that reads as follows:
YOUR FILES ARE ENCRYPTED!
Your personal ID
Your documents, photos, databases, save games and other important data was encrypted.
Data recovery the necessary decryption tool. To get the decryption tool, should send an email to:
In a letter to include Your personal ID (see the beginning of this document).
In the proof we have decryption tool, you can send us 1 file for test decryption.
Next, you need to pay for the decryption tool.
In response letter You will receive the address of Bitcoin wallet which you need to perform the transfer of funds.
If You have no bitcoins
* Create a Bitcoin wallet: https://blockchain.info/ru/wallet/new
* Purchase Bitcoin: https://localbitcoins.com/ru/buy_bitcoins or http://www.coindesk.com/information/how-can-i-buy-bitcoins (Visa/MasterCard, etc.)
When money transfer is confirmed, You will receive the decrypter file for Your computer.
After starting the program-interpreter, all Your files will be restored.
* Do not attempt to remove a program or run the anti-virus tools
* Attempts to decrypt the files will lead to loss of Your data
* Decoders other users is incompatible with Your data, as each user unique encryption key
As you can see, the ransom note starts with a demanding message that alerts victims about the encrypted files. It also provides victims with a personal ID number which is instructed to be sent to email@example.com or firstname.lastname@example.org in order to get the decryption tool. If you are one of the unlucky victims of this ransomware, contacting the crooks behind it and paying the ransom is definitely not recommended as you’ll probably end up losing more money but nothing will be done to your encrypted files. So the best option for now is to use whatever back copies you have of the affected files and wait until a free decryptor is released by security experts.
How does MaxiCrypt ransomware disseminate its malicious payload?
As stated early on, MaxiCrypt ransomware spreads as a corrupted Microsoft Word document which has macro scripts used to install the malware onto the computer once it is opened. Such file is disseminated using spam emails disguising as an important email. For this reason, you must be cautious in opening any emails and downloading attachments.
Eliminate MaxiCrypt ransomware and its malicious processes from your computer with the help of the removal guide below.
Step 1: Tap Win + E to open the File Explorer.
Step 2: After opening File Explorer, navigate to the following locations below and look for MaxiCrypt ransomware’s malicious components such as How to restore your data.txt as macro-enabled document responsible for installing the crypto-malware in your computer.
- C:\Users\<your username>\AppData\Local\Temp
Step 3: Tap Ctrl + Shift + Esc keys to open the Task Manager.
Step 4: After opening the Task Manager, look for MaxiCrypt ransomware’s malicious process, right click on it and select End Process or End Task.
Step 5: Close the Task Manager and open Control Panel by pressing the Windows key + R, then type in appwiz.cpl and then click OK or press Enter.
Step 6: Look for MaxiCrypt ransomware or any suspicious program and then Uninstall it/them.
Step 7: Close the File Explorer. Before you proceed to the next steps below, make sure that you are tech savvy enough to the point where you know exactly how to use and navigate your computer’s Registry. Keep in mind that any changes you make will highly impact your computer. To save you the trouble and time, you can just use PC Cleaner Pro, this system tool is proven to be safe and excellent enough that hackers won’t be able to hack into it. But if you can manage Windows Registry well, then by all means go on to the next steps.
Step 8: Tap Win + R to open Run and then type in regedit in the field and tap enter to pull up Windows Registry.
Step 9: Navigate to the listed paths below and look for the registry keys and sub-keys created by MaxiCrypt ransomware.
- HKEY_CURRENT_USER\Control Panel\Desktop\
- HKEY_USERS\.DEFAULT\Control Panel\Desktop\
Step 10: Delete the registry keys and sub-keys created by MaxiCrypt ransomware.
Step 11: Close the Registry Editor.
Step 12: Empty your Recycle Bin.
Use the antivirus program to make sure that MaxiCrypt ransomware is removed completely from your computer – just follow the instructions below to do so.
Perform a full system scan using SpyRemover Pro. To do so, follow these steps:
- Turn on your computer. If it’s already on, you have to reboot
- After that, the BIOSscreen will be displayed, but if Windows pops up instead, reboot your computer and try again. Once you’re on the BIOS screen, repeat pressing F8, by doing so the Advanced Option shows up.
- To navigate the Advanced Optionuse the arrow keys and select Safe Mode with Networking then hit
- Windows will now load the SafeMode with Networking.
- Press and hold both R key and Windows key.
- If done correctly, the Windows Run Boxwill show up.
- Type in explorer http://www.fixmypcfree.com/install/spyremoverpro
A single space must be in between explorer and http. Click OK.
- A dialog box will be displayed by Internet Explorer. Click Run to begin downloading the program. Installation will start automatically once download is done.
- Click OK to launch it.
- Run SpyRemover Pro and perform a full system scan.
- After all the infections are identified, click REMOVE ALL.
- Register the program to protect your computer from future threats.