EduCrypt Ransomware

Whether you like it or not, there are ransomware infections out there that want to educate you. Check out EduCrypt Ransomware, for example. This infection looks like your ordinary ransomware program, but it is not! Supposedly, the application enters your computer with the intention to teach you a lesson: It does encrypt your files, and then it tells you how to decrypt them. It does sound suspicious, right? Luckily, it is easy to remove EduCrypt Ransomware from your system. You can do it manually or with an automated antispyware tool. It is up to you how to want to deal with this security issue.

Normally, when you get infected with a ransomware application, it encrypts most of your files and then demands that you pay a ransom fee to get the decryption key. They also usually say that any attempt to decrypt the files on your own would result in a complete loss of your data. EduCrypt Ransomware, on the other hand, is not like that at all. It does not encrypt a lot of files. It targets a limited amount of files and folders, and when you get infected with this program, it affects only files in these directories:

%UserProfile%\Desktop
%UserProfile%\Downloads
%UserProfile%\Documents
%UserProfile%\Pictures
%UserProfile%\Music
%UserProfile%\Videos

As you can see, the program targets only the files in the default document files that are created by the Windows system. If you keep most of your documents in some other directory, the chances are they will remain unaffected. The file types that get encrypted by the program include the following extensions: .txt, .exe, .doc, .docx, .xls, .index, .pdf, .zip, .rar, .css, .lnk, .xlsx, .ppt, .pptx, .odt, .jpg, .bmp, .png, .csv, .sql, .mdb, .sln, .php, .asp, .aspx, .html, .xml, .psd, .bk, .bat, .mp3, .mp4, .wav, .wma, .avi, .divx, .mkv, .mpeg, .wmv, .mov, .ogg.

What’s more, this program also does not get distributed by the channels that are usually employed by your regular ransomware applications. Ransomware programs usually spread through spam email attachments and various exploits. EduCrypt Ransomware, on the other hand, spreads through specific websites that host its installer file. The installer may pop up on your screen as some promotional message, and you may think that you are downloading a new component for your instant messaging program or a video codec. In our case, EduCrypt Ransomware’s installer impersonated some sort of Skype tool). The bottom line is that it is possible to avoid getting infected with this program as long as you do not download freeware and software components from unofficial websites.

From the technical perspective, EduCrypt Ransomware is pretty much an identical copy of the Hidden Tear Ransomware. However, while Hidden Tear is a genuine ransomware application, this new infection is a severely toned down version of the original. As you already know, this program affects only a limited number of files, and it does not even establish a connection with a control and command center.

After the infection, all the encrypted files will have a new “.isis” extension, and you will also find a new text file on your desktop called Read.txt. This text file will contain information about what happened to your computer, and the ransomware will tell you that it tried to teach you a “lesson.” Here, check this out:

Well hello there, seems you have a virus!, Well you are going to get the decryptor which is here http://www.filedropper.com/decrypter_1 Don't Download Random Shit On The Internet A Hidden .txt File Has Been Created With The Decrypt Password! Find It!

It would not be a good idea to go and search for that decryption key following the given link. Actually, you can decrypt your files by using the decryption tool designed for the Hidden Tear Ransomware. After all, these programs are designed using the same code. Also, the infection leaves a decryption key in your system, too. The code for the decryption is HDJ7D-HF54D-8DN7D, and the decryption .txt file is dropped in the Documents folder under the name DecryptPassword.txt. Thus, if you feel you can do it on your own, you have all the tools that can help you decrypt your files.

If you think it is too much for you to deal with, you can always ask for assistance. When you decrypt your files, please scan your computer with the SpyHunter free scanner because you have to terminate all the unwanted applications and remove EduCrypt Ransomware for good.

How to Remove EduCrypt Ransomware

1. Locate the last downloaded file and delete it.
2. Delete the Read.txt file from your Desktop.
3. Press Win+R and type %UserProfile%. Click OK.
4. Go to the Documents folder and delete the DecryptPassword.txt.
5. Scan your computer with a security application of your choice.