AutoEncryptor Ransomware

Our researchers recently discovered a malicious application called AutoEncryptor Ransomware. The malware seems unfinished, so the infection might be just a test version. We also think this way because of the asked ransom. Apparently, the malicious application’s creators demand a payment of ten thousand Bitcoins. One Bitcoin is around $1212; thus, the proposed price is without a doubt highly unrealistic. The fee is asked in exchange of decryption tools needed to unlock the malware’s damaged data. The good news is the threat may not harm a lot of files as it targets only specific directories and the files that get encrypted could be restored if you have any available copies. Of course, first of all, we recommend erasing AutoEncryptor Ransomware from the system. The process seems to be rather complicated, so we encourage users to follow the instructions located below or leave this task to reliable removal software.

It is difficult to say how widely AutoEncryptor Ransomware could be distributed or if it is being spread at all. In any case, if the malware’s creators decide to distribute it, our researchers say they would probably use malicious email attachments. Therefore, once again we would advise users to be extra cautious with such files. All attachments received from unknown sources or obtained with Spam emails should be scanned with a reliable antimalware tool for safety precautions. The process might take a couple of moments, but if doing so may help you avoid data damage, we believe it is worth to invest a few minutes. Just make sure the antimalware software you pick is legitimate and reliable. Plus, we would advise you always to update it whenever there is such an opportunity because an outdated tool might be unable to fight newer threats.

Unfortunately, if your system is unprotected and you launch a file infected with AutoEncryptor Ransomware, the infection might install itself on the computer. According to our researchers, it should do so by creating files called UserFilesLocker.exe and __encrypt.pinfo. Afterward, the malware could begin encrypting various pictures, text documents, and other files located in the following directories: C:\Users\Public\Pictures, C:\Users\User\Documents, C:\Users\User\Desktop, and C:\Users\User\Pictures. All other data on the computer should remain unencrypted since the listed directories are the only targeted locations. What’s more, each encrypted file might be marked with an additional extension called .ENCR, for example, forest.jpg.ENCR, text.docx.ENCR, and so on.

Once the malicious application locks its targeted files, it should show you a ransom note. According to it, AutoEncryptor Ransomware’s creators want a payment of ten thousand Bitcoins. As we mentioned earlier, it is an incredibly huge sum, so the threat’s developers most likely do not expect any payment to be made. If the malware is distributed, it is probably done just to test the infection and see how it works. This seems entirely possible because the given email address (babis@mfcr.cz) seems to be invalid and the malicious application does not connect to any server. In any case, if you did encounter it we could help you erase it from the system. The files it encrypts could be recovered if you created backup or have any copies on removable media devices, cloud storage, etc.

As it was said earlier, you could get rid of AutoEncryptor Ransomware manually, but the process might be rather complicated. Nonetheless, if you choose this option, we can guide you through the process with the instructions placed at the end of this paragraph. The provided steps will explain to you where to find and how to erase all files associated with the malicious application. Users who are seeking for a more effortless way to deal with this threat should try to use a legitimate removal tool. All you have to do is click the scanning button and run a full system scan. Soon after the scan, you should see a report with a list of identified threats; review it if you wish and click the deletion button to eliminate all detections at the same time. Also, keep it in mind you could leave us a comment below or contact us via social media if you have more questions related to the infection.

Get rid of AutoEncryptor Ransomware

1. Press Win+E.
2. Navigate to the Downloads, Desktop, and Temporary Files directories.
3. Locate the malicious file that was launched before the infection appeared, right-click it and press Delete.
4. Navigate to the given directories one by one:
   %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
   %USERPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup
   %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup
   %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\Startup
5. Search for files called __encrypt.pinfo, right-click them one by one and press Delete.
6. Go to the listed paths separately:
   %USERPROFILE%\Documents
   %USERPROFILE%\Desktop
   %USERPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup
   %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
   %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup
   %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\Startup
7. Look for executable files called UserFilesLocker.exe, right-click them one by one and select Delete.
8. Close the Explorer.
9. Empty your Recycle bin.