- Slow Computer
- System crashes
- Connects to the internet without permission
- Installs itself without permissions
- Can't be uninstalled via Control Panel
Holycrypt Ransomware is yet another ransomware designed to encrypt your files and demand that you pay a ransom for the decryption key. We want to inform you that it is currently a beta so it is still under development and some of its functions might not work well or at all for that matter. Therefore, we recommend that you remove it instead of paying the ransom because you might not receive the decryption key after you make the payment. This article contains an analysis of Holycrypt Ransomware in which we will determine its dissemination channels, functions, and removal.
Our research has revealed that this malware is disseminated using the most popular distribution method which is email spam. There are different types of email spam, and their differences manifest in the contents of the text and file attachments. Some malicious emails feature a fake PDF file or a self-extracting archive that drops the ransomware. However, in this particular case, the ransomware is distributed in a file archive that has to be extracted by the would-be victim manually. So this ransomware does not drop its executable in a secret location but in the directory specified by the user. Furthermore, it does not copy itself to any other place as well. This is an advantage because the name of the executable is random and may prove to be difficult to identify.
We have tested this ransowmare’s sample file, and we determined that it genuinely encrypt your files using either the AES or RSA encryption algorithm. Therefore, it is impossible to decrypt the files because you need the private decryption key that should be in the possession of the cyber crooks. However, the testing of the sample file has shown that there is no way to pay the ransom. Some newer versions might provide this service, but there is no guarantee that you will receive the key.
Holycrypt Ransomware is set to encrypt hundreds of file formats, so any personal information you might have will become encrypted. This ransomware takes only a few second to scan through your PC end encrypt all of your files. While encrypting it will add “(encrypted)” to the beginning of the file name. For example, picture.jpeg will be renamed (encrypted)picture.jpeg. The ransomware will also change your desktop wallpaper with an image that is created in the same folder that contains its executable. This file is named alert.jpg, and it features the so-called ransom note that says that you have to pay a ransom within 24 hours, or the remote server will delete the private decryption key. We do not know whether this claim should be taken seriously, but, in any case, you cannot possibly pay the ransom, so this is irrelevant.
Again, Holycrypt Ransomware’s development is still in process, so everything is subject to change. However, its developers have decided to release the unfinished version. The reasoning behind this decision is probably to see how well anti-malware programs will detect it. They might have also released it to see how well their distribution method works, and it seems to work fine at the moment. Therefore, caution is advised when opening emails that appear not to be for you.
In conclusion, Holycrypt Ransomware is an infection that has to be dealt with as soon as possible. There is no way to pay the ransom and even if there was, there is no guarantee that you will receive the decryption key because the ransomware might not generate one. You should be able to remove this infection without any problem, but if you cannot locate its executable, then we recommend that you use an anti-malware scanner such as SpyHunter that is capable of detecting and deleting it.
Delete Holycrypt Ransomware