1 of 2
Danger level 7
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Normal system programs crash immediatelly
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

Veracrypt Ransomware

If you cannot open any files on the computer and they are marked with a strange extension that mentions veracrypt@india.com email address it is probably because you infected the system with Veracrypt Ransomware. The malicious application can install on the system without any permission since it is enough for the user to launch an infected file. Unlike other ransomware programs, the malware does not delete itself after the encryption. Keeping such data on the computer could be a bad idea, so naturally, we advise you to get rid of it as soon as possible. Our researchers tested the infection themselves and according to their findings we prepared removal instructions. They are placed below the article as we encourage you to read more about Veracrypt Ransomware and learn how to guard your system against such threats.

In the last couple days, our specialists encountered a lot of other malicious applications similar to Veracrypt Ransomware. To give you a couple of examples, we could mention such threats as Green_ray Ransomware, Saraswati Ransomware, or Alex.vlasov@aol.com Ransomware. These previous versions might have been spread through Spam emails. Therefore, there is a chance that this malware might also travel with infected files attached to emails. The attachments could look like invoices or other documents, so you have to be careful even if they look harmless. It is better to spend a minute while scanning the file with an antimalware tool than infect the system with a malicious program that harms almost all data on the computer.

As any other ransomware application, the malware encrypts user’s personal data, such as pictures, photos, videos, various documents, and so on. All of the affected files can be identified by the second extension. This extension includes the user’s ID number and veracrypt@india.com email address. For example, an encrypted image could look like image.jpg.id-B6722235.{veracrypt@india.com}.xtbl. Nevertheless, Veracrypt Ransomware is capable of encrypting not only your private data but also program files. Apparently, the malware skips data that belongs to the operating system. It is necessary that the computer would still work regularly since its user must be able to get a message from the infection’s creators.

The message is short as it only consists of one sentence that is placed in Decryption instructions.txt and how to decrypt your files.jpg. What is mentioned in this sentence is that Veracrypt Ransomware encrypted user’s data and to recover it you have to contact the given email address. To encrypt all data the user would need to have a unique decryption key and specific software. Of course, the malware’s creators would not give it to you free of charge.

Usually, users are asked to transfer required amount of Bitcoins. Afterward, you would have to wait till they send you promised decryption tools. The problem is that in some cases users never receive them. If you decided to pay the ransom, you would be making a deal with cyber criminals, and that means there are no guarantees and no refunds. Thus, in addition to lost data on the computer, you could also end up with emptier banking account. This is the main reason we advise you not to risk with your savings.

If you refuse to pay the ransom, you could wait and see if anyone from IT volunteers will create a decryptor for this infection. As for the future, it would be advisable to backup most valuable data on the system from time to time. Another good idea would be to secure the computer, and you can start with the removal of Veracrypt Ransomware. As we mentioned at the beginning, the instructions below are for those who can and want to delete the malware manually. The provided steps list all directories where users should find data belonging to the infection. Some of the malicious program’s files have random names, so it might be difficult to identify them. However, it also possible to find this data and even erase it automatically. You just have to install a reliable antimalware tool on the affected PC.

Remove Veracrypt Ransomware

  1. Press Win+E to launch the Explorer.
  2. Copy and paste given directories into the Explorer one by one:
    %ALLUSERSPROFILE%\Start Menu\Programs\Startup
    %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
    %USERPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup
    %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup
    %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\Startup
  3. Find executable files with random titles in all these directories listed above, right-click them separately and press Delete.
  4. Close the Explorer, then press Win+R, type regedit and click OK.
  5. Find a value name called Wallpaper in the following directory: HKCU\Control Panel\Desktop
  6. Right-click it, select Modify and replace how to decrypt your files.jpg with a title of another image.
  7. Locate a value name titled as BackgroundHistoryPath0 in this directory: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Wallpapers
  8. Right-click it, select Modify and replace how to decrypt your files.jpg with another picture.
  9. Go to: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  10. Find value names with random titles and see if their value data points to %WINDIR%\Syswow64\*.exe and %WINDIR%\System32\*.exe
  11. Right-click these value names separately and select Delete.
  12. Empty the Recycle bin.
Download Spyware Removal Tool to Remove* Veracrypt Ransomware
  • Quick & tested solution for Veracrypt Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.