Zekwacrypt Ransomware

Zekwacrypt Ransomware is yet another dangerous ransomware program ready to bully you into spending your money. This program will stop at nothing to reach its goal, so you are the only one who can stop it. Although dealing with this infection might seem a bit too much of a task for quite a few users, you can take it on if you follow the instructions provided at the bottom of this description. What’s more, you should also do everything you can to ensure that similar intruders do not enter your computer again. For that, it is always a good idea to invest in a security application.

Like most of the ransomware infection, this one also spreads through spam email messages. We have mentioned countless of times that users should be careful when they open email attachments. If you are not sure why a particular message was sent to you, perhaps you should scan the attachment with a security application first, just to be sure there is nothing wrong with it. However, most of the users who get infected with Zekwacrypt Ransomware, end up opening the spam email attachments thinking those are important files that carry some crucial information. Unfortunately, the only thing they carry is this malicious infection.

The ransomware program affects quite a wide range of files. We are quite sure that users are not even that familiar with some of the extensions targeted by the infection. We can surely say that most of your files will be locked by Zekwacrypt Ransomware, and you will no longer be able to open them. This happens because, during the encryption process, the program scrambles the information within your files, and so the system can no longer read them. As a result, users are virtually barred from opening most of their files and even some programs.

So there are at least two ways to know whether your files have been affected by Zekwacrypt Ransomware. First, you can try running them. If the file does not open, or you get an error message, there is a chance that it has been encrypted. Second, you can check the filename. Usually, when files are affected by a ransomware program, they get another extension added to their name. In the case of Zekwacrypt Ransomware, this program adds a random 7-symbol extension to all the encrypted files. For example, the filenames might end up looking like picture.jpg.zekwakc or picture.jpg.ndlonra.

Needless to say, once the encryption is complete, Zekwacrypt Ransomware will display the ransom note that is there to convince you that you simply must pay the ransom; otherwise, you will never be able to access your files again. The message says the following:

WARNING! Your personal files are encrypted!
<…>
Encryption was produced using an UNIQUE public RSA-4096 key, specially generated for this computer only, thus making it impossible to decrypt such files without knowing private key and comprehensive decipher software.
<…>
The privacy key will be destroyed after 7 days, afterwards making it impossible to decrypt your files.

As you can see, the infection gives you a limited timeframe to contact the criminals, and they make the impression that the situation is really urgent. What’s more, Zekwacrypt Ransomware makes it sure that you are able to contact its developers because it does not encrypt the directories that are responsible for system operations and the Internet connection. However, this does not mean that you should scramble to fulfill their requirements. In fact, our security researchers suggest that sometimes ransomware programs simply collect the ransom fees, and do not even bother issuing the decryption keys. It is especially relevant in cases when the connection between the infection and its command and control center is lost.

So what are you supposed to do? You should check out the instructions below to remove Zekwacrypt Ransomware for good. Only when the program is removed should you restore your encrypted files. The best way to get your files back is to remove the locked files and transfer healthy copies of your data from an external backup drive. If you have an external HDD where you keep the copies of your files, it should not be a problem. Also, you might have quite a few files saved in your inbox without even realizing it. Whichever it might be, try all the potential options to retrieve your files, and then protect your PC from harm by investing in a reliable antispyware tool.

How to Remove Zekwacrypt Ransomware

1. Press Win+R and the Run prompt will open.
2. Type regedit into the Open box and click OK.
3. Go to HKEY_USERS\Administrator\Software\Microsoft\Windows\CurrentVersion.
4. Delete the Ext registry key.
5. Go to HKEY_USERS\Administrator\Software\Classes.
6. Delete the default registry key.
7. Under Classes go to shell\open\command.
8. On the right, right-click the default value with the value data of notepad "%USERPROFILE%\Documents\_ zkswrae_encrypted_readme.txt".
9. Delete the value and close Registry Editor.
10. Press Win+R and type %HOMEDRIVE%. Click OK.
11. Delete Clog.txt from the directory and press Win+R again.
12. Type %USERPROFILE% and click OK.
13. Go to Documents and delete the psawfcsnbd_encrypted_readme.txt.bmp and __encrypted_readme.txt files.