Click on screenshot to zoom
Danger level 7
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

Bancocrypt Ransomware

Bancocrypt Ransomware is not a brand new crypto-threat. It is just a new name of Jhash Ransomware, which was analyzed by specialists working at some time ago. This malicious application does not differ from other threats categorized as ransomware in any aspect. It also infiltrates computers illegally and then ruins users’ personal files it finds on these compromised machines. It does not affect the %WINDIR% folder, but you could no longer open .dat, .contact, .asp, .lnk, .iso, .pas, .db, .torrent, .gzip, .mpeg, .mp3, .core, .pas, and many other files located in Desktop, Links, Contacts, Documents, Downloads, Pictures, Music, OneDrive, Saved Games, Favorites, Searches, and Videos folders which are located in %USERPROFILE%. Since this ransomware infection has been developed by cyber criminals for money extortion, it will demand a ransom from you too after locking your data. In this sense, it acts as other ransomware infections based on the Hidden-Tear project, for example, VideoBelle Ransomware, Symbiom Ransomware, and MafiaWare Ransomware. We cannot tell you that it is a good idea to pay the ransom because it is not. What we recommend for users who have already encountered Bancocrypt Ransomware instead is its immediate removal so that it could not strike again and lock more valuable personal files.

Of course, the encryption of files is the main activity Bancocrypt Ransomware performs on victims’ computers, but it is definitely not the only one, so the chances are high that you will also find your Desktop background changed next to encrypted files containing .locky extensions, specialists say. Additionally, you will find a ransom note Leeme_Nota_de_Rescate.txt dropped on your Desktop when Bancocrypt Ransomware finishes encrypting files it has found on your system. You will be asked to pay 10 USD via PAYZA for the decryption of these encrypted files. If you badly need your files back, you can risk paying a ransom if you want to, but, it goes without saying, we do not recommend transferring money to malicious software developers. We do not consider this a good solution to the problem because there are no guarantees that the decryption tool will reach you even if you send money to crooks. In this case, you could not do anything to get the decryptor from them. Also, cyber criminals will never stop developing new malicious applications if all victims pay money to them, i.e. give them what they want.

Bancocrypt Ransomware not only encrypts files and downloads a .jpg image to set it as a new Wallpaper. It has also been noticed that it sends details about victims to the C&C server ({Victim Computer name}&userName={User name}&password={Private encryption key}&allow=ransom), which also shows that it can connect to the Internet without permission. Luckily, there is a way to put an end to all these activities it performs on your system – you just need to remove the ransomware infection from your computer.

We have already told you everything you need to know about Bancocrypt Ransomware, so before we explain to you how to delete it, we want to tell you more about its distribution. According to our malware researchers, it should be spread just like other ransomware-type infections. That is, it should travel as an attachment in spam emails, so the chances are high that files have been locked on your computer because you have recently opened the malicious attachment too. Once executed, the ransomware infection deletes itself, but it does not mean that you will not need to do anything to erase it – it makes a copy of itself in %HOMEDRIVE%\{user name}\Rand123\local.exe. Luckily, this threat does not make any modifications that would be hard to undo, but you might encounter such malware in the future, so you definitely cannot leave your system unprotected after the Bancocrypt Ransomware removal.

You need to delete three components (Rand123, ransom.jpg, and Leeme_Nota_de_Rescate.txt) belonging to Bancocrypt Ransomware to delete this infection from your system completely. You can find their locations indicated in our manual removal guide (see below this article). Keep in mind that the manual removal of undesirable software always takes some time, so if you are very busy with something, you should erase it from your computer in an automatic way. You just need to perform a system scan with the powerful malware remover to delete all malicious components from it.

Remove Bancocrypt Ransomware

  1. Open Task Manager (press Ctrl+Shift+Esc).
  2. Open Processes.
  3. Check the entire list of processes and kill those suspicious ones.
  4. Close Task Manager and open Explorer by pressing Win+E.
  5. Access %HOMEDRIVE%\{user} .
  6. Delete Rand123 and ransom.jpg.
  7. Delete Leeme_Nota_de_Rescate.txt from Desktop (%USERPROFILE%\Desktop).
  8. Empty Recycle bin.
Download Spyware Removal Tool to Remove* Bancocrypt Ransomware
  • Quick & tested solution for Bancocrypt Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.