1 of 2
Danger level 6
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

Exocrypt Ransomware

A new ransomware infection has been added to the database of malware by specialists working at pcthreat.com. It has been named Exocrypt Ransomware. An in-depth analysis carried out by experienced researchers has clearly shown that this infection is still in development because it locks files in only one directory located in C:\. Ordinary users will not have this directory on their computers, so they should not find a single file encrypted on their computers if they encounter this unfinished version of Exocrypt Ransomware. In this case, the ransomware infection still needs to be removed from the system. It is very likely that this ransomware infection will be soon finished and then cyber criminals will start spreading it actively with the intention of obtaining money from users. We are sure the final version of the ransomware infection will be set to lock files in all the main directories, so if you do not want to experience serious problems, you cannot leave your system unprotected. If it is already too late to take action to prevent it from slithering onto your computer, i.e. you have already encountered this threat and discovered a bunch of your personal files completely encrypted, you should delete Exocrypt Ransomware right away so that it will not have a chance to lock more files on your computer. Since this threat is not considered sophisticated malware, you should find its removal quick and easy.

Once Exocrypt Ransomware infiltrates computers, it finds where users’ files are located and then checks whether they have .exe, .xtc, or /OLD/ extensions. If any of these extensions are found, these files are not encrypted. Even though the analyzed version of the ransomware infection encrypted files only in C:\Users\Forged\Desktop\Stuff\C#\XTC Decrypt0r\XTC Decrypt0r\bin\Debug\Files, the chances are high that almost all your files will be locked in different directories if you encounter the final version of Exocrypt Ransomware. Ransomware infections usually target pictures, documents, music, and other valuable files to give users a reason to send money to cyber criminals. You do not need to be an expert to say which files have been encrypted by this threat – the .xtc extension added at the end of the file signals that it has been locked by the ransomware infection. Once Exocrypt Ransomware finishes the encryption procedure, it opens a window with a ransom note. Users find out what they can do to unlock their files – “you must pay a small fee to the following bitcoin address.” Even though the ransomware infection warns users not to “try anything funny,” there are zero guarantees that you could unlock your files if you send money to cyber criminals, so you should not send a cent to them. No matter what your final decision is, do not leave the ransomware infection active on your computer. No, it will not be removed from your computer automatically even if you make a payment.

We are sure there are not many users who have already encountered Exocrypt Ransomware because this threat is still in development, but the number of infected users will soon increase. This will happen when the final version of this ransomware infection is released. It is still difficult to say how this infection will be distributed, but it is very likely that old distribution tactics will be used. To be more specific, Exocrypt Ransomware should be actively spread via spam emails, so if you have not encountered this threat and do not want this to happen to you in the future, you should not open any spam emails and their attachments. Additionally, since the download of nasty malware can be initiated with the single click, you should not click on random links and advertisements. Last but not least, to protect your system from all kinds of infections that will try to enter your system illegally, you should install a security application on your system and keep it active.

As mentioned in this article, you need to erase Exocrypt Ransomware no matter what you are going to do: pay money to crooks or not. It should not be very difficult to do this. First, open Task Manager and kill all processes that look suspicious. Second, delete all suspicious recently downloaded files. You should not hurry to delete those encrypted files because the ransomware infection drops the decryption key (DO_NOT_DELETE.xtc), meaning that specialists might be able to develop a free decryptor in the future.

Remove Exocrypt Ransomware

  1. Press Ctrl+Shift+Esc.
  2. Open the Processes tab.
  3. Locate suspicious processes and kill them all.
  4. Close Task Manager and open Windows Explorer (Win+E).
  5. Check %TEMP%, %USERPROFILE%\Desktop, and %USERPROFILE%\Downloads directories.
  6. Delete all suspicious files from them.
  7. Empty Recycle bin.
Download Spyware Removal Tool to Remove* Exocrypt Ransomware
  • Quick & tested solution for Exocrypt Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.