Click on screenshot to zoom
Danger level 6
Type: Trojans
Common infection symptoms:
  • Can't be uninstalled via Control Panel
  • Installs itself without permissions
  • Connects to the internet without permission
  • System crashes
  • Slow Computer

Mr.Dec Ransomware

Mr.Dec Ransomware is a malicious computer infection that will encrypt most of your personal files with the intention to make a financial profit. Of course, it will not try to sell your files or anything. The program will hold them hostage, hoping that users will pay the ransom for their data. Needless to say, you should never pay the ransom because that way you would only encourage these criminals to continue doing what they are up to. Right now, your main objective is to remove Mr.Dec Ransomware from your system and safeguard it against similar infections.

We always emphasize that in this battle against ransomware prevention is extremely important. So if you recognize the main ransomware distribution patterns, you could save yourself the trouble of dealing with the actual infection. The truth is that ransomware programs still require your permission to enter your system, so if you eliminate the installer file in the early stages of the potential intrusion, you will not have to deal with the consequences at all.

How is it possible to recognize the main ransomware distribution patterns? Well, you just have to know the main ransomware distribution methods, and keep them in mind. As far as we know, Mr.Dec Ransomware normally spreads through spam emails and corrupted Remote Desktop Protocol connections. So with that information in mind, you should be more careful each time you encounter an email from an unfamiliar sender, or someone sends you a file through a remote desktop client.

The problem here is that it might be hard to discern spam email from legitimate messages that you should open. For instance, if you often purchase things online, you might mistake a spam email with your invoice. You might download the attached file thinking that it is your invoice you have to check, but the moment you open it, you would infect your system with Mr.Dec Ransomware.

You can actually prevent the infection if you scan the attached file with a security tool before you open it. The same applies to files received through a remote desktop client. Make sure that the option to open them automatically once the transfer is complete is disabled. Open the files you receive from unfamiliar senders only AFTER you have checked their legitimacy and safety with a security tool.

Unfortunately, if users rush into opening the newly received files without double-checking, they end up infecting their systems with Mr.Dec Ransomware. It is especially problematic when infection takes place on a computer that is connected to an entire computer network (for instance, in small businesses). Then, there is a very good chance that the infection will spread like fire, and all the computers on the network will be affected by it.

When Mr.Dec Ransomware infects a target system, it runs the AES encryption algorithm to encrypt most of the user’s files. Once the encryption is complete every single encrypted file gets an additional extension, which turns filenames into really long lines. What’s more, every single infection comes with a unique extension sequence, so two computers infected with the same ransomware will have different encrypted file extensions. For example, a flower.jpg file can end up looking like flower.jpg.zAxVDIIP8JN3Jajg.

On top of that, Mr.Dec Ransomware will also drop a ransom note in every single folder that was encrypted, and the ransom note will tell you that you need to contact these criminals through the given email address, and then wait for the further instructions on how to restore your files.

Needless to say, you should never follow the instructions provided by the cyber criminals. You need to close the ransom note by pressing the Alt+F4 command, and then look for ways to remove Mr.Dec Ransomware from your system.

Deleting the infection on your own is not that complicated, but it is always a good idea to rely on a legitimate computer security tool that will locate all the malicious files and remove them automatically. Also, it does not seem like there is a public decryption tool for this infection, so you need to be ready to say goodbye to your files for good. On the other hand, if you have a file backup, you can always delete the encrypted files, and transfer the healthy copies back into your system once it is clean and safe.

How to Remove Mr.Dec Ransomware

  1. Press Alt+F4 to close the ransom note.
  2. Press Win+R and type regedit. Click OK.
  3. Go to SOFTWARE\Microsoft\Windows\CurrentVersion\Run.
  4. On the right site, right-click the search value and select to delete it.
  5. On the same pane, right-click the unlock value and click to delete it.
  6. Close Registry Editor and press Win+R again.
  7. Type %WinDir% into the Open box and click OK.
  8. Remove the DECODE KEY.KEY file.
Download Spyware Removal Tool to Remove* Mr.Dec Ransomware
  • Quick & tested solution for Mr.Dec Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.