How to remove StorageCrypt virus and restore encrypted files

This article is dedicated to StorageCrypt ransomware that penetrates users' systems in all countries of the world, and encrypts the files. In this page you will see important information on what is StorageCrypt, and the removal of StorageCrypt from your computer. Besides, we'll tell you how to restore the encrypted information, if possible.

StorageCrypt focuses on network-attached storage (NAS) device. This virus uses SambaCry vulnerability on Linux systems, which allow to launch command shell. After that, ransomware can start infected files and encrypt users data. The encrypted files acquire .locked extension, and asks for 0.2-0.4 bitcoins for decryption. StorageCrypt adds _READ_ME_FOR_DECRYPT.txt file with decryption possibilities. Virus cyphers video, image, audio and text information in all popular extensions. The process is made through famous RSA and AES algorithms, and its intricacy is so high that decipherment of data without a key is impossible. Such complexity creates ground for such a stunning success of this type of viruses in last years: victims, even having a fairly good experience in suchlike things, will never restore the data, and will need to pay ransom.

StorageCrypt ransomware virus

The knowledge of computers is extremely important in our century, since it helps customer to guard the workstation from computer viruses. For ransomware it's very relevant, as, unlike most suspicious programs, after removing ransomware from the PC, the consequences of its doings won't disappear anywhere. It's very easy to reduce the chances of getting ransomware if you'll follow these rules:

    • Keep an eye on the state of your computer. File encrypting is a sophisticated process that requires a lot of computer resources. In the first minutes of infection, the computer slows down, and the encrypting process appears in Process Manager. You can anticipate this event and switch off the PC before data will be fully damaged. These measures, in case of infection, will save some of your files.
    • Closely inspect your e-mails, particularly those messages that have files attached to them. If you don't know the user who send an e-mail and it is about obtaining some prize, a lost parcel or something similar, this is most likely a fraud message. The other popular sort of these messages is a "business letters". It is natural to take an interest and read the message even if it's sent to the incorrect address, but don't forget that a single click on the attached file can cost you lots of headache, time and money.
    • Do not admit any changes to your computer, originating from suspicious programs. If the workstation is penetrated by ransomware, it will endeavour to eliminate all copies of the data, to decrease the possibility of restoration. The deletion of copies requires admin rights and acceptance from the operator. Thus, not confirming changes from a weird software at the proper moment, you will reserve the chances to decrypt all encrypted files for free.

You should understand that the deletion of ransomware is just a first and compulsory move for the regular operation of the laptop. If you uninstall ransomware, you won't get back the information instantly, it will take additional measures described in the next part. To get rid of StorageCrypt, user has to start the system in safe mode and check it via antivirus. We do not recommend anyone to uninstall the virus manually, since it has numerous security mechanics which could interfere you. Modern viruses are able to totally delete encrypted information, or some of it, when trying to eliminate the program. To neutralize this, follow the guide below.

Removal instruction

Step 1. Boot into Safe mode

Safe mode

Start -> Msconfig.exe

Safe mode. Step 1

On the tab Boot select Safe boot

Safe mode. Step 2

Step 2. Check Startup folder

Start -> Msconfig.exe ->Disable unknown programs in the Startup tab

Startup

Step 3. Check hosts file

Modify hosts file, that located in C:\Windows\System32\drivers\etc\ .

Hosts file.Step 1

Open the file with Notepad and delete suspicious strings.

Hosts file.Step 2

It has to look like this:

Hosts file.Step 3

Step 4. Scan the system with antiviral scanner

 

Antivirus scanner

Why we recommend SpyHunter antimalware as removal tool

Removes virus fully: all files and even registry keys of malware will be deleted

Protects your system in the future

24/7 free support team

bwd  Instructions 1/2  fwd

Step 5. Disable Safe mode

Start -> Msconfig.exe ->Disable Safe boot in the Boot tab

Deactivate Safe mode

If you performed all steps, mentioned in previous paragraph - it's time to decypher the information. Actually, this is not about decipherment, since the encrypting algorithms owned by scammers are very complex. More often than not, to get back the information, you should ask for help on anti-malware forums or from renowned malware researchers and AV software vendors. If you can't wait and are willing to restore the data by hand - here's the useful article on data recovery: article about files decryption.

Add comment

Security code
Refresh

This website uses cookies to improve your experience. If you continue using the site, we will assume that you accept our cookies policy.