Infected with DCRTR-WDM Ransomware? Need to decrypt your files?
What is DCRTR-WDM Ransomware
Today in this article we describe the DCRTR-WDM Ransomware that became most active by the end of November of this year. It comes to your computer and encrypts almost all user files, including office documents, video, audio, multimedia, and much more. DCRTR-WDM Ransomware encrypts files with an algorithm, so decryption becomes very hard. After encryption, the virus changes the file extension to .crypt. It is worth noting that the virus removes all shadow copies of files and system restore points, which makes decryption of files almost impossible. The virus creates a special text file HOW TO DECRYPT FILES.txt that contains information about encryption and possible methods of redemption:
***********************UNDER NO CIRCUMSTANCES DO NOT DELETE THIS FILE, UNTIL ALL YOUR DATA IS RECOVERED***********************
*****FAILING TO DO SO, WILL RESULT IN YOUR SYSTEM CORRUPTION, IF THERE WILL BE DECRYPTION ERRORS*****
Attention!
All your files, documents, photos, databases and other important files are encrypted and have the extension: .CRYPT
The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files.
The server with your key is in a closed network TOR. You can get there by the following ways:
----------------------------------------------------------------------------------------
| 0. Download Tor browser - https://www.torproject.org/
| 1. Install Tor browser
| 2. Open Tor Browser
| 3. Open link in TOR browser: http://crypt443sgtkyz4l.onion/942a6d15e7378b***
| 4. Follow the instructions on this page
---------------------------------------------------------------------------------------- On our page you will see the payment instructions and will be able to decrypt 1 file for free with the extension ".exe".
Attention!
TO PREVENT DATA CORRUPTION:
- do not modify files with extension.crypt
- do not run anti-virus programs, they may remove information to contact us
- do not download third-party file descriptors, only we can decrypt files!
Like the similar to cryptoviruses, it requires you to pay a ransom in the amount of 1,270 dollars by the Tor browser in order to pay for cryptocurrency. Thus, the attackers are trying to avoid prosecution by law. The virus also has a special site created for payment, which is very similar to the GandCrab-Ransomware site. Below we provide screenshots from this site.
We are sorry, but your files have been encrypted!
Don't worry, we can help you to return all of your files!
Files decryptor's price is 1270 USD
Every day the price increases by $ 50 !
What the matter? Buy Decryptor Support Test Decrypt
Buy cryptocurrency Bitcoin. Here you can find services where you can do it.
Send 0.19725398 BTC to the address: 1D41x7GnXpN7jXhdZ7hfZXKsQzyGRNmkfg
Attention!
Please be careful and check the address visually after copy-pasting (because there is a probability of a malware on your PC that monitors and changes the address in your clipboard)
If you don't use TOR Browser:
Send a verification payment for a small amount, and then, make sure that the coins are coming, then send the rest of the amount.
We won't take any responsibility if your funds don't reach us
The transaction will be confirmed after it receives 3 confirmations (usually it takes about 10 minutes)
Transactions list
TX Amount Status
Total 0BTC unpaid
We are sorry, but your files have been encrypted!
Don't worry, we can help you to return all of your files!
Files decryptor's price is 1270 USD
Every day the price increases by $ 50 !
What the matter? Buy Decryptor Support Test Decrypt
What the matter?
Your computer has been infected with Ransomware. Your files have been encrypted and you can't decrypt it by yourself.
In the network, you can probably find and third-party software, but it won't help you, it only can make your files undecryptable
What can I do to get my files back?
You should buy Decryptor. This software will help you to decrypt all of your encrypted files and remove Ransomware from your PC.
Current price: 1270 USD. As payment, you need cryptocurrency Bitcoin
What is cryptocurrency and how can I purchase Decryptor?
You can read more details about cryptocurrency at Google or here.
As payment, you have to buy Bitcoin using a credit card, and send coins to our address.
How can I pay to you?
You have to buy Bitcoin using a credit card. Links to services where you can do it: Bitcoin exchanges list
After it, go to our payment page Buy Decryptor, choose your payment method and follow the instructions
We are sorry, but your files have been encrypted!
Don't worry, we can help you to return all of your files!
Files decryptor's price is 1270 USD
Every day the price increases by $ 50 !
What the matter? Buy Decryptor Support Test Decrypt
If you have any problems with the purchase - please contact support.
You Support
{{ message.message }}
{{ message.created_at }}
Send message
We are sorry, but your files have been encrypted!
Don't worry, we can help you to return all of your files!
Files decryptor's price is 1270 USD
Every day the price increases by $ 50 !
What the matter? Buy Decryptor Support Test Decrypt
Chose file ( .exe )
Decrypt
Update: Use following service to identify the version and type of ransomware you were attacked by: ID Ransomware. If you want to decrypt your files, please follow our instruction below or, if you have any difficulties, please contact us: submit@securitystronghold.com. We really can help to decrypt your files.
How DCRTR-WDM infected your PC
Most often, penetration of a computer occurs due to unprotected network parameters. It is also a consequence of the fact that users do not use antiviruses and other software that can prevent the penetration of such viruses and programs. The virus can come as an update for any program or be an attachment to the spam e-mail. Anyway, you need to remove DCRTR-WDM right now, for this, you can use our recommendations.
First of all, don’t panic. Follow these easy steps below.
1. Start your computer in Safe Mode with networking. To do that, restart your computer before your system starts hit F8 several times. This will stop system from loading and will show Advanced boot options screen. Choose Safe mode with networking option from the options list using up and down arrows on your keyboard and hit Enter.
2. Log in to the system infected with the DCRTR-WDM virus. Launch your Internet browser and download a reliable anti-malware program and start a full system scan. Once the scan is complete, review scan results and remove all entries detected.
Recommended Solution:
Norton – fully removes all instances of DCRTR-WDM – files, folders, registry keys.
You may find more detailed information about antivirus products in our article – Top 5 Antivirus Software for Windows
Restore your files using shadow copies
- Download and run Stellar Data Recovery.
- Select type of files you want to restore and click Next.
- Select the drive and folder where your files are located and date that you want to restore them from and press Scan.
- Once the scanning process is done, click Recover to restore your files.
Step 2: Remove following files and folders of DCRTR-WDM:
Related connections or other entries:
No information
Related files:
No information
How to decrypt files infected by DCRTR-WDM?
You can try to use manual methods to restore and decrypt your files.
Decrypt files manually
Restore the system using System Restore
Although latest versions of DCRTR-WDM remove system restore files, this method may help you partially restore your files. Give it a try and use standard System Restore to revive your data.
- Initiate the search for ‘system restore‘
- Click on the result
- Choose the date before the infection appearance
- Follow the on-screen instructions
Roll the files back to the previous version
Previous versions can be copies of files and folders created by Windows Backup (if it is active) or copies of files and folders created by System Restore. You can use this feature to restore files and folders that you accidentally modified or deleted, or that were damaged. This feature is available in Windows 7 and later versions.
- Right-click the file and choose Properties
- Open the Previous Version tab
- Select the latest version and click Copy
- Click Restore
Protect your computer from ransomware
Most modern antiviruses can protect your PC from ransomware and crypto-trojans, but thousands of people still get infected. There are several programs that use different approach t protect from ransomware and lockers. One of the best is HitmanPro.Alert with CryptoGuard. You may already know HitmanPro as famous cloud-based anti-malware scanner. Check out ultimate active protection software from SurfRight.
Written by Rami Douafi