VaultCrypt Removal Guide
VaultCrypt is a ransomware infection that has been active since February, 2015. It mostly targets Russian computer users, however, it is now also spreading in English speaking countries. The English version of the threat is not complete yet, but the payment site already contains instructions in English. VaultCrypt is a very complex malware.
It has certain similarities to other ransomware applications like CryptoWall, CTB-Locker and CryptoDefense. It enters your system surreptitiously and encrypts your data files. Unlike the above mentioned infections, it does not present you with ransom message right away. The instructions are provided on the payment website. Needless to say, we do not recommend paying the cyber criminals. You should terminate VaultCrypt yourself as soon as you can.
How does VaultCrypt work?
VaultCrypt slithers into your computer with the help of bundled freeware, spam email attachments, corrupted sites and so on. Once inside, it starts encrypting your files by utilizing VBS scripts and GnuPG privacy software. After the batch file gets infected, it generates an RSA 1024 private and public key. VaultCrypt can affect all types of files including documents, photos, videos, and more. It does not affect files that are stored in Windows, msoffice, framework64 and Intel folders. The threat adds a .vault extension to the encrypted files and deletes all Shadow Volume Copies, so that you can not restore them yourself. The private key that is required for the decryption is stored in vaultkey.vlt file, which also contains configuration details, the number of encrypted files and other data that is used to personalize the payment page. The public encryption key is used to encrypt the private key. This is done in order to make it impossible to retrieve without paying the cyber criminals.
As it has already been mentioned, the infection does not display a ransom note. Instead, when you double-click the encrypted file you are prompted with an alert that states you should visit http://restoredz4xpmuqr.onion page using Tor Browser. If you do, you will open the payment site. Once you log in, you will be presented with information about how you can make the payment and retrieve the encrypted files. You will even be provided with a way to contact the malware developers in case you need any help. We do not recommend following any of the instructions presented on this site. What you should do instead is eliminate VaultCrypt from your system.
How to remove VaultCrypt?
There is no question that you need to get rid of VaultCrypt. In addition to the above mentioned malicious actions that it takes, the threat also uses a Browser Password Dump in order to steal your login details. You should not waste any time and delete VaultCrypt from your PC by using a reliable anti-malware utility. The malware prevention and removal tool will scan your computer, detect and delete VaultCrypt and all of its components. Unfortunately, the software will not be able to restore your files. If you do not have them backed up, you could try using file recovery software to decrypt them, however, there are no guarantees that it will work. Regardless of that, you still need to remove VaultCrypt from your PC and the sooner you do it, the better.