If you found your files encrypted by UmbreCrypt you should not pay the ransom! Read this article to learn how to decrypt UmbreCrypt encrypted files for free.
Here is another variant of the trojan-ransomware type, launched at the beginning of this year. It is an infection that infiltrates a system covertly and once installed encrypts files and holds the key until the user pays a price to the developers (hackers). The malware then attempts to delete the shadow volume copies to prevent a targeted user recovering backups rather than paying. The good news: if a system is infected, there is a decryption program available that has been written by Fabian Wosan. The bad news: A current infection can advertise a system’s vulnerability – and even create further entry points for various other kinds of malware – this is why the user should delete UmbreCrypt if detected. The fact that a system has been left open to this malware should prompt the user to understand how the system was compromised, acquire an understanding of how malware behaves, and to take steps to prevent any future infections.
In tests by analysts, this malware appears to have similarities to – and so perhaps is a market variant – of other ransomware. Malware kits are offered for sale, or as franchise deal models on the dark web (the Tor and I2P networks). The franchise marketing (the supplier takes a cut of any ransom payment) even extends to the marketing of malware like Ransom32 which is java script coded to function on operating systems other than Windows. The similarities to other malware (in this case CrypBoss and HydraCrypt) have been noted; subsequent variants often have the same flaws as previous cracked malware that can make them decipherable too. The point to remember is that if a way in is possible for amateur or compromised malware, more professional infections will have no problem entering an operating system using the same route. If this infection is caught, the user should view it as a valuable learning experience – learn to protect against UmbreCrypt then the doors will also be closed for other more problematic, undecipherable incursions.
This infection is reported so far as being contracted by either a Remote Desktop Protocol (RDP) manual hack, or by an EK (Exploitation Kit – the Angler EK attack in this case), on a visit to a compromised ‘site. This malware working with UmbreCrypt has targeted vulnerability in Adobe Flash Player installations to drop the trojan. Other methods of introducing the trojan are in freeware bundles installed quickly and without scrutiny; in opening spam with toxic attachments, and with the use of external devices that contain an infected file.
Detecting and dealing with UmbreCrypt
Due to the design of ransomware, it is often difficult to detect UmbreCrypt and its variants. For this reason, it is necessary for the user to be aware of symptoms to watch out for. With the activation of the encrypting malware, a system’s speed will noticeably slow. If this happens, check files for extension changes – the ransomware alters file extensions to .umbrecrypt_ID_[victim_id]. If files are found to be changed, disconnect from all network and internet connections. Place all corrupted files into a folder and backup unaffected files to an external drive. Follow the instructions below to remove UmbreCrypt then download the decryption program.
How to decrypt UmbreCrypt encrypted files?
Please, follow as strictly as possible the steps below in order to successfully decrypt UmbreCrypt files:
Step 1: Download the free UmbreCrypt decrypter from here: http://emsi.at/DecryptHydraCrypt.
Step 2: This step is important. You must find one encrypted file and his original. Without this, the decrypter will not be able to determine the correct decryption key for your system. Once you found the paid of files, select both of them, drag them and drop them on decrypt_hydracrypt.exe file.
Step 3: The decrypter will start determining the unique encryption key for your system. Please, be very patient, since this can be rather time consuming process and depending on your CPU and system can take up to several days!
Step 4: Once the decrypter find the unique encryption key, a window like those below will open.
Step 5: Click OK button , then Add folders with the encrypted files on the screen after.
Step 6: Click Decrypt button. Wait, until the UmbreCrypt decrypter finishes decrypting all your encrypted files.
How to prevent UmbreCrypt
Think about the above entry routes and then remember that with good technology, policies and practice, all infections are preventable. First – make sure that all programs are updated regularly and any operating system patches are applied. Install a firewall to disallow Tor and I2P connections and port use without authorization. Ensure that browsers are current and settings are as high as possible for ‘site warnings, use of cookies and to allow browser add-ons with permission only. Turn off ActiveX for Microsoft Office applications. Disable RDP if not used, or secure this function. Look for information on how to apply Windows Administrator Policies/Privileges to disallow .exe files running independently. Browse safely and consider all links before opening. Make regular external file backups. Getting a good security suite capable of system scans adds extra security. Avoid UmberCrypt and all malware with good working, good security and tough policy settings.
