I wrote this article to help you remove PClock Ransomware. This PClock Ransomware removal guide works for all Windows versions.
The most dreaded cyber infection family keeps on growing by the minute. You know we are talking about ransomware, right? Ransomware totally deserves the reputation of the worst possible cyber threat that we are forced to deal with. These file-locking and users-extorting parasites are something you don’t want to have on your machine. But the chances of avoiding such an infection are getting smaller every day as crooks are constantly developing new pieces and coming up with more creative ideas to distribute them. An example is the so-called PClock Ransomware.
It is not what we call brand new as it is a clone of an older ransomware – CryptoLocker. However, the main point here is that pretty much all ransomware follow the same patent no matter if they are newly-developed or not. A difference may be found it whether the piece is yet decryptable or undecryptable. PClock Ransomware was first noticed in January 2015 but since then it went through a few different versions. Researchers even found a way to create a decryptor for earlier ones but, since May 2015, when the crooks updated their code, PClock is considered undecryptable. In this article, we will help you remove the parasite from your PC as well as give you some useful pieces of advice on how to protect yourself in the future. But first, let`s explain a bit more about the infection you are stuck with.
If you have been infected with this threat, you are in big trouble. As we mentioned, almost all ransomware pieces, PClock included, operate the same way. First, they find a way to trick you into allowing them to enter your system. Then, they lock all of your important files and you don’t have access to them anymore. And last but most important, they blackmail you for money in exchange for the lost files. How PClock enters your computer? Well, it relies on one of the most popular and effective methods – spam emails. However, the spam emails in this particular campaign are disguised as fax messages, using a subject such as “PLEASE READ YOUR FAX T6931.”
Even though the title is not that eye- catching, the email itself contains a RAR file named “Criminal case against you” which pretty much guarantees the victims` attention. But the spam messages are not alone. The ransomware also uses a Trojan called Crimace to help it upon installation. The RAR file, when downloaded and unzipped downloads the Trojan, which on the other hand, downloads other malware, in this case, PClock. This is how the ransomware tricks you and we have to admit its way is quite clever. Then, after settling on your machine, PClock starts looking for files to encrypt.
You should know that very few files will be beyond its reach, if any, as this version is able to target the whopping number of 2,630 files formats. All of your pictures, videos, Word files, music, work-related data, etc. will be locked and modified so your PC could not recognize them. The ransomware will keep them hostage and you cannot open/watch/listen to any of them. It is like you don’t even have them. Your own files. How unfair is that? And we haven`t even gotten to the last step. By now, you must have figured it out where we are going with this. It is the ransomware mail goal. The only purpose it was created for. Money. Your money.
When all of your files are encrypted, PClock creates and drops a message for you. That’s the ransom note, with which the crooks explain everything and of course give you instructions on how to recover your data. This particular PClock version requires its victims to pay 0.55 Bitcoins which equals to $386 USD. According to them, after paying, you will receive a unique decryption tool, which will help you regain access to your data. Bu will it, really? How do you know for sure that the decryptor they will send you, if they even send you any, will work properly? Of course, you don’t know.
Cybercriminals, and especially ransomware authors, are not famous for being trustworthy and reliable. They may not keep their end of the deal and you may end up double-crossed. With no money and no files. And not only that. If you do pay, what do you think your money will be used for? The crooks will use all of them to create more malware to infect more and more people and extort them for money. Is that what you want? To support the crooks` “business”? We doubt it. No to mention that if you decide to pay, you open a door which should never be opened. The door to your privacy. Crooks will have access to your private life and you cannot allow that. After all, your files are replaceable.
Can you say the same about your privacy? No. That’s why paying is not an option. It is not a risk worth taking. We have something to offer you. Our removal guide below will help you remove PClock from your system once and for all. After that, when crooks don`t have access to your machine anymore, you can start searching for ways to unlock your data. Decryptors are being created every day. There are many of them uploaded online. Maybe you can find one to help you in your situation. You can also search for a specialist in the matter who will also require payment, but at least you will know who you are giving your money to. Paying crooks and hope for the best it the worst possible solution.
Now, the promised pieces of advice. We established how PClock attacks victims using disguised spam emails. Do not open emails, which you don’t know the sender of. Such emails should be deleted right away as more often than not, they are dangerous. And the fact that they are in your regular inbox and not the spam one should not mislead you. But other ransomware pieces use other methods too. Some of them are freeware, corrupted links/pages/torrents, malicious ads, etc. A ransomware can also pose as a program update to trick you. You must always be careful online. A little extra vigilance could save you from a lot of issues. Also, considered getting a reliable anti-malware program, keep it up to date and perform regular scans to be sure your machine is infection-free.
PClock Ransomware Removal
Method 1: Restore your encrypted files using ShadowExplorer
Usually, PClock Ransomware deletes all shadow copies, stored in your computer. Luckily, the ransomware is not always able to delete the shadow copies. So your first try should be restoring the original files from shadow copies.
- Download ShadowExplorer from this link: http://www.shadowexplorer.com/downloads.html.
- Install ShadowExplorer
- Open ShadowExplorer and select C: drive on the left panel
- Choose at least a month ago date from the date field
- Navigate to the folder with encrypted files
- Right-click on the encrypted file
- Select “Export” and choose a destination for the original file
Method 2: Restore your encrypted files by using System Restore
- Go to Start –> All programs –> Accessories –> System tools –> System restore
- Click “Next“
- Choose a restore point, at least a month ago
- Click “Next“
- Choose Disk C: (should be selected by default)
- Click “Next“. Wait for a few minutes and the restore should be done.
Method 3: Restore your files using File Recovery Software
If none of the above method works, you should try to recover encrypted files by using File Recovery Software. Since PClock Ransomware first makes a copy of the original file, then encrypts it and deletes the original one, you can successfully restore the original, using a File Recovery Software. Here are a few free File Recovery Software programs: