Proposalcrypt Ransomware Removal Guide

Proposalcrypt Ransomware is yet another ransomware release that is sure to cause many problems for many users. Needless to say, its developers distribute it secretly because no one would install this program willingly. Removing it is highly recommended because it is designed to encrypt the files stored on your computer and then demand that you pay money for the criminals to decrypt them. As you can see, this program is highly dangerous, and it targets many file formats, so it can encrypt your personal and other valuable files to compel you to pay the hefty ransom. For more information, please read this whole description.

Let us begin with the way this malicious application is most likely distributed. In full disclosure, we do not know how Proposalcrypt Ransomware is disseminated. However, we assume that it may be distributed trough malicious email attachments, infected websites or rotated software. Nevertheless, we think that malicious emails are the most plausible distribution channel as most ransomware is distributed via email. The emails can feature text that suggests opening the attached Microsoft Word document.

Our research has shown that the file attached to the email is named “proposal.doc_____________________.exe.” As you can see, the file name consists of many unnecessary underscores that form a line that moves the “.exe” file extension farther, so you could not see it. Before the underscores, the file name features a “.doc” which is supposed to give you the impression that it is a Microsoft Word file. Now, the underscores make the long so the full name should not appear in you inbox. Thus, this simple method creates the illusion that it is a document and if you open it, then it will copy itself on your PC. The malicious executable can be dropped in the Downloads folder, desktop or %TEMP% folder.

Once on your computer, Proposalcrypt Ransomware will scan it for encryptable files and go to work. Our research has shown that this particular ransomware uses the AES encryption algorithm to encrypt your files. For example, Proposalcrypt Ransomware can encrypt .mp4, .flv, .m3u, .doc, .docx, .docm, .avi, .wma, .m4a, .txt, .jpeg, and .png file formats. Nevertheless, it can encrypt close to a hundred of the most common file formats. Once the encryption process is complete, it will render its graphical user interface window.

The message in with the graphical user interface says “We are sorry to say that your computer and your files have been encrypted but wait, don’t worry. There is a way that you can restore your computer and all of your files.” The cyber criminals behind this malicious application demand that you send them 1Bitcoins which is an approximate 972.66 US dollars. The featured message also states that “Payment should be confirmed in about 2 hours after payment made.” Take note of the word “should” because it is likely that the criminals will not decrypt your files because they simply do not care. Furthermore, the payment verification service can also have errors and so this ransomware might not receive the command to start the decryption.

So there you have it, Proposalcrypt Ransomware is just another ransomware-type infection like thousands of other that are currently out there. This ransomware does not autostart with Windows, so you can remove it manually with no trouble. However, if you want to ensure your computer’s security, then we suggest scanning it with an anti-malware application such as SpyHunter. You can remove this ransomware manually, and we hear that a free decryption tool is underway, so there is no need for you to pay the hefty ransom.

How to delete this malware

1. Simultaneously hold down Windows+E keys.
2. Enter the following addresses in the address box and hit Enter.
   • %USERPROFILE%\Downloads
   • %USERPROFILE%\Desktop
   • %TEMP%
3. Find the fake document and right-click it.
4. Click Delete.
5. Empty the Recycle Bin.