Get the 411 on Spyware
Bancocrypt Ransomware Removal Guide
Bancocrypt Ransomware is one of the many ransomware programs that are based on the Hidden Tear infection. Although it might seem that knowing the origins of the infection should help us deal with the consequences that is not really the case with ransomware programs. Hence, each infection should be treated individually, and their origins only help us somewhat define their purpose and the infection vector.
In this description, we will let you know several technical details associated with this intruder, and then we will give you the removal instructions you can find below. Should you have more questions after that, do not hesitate to leave us a comment.
Bancocrypt Ransomware probably invaded your computer through spam email. This program employs the same distribution technique as the previously released Jhash Ransomware. Our research specialists even suggest that both infections are identical. It would not be much of a surprise because there are a lot of infections out there that have several names. This one, in particular, is based on the type of Hidden Tear ransomware that was modified by Virgula0. The program does not have a Point of Execution, so it makes the removal process simpler, as you do not need to delete any malicious registry modifications.
It is also very likely that the infection is distributed in Spanish spam email messages because the ransom note it displays is also in Spanish. So it means that the program targets Spanish-speaking users. When they download the attached file and open it, users launch the infection. It is always a good idea to scan the downloaded files with a computer security tool. It is always better to be safe than sorry. For all its worth, you might prevent a malicious ransomware infection simply by clicking the scan button.
However, once Bancocrypt Ransomware is in, it will scan your system and encrypt all the files in the %USERPROFILE% directory. When the program is executed, it will also delete itself and copy certain files to %HOMEDRIVE%\{username}\Rand123\local.exe. By default, the Windows operating system has the %HOMEDRIVE%\users\{username} folder, and not the %HOMEDRIVE%\{username}. Therefore, that folder is created by Bancocrypt Ransomware. After that, the infection checks if you have the Internet connection, and if you do, it sends out the victim details to a remote command and control server.
Aside from that, obviously, the program encrypts your files and then displays a ransom note. Since encryption is a terrible thing you experience, it is not a surprise that quite a few users choose to pay the ransom in order to retrieve their files. However, seeing how this program cannot always perform everything it has on its To Do list (for instance, it sometimes fails to change the desktop background), it may also fail to issue the decryption key even if you pay the money.
Hence, you should never consider giving your money away to these criminals. By paying the ransom, you would only encourage them to continue their malicious deeds. You need to remove Bancocrypt Ransomware from your system, and then look for ways to restore your files. You will be surprised to find that you probably have a lot of your data saved or stored someplace else. Calm down and consider all of your options first.
How to Delete Bancocrypt Ransomware
- Press Ctrl+Shift+Esc to open Task Manager.
- Click the Processes tab and click suspicious processes.
- Press the End Process button to kill highlighted processes.
- Exit Task Manager and press Win+R to open the Run prompt.
- Type %HomeDrive%\user into the Open box. Press OK.
- Delete the ransom.jpg file and the Rand123 folder.
- Run a full system scan with SpyHunter.
