Apparently, EduCrypt Ransomware is based on an open-source application known as Hidden Tear. It was created only for educational purposes, and it seems that the ones who developed the malware are also trying to educate their victims. Most likely, the idea behind releasing EduCrypt Ransomware is to show people how quickly they can infect the computer themselves. The malware is spread through suspicious files that appear on various questionable web pages. All it takes is to open the file, and the damage you receive might be irreversible. Fortunately, in this case, the malicious program’s creators offer the decryption tool and demand nothing in return. Thus, you can repair the enciphered data and remove the malware from the computer. If you slide at the end of the text, the instructions below will guide you through the process.
EduCrypt Ransomware targets not only personal data but also program files since it can encrypt data that has the .exe extension. All files that were encrypted should have an additional extension, e.g. picture.jpg.isis. However, the malware is set to encrypt data only from specific folders, although if the directory has any subfolders, the application will encipher data within them too. The researchers who tested the program determined that it affects only those files that are placed in the listed locations:
• %UserProfile%\Desktop
• %UserProfile%\Downloads
• %UserProfile%\Documents
• %UserProfile%\Pictures
• %UserProfile%\Music
• %UserProfile%\Videos
Furthermore, EduCrypt Ransomware should also launch a file called Read.txt. It says “Well hello there, seems you have a virus!”. In fact, the document does not say much, but it provides a link that would lead you to a website where you are supposed to download the decryptor. Of course, to use the tool, you must provide the decryption key, and as the note says, it is in a hidden text document that you have to find on the computer. Our researchers searched for it too, and they learned that the decryption key is created from fifteen random digits and letters. To be more precise, this is the key HDJ7D-HF54D-8DN7D, and it should be the same to everyone.
It is important to mention that the link provided in the Read.txt file might be unsafe to use, as the decryptor could be switched with something else. Therefore, we advise you to look for it on other websites. Once you download the decryptor, all you need is to enter the decryption key and you will be able to decipher all affected data.
Afterwards, we would advise you to look for a malicious file that you downloaded from the Internet. Users could download it from malicious file-sharing web pages that distribute infected updates or additional tools to software. If you do not remember the directory you saved the malicious file, you could look for it in the Desktop, Temporary Files, Downloads, and other folders. Simply take a look at the instructions below or write us a comment if you have any trouble with EduCrypt Ransomware’s removal. Users could also install a legitimate antimalware tool that would help them detect the malicious file and erase it. Plus, it could not only eliminate all other possible threats but also keep the system protected.
Windows 8 and 10
Windows 7 and Vista
Windows XP