If your computer is under attack by Holycrypt Ransomware, you have no chance to save your files unless you have a recent backup copy on a removable hard disk or USB flash drive. This ransomware seems to be still in the making, i.e., the version that has hit the web recently is more like a beta version that has no option for you to pay the ransom fee for the decryption of your files. Once this dangerous infection is initiated, it encrypts your files in a very short time and displays its ransom note. However, you are not given an option to be actually able to restore your files. It is most likely that the criminals behind this threat have simply been running a “test.” Nevertheless, if you find this ransomware on board, you can only do one thing, whether you have backups or not: you must remove Holycrypt Ransomware ASAP. Unfortunately, we cannot help you with decrypting your files yet and most probably, at this stage, no one can. It is possible that when the next version starts infecting unsuspecting users, a free tool will come up to recover files. Until then, here is what we can share with you about this vicious threat.
This ransomware seems to use the same distribution method as most of its peers, including Stampado Ransomware, BitStak Ransomware, and CryptoFinancial Ransomware, which is spam. A malicious spam e-mail can be very tricky and deceiving. Its main purpose is to make you believe that you must see its content and the attached file right away. Criminals can be very convincing when it comes to fooling people. Such a spam may come from a totally familiar or reputable sender, for example. The subject line can be anything that will draw your attention right away and even if you doubted that the mail can have anything to do with you, you would most likely still open it. Such subject could be a mail delivery error, some issue with a hotel or any other kind of reservation, an overdue invoice, and the like. Would you not want to open such a mail and download the attached file? Do you see now how easy it is to make users actually infect their own computers?
We hope that it is quite clear now that you should be more careful when going through your inbox and choosing mails to open. In fact, we suggest that you do not even open any suspicious mails coming from unfamiliar senders that have attachments. By the way, this malicious attachment is usually disguised as an image or a text document, while in reality, it is an executable file. Although it will not give your files back after you activate this infection, you should still delete Holycrypt Ransomware from your system if you want to use your computer again.
This ransomware is initiated when you run the downloaded file. It seems that this infection does not copy itself anywhere so it operates from the folder where you actually downloaded it. Apart from the executable, a new file called "alert.jpg" is created in the same folder, which is the ransom note image. This malicious program targets the usual files, including photos, videos, audio files, documents, and program files. It most probably uses the AES-256 algorithm, which is applied by most ransomware programs. This infection finishes its job in a few seconds, which makes it impossible to catch it in the act and remove it before the damage is done. All the encrypted files get a prefix "(encrypted)" before their name, e.g., "(encrypted)myphoto.jpg.”
So practically a few seconds after you eagerly ran the executable in the hope of seeing an invoice or flight ticket in question, all your files will be encrypted and thus inaccessible. This should be a frightening thought if you do not have a backup of your files. A scary ransom note with a pirate skull and bones image replaces the desktop background. You are informed about the encryption and that you have 24 hours to meet the demands or else your private key will be destroyed and you will never see your files again. A link (test_ransomware.onion.link) is provided at the bottom that is supposed to give you further information and instructions about how to transfer the ransom fee; however, we have found that this link is not even valid. Our assumption about Holycrypt Ransomware being a beta version is sort of confirmed by this URL as it also starts with “test.” In any case, if this ugly infection hits you, this may well be your worst nightmare because you may lose all your files. This is exactly why we always emphasize the importance of making regular backups on external drives. Because even if you delete Holycrypt Ransomware from your computer, you will not be able to recover the encrypted files in this case and many others as well.
It seems that this test version is not too complicated to eliminate from your computer. To be quite frank, a lot of ransomware programs do not really care how easily you can delete them; in fact, some actually do that automatically after the job is done. So all you need to do in this case is to find the downloaded file that you opened and the “alert.jpg” image in the same folder and remove them from your hard disk. Please follow our instructions below if you are not sure how to do this. If you want to keep your computer clean from such malware attacks, you may want to consider installing professional anti-malware software. If you need assistance with the removal of Holycrypt Ransomware, please let us know by leaving us a comment.