Strictor Ransomware Removal Guide

Strictor Ransomware is a ransomware infection that is usually spread as a PDF file. If you have downloaded a PDF file too and now see the presence of Strictor Ransomware on your computer, there is no doubt that all your files in the Documents (My Documents) directory are locked. Ransomware infections act like that because they have only one purpose in mind – they seek to extort money from you. If you have already encountered this infection, it might seem for you that the easiest way to get rid of it and save all the files is to pay money; however, you should not rush to do that because there is another way to gain access to those locked files. We suggest that you continue reading the article if you wish to find out how to do that and/or want to find more information about the ransomware itself.

Strictor Ransomware is quite a new ransomware infection. It was first detected on the 16th of March, 2016; however, it is already quite prevalent on the web and, unfortunately, it seems that the number of infected computers is growing steadily. Even though this ransomware is one of the newest threats, it does not differ much from other well-known ransomware infections, e.g. JobCrypter Ransomware, 7ev3n Ransomware, and JS.Crypto Ransomware in a sense that it locks files and then asks users to pay a ransom in exchange for the decryption tool. All the locked files will have the .locked extension, so it will be clear for you which of them are affected. Researchers working at 411-spyware.com have also managed to find out that this ransomware infection uses the AES-256 cipher. This means that it will be a really difficult task to decrypt files.

Once Strictor Ransomware finishes encrypting documents stored on the computer, it immediately creates the file WindowsUpdate.locked. This is a .txt file with a message for the users. This message informs users that all their files are ruled by cyber criminals, and they need to send Bitcoins to them. The message also contains the password (e.g. =U113QJQwz) which can be used if a user gets the decryption tool (it should be available on the Internet in the future). In such a case, a user will not need to pay money. Apart from placing the WindowsUpdate.locked file next to the encrypted files, this infection will change the wallpaper too. It will explain what users need to do in greater detail:

All your precious Files on your computer I have successfully encrypted!

Your files are encrypted. To get the key to decrypt files you have to pay 500 USD.

If payment is not made before {date} the cost of decrypting files will increase 2 times and will be 1000 USD

Click below to pay us the bitcoins!!!

If you really click on the Pay button, an HTTP request will be made to the web page located on the C&C server. Users could find all the necessary information on the page that will be opened for them. Users can also pay a ransom on it and download the decryption tool. Unfortunately, not all the users could access the page because some of them always see messages “Oopz !! URL not reachable” and “Oopz !! Are you trying to fool me? Connect me to the Internet;)” – they can only be removed from the screen by killing the corresponding process in the Task Manager.

Even though you have been taken to the web page and see the payment window, you should not hurry to pay a ransom even though the time for doing that is limited. In our opinion, you should not pay money for cyber criminals at all if you have a backup of your files because you can easily transfer them to your computer. Of course, do that only if Strictor Ransomware is fully removed. Remember, we have told you that Strictor Ransomware will leave the key which could help you to decrypt files and you only need the decryption tool. If you decide to wait for it to appear on the web, you should keep the WindowsUpdate.locked file.

Researchers have noticed that Strictor Ransomware usually comes as a legitimate-looking PDF file and even its name is misleading, i.e. Bank_Account_Summary.exe, which is why users download this file and double-clicks on it. In most cases, this file comes as an attachment in Spam emails. Of course, this ransomware infection could have found another way to sneak onto the computer too. For example, it is also very likely that it is distributed by malicious software installers. As it is a really hard task to protect the system from ransomware infections, we highly recommend that you install a security tool and keep it there all the time.

Strictor Ransomware does not install many files on the system and does not apply modifications. Therefore, you will only have to detect and delete the malicious PDF file and change the wallpaper. If you are not going to wait for the decryption tool to appear on the web, there is no point in keeping the WindowsUpdate.locked file that contains the key. We suggest scanning the system with the antimalware tool SpyHunter after you eliminate Strictor Ransomware too. It is advisable to do that to check whether there are really no components of ransomware left. You will also get information about other threats existing on the system and could take care of them too.

Remove Strictor Ransomware

1. Remove the malicious file from your computer, e.g. Bank_Account_Summary.exe.
2. Locate and remove the WindowsUpdate.locked file from Documents/My Documents if you are not going to wait for the decryption tool to become available on the web and use the key.
3. Change the Wallpaper.
4. Empty the Recycle bin.
5. Scan your system with a diagnostic tool, e.g. SpyHunter.