Home / Spyware Help / Bancocrypt Ransomware Removal Guide

Bancocrypt Ransomware Removal Guide

by 0 Comments

Do you know what Bancocrypt Ransomware is?

Bancocrypt Ransomware is a malicious computer infection that wants to rip you off. This program will encrypt your files, and it will not leave you alone unless you transfer the ransom payment. However, you should not get fooled by this scam. Albeit the usual course of events suggests that users can restore their files once the money is sent, it is also very likely that the creators of this infection will only collect the payment and scram. Hence, you should focus on removing Bancocrypt Ransomware from your computer because paying is never an option when it comes to such infections.

We could say that Bancocrypt Ransomware is an open-source ransomware because it is based on a code that is openly available for everyone who knows how to apply it. That code belongs to the Hidden Tear open source ransomware that was modified by Virgula0. The domain that is known to host the code can be accessed via github.com/Virgula0/hidden-tear. Unfortunately, knowing the origins of the infection does not help us fight the encryption because the decryption key generated for each affected system is unique, and only the criminals behind it have it.

Is it possible to avoid getting infected with Bancocrypt Ransomware? Of course. Knowing how the Hidden Tear family infections spread around, we can assume that this program also gets distribution via spam email attachments. So it means that you should never open an attachment you receive from unknown or suspicious senders. Sometimes the spam email messages that distribute ransomware look like they were sent out by a reputable corporation. Sometimes they might look like online shopping invoices or some important documents you have to open and check immediately. Sometimes, if you are not sure whether the file in question is safe or not, you can scan it with a security tool before opening it.

However, if you launch the ransomware installation file without any second thought, you will soon see that Bancocrypt Ransomware takes over your system and then basically bars you from accessing most of your files. How does that happen? When you launch the file, and the program is installed on your computer, it scans your system looking for the files it can encrypt. According to the information collected during our research, we know that Bancocrypt Ransomware encrypts files in the following directories:

  • %USERPROFILE%\Desktop
  • %USERPROFILE%\Links
  • %USERPROFILE%\Contacts
  • %USERPROFILE%\Documents
  • %USERPROFILE%\Downloads
  • %USERPROFILE%\Pictures
  • %USERPROFILE%\Music
  • %USERPROFILE%\OneDrive
  • %USERPROFILE%\Saved Games
  • %USERPROFILE%\Favorites
  • %USERPROFILE%\Searches
  • %USERPROFILE%\Videos

This also shows that the infection targets the default locations for user’s files. If you have a partition, or your data is stored in some other directory, there is a good chance that Bancocrypt Ransomware will not encrypt your files. But of course, quite a lot depends on luck, and it is clear that a lot of users run out of when they encounter such infection.

When the encryption is complete, the program drops a ransom note that says your computer has been hacked and your personal information is encrypted. The message also urges you to pay the ransom fee, and the entire message is in Spanish. This allows us to assume that Bancocrypt Ransomware targets computer users in the Spanish-speaking countries. Also, Spanish spam emails could be used to distribute this infection, so if you see a Spanish message in your inbox, and it comes with an attachment, there is a good chance that someone is trying to infect you with malware.

As mentioned, paying the ransom fee is not an option because there is no guarantee the criminals would actually give you the decryption key. Instead, please check out the manual removal guidelines below. After manual removal, you need to delete the encrypted files and then transfer the healthy copies of your data back into your computer.

If you have a system backup in an external hard drive, it should no problem to get your data back. Also, you probably have a lot of information save on your mobile device or perhaps even on some cloud storage. The thing is that users often have a lot more options for this than they realize. Of course, there is also a possibility that you may not be able to retrieve some of your data, but that is always the main downside of a ransomware infection.

How to Remove Bancocrypt Ransomware

  1. Press Ctrl+Shift+Esc and Task Manager will open.
  2. Open the Processes tab and highlight suspicious processes.
  3. Click the End Process button and close Task Manager.
  4. Press Win+R and type %HomeDrive%\user. Click OK.
  5. Remove the ransom.jpg file and the Rand123 folder.
  6. Scan your computer with SpyHunter.

In non-techie terms:

Bancocrypt Ransomware is a dangerous computer infection that is based on an open-code Hidden Tear ransomware. There are quite a few malicious programs out there that have been based on this notorious ransomware. It might be more than intimidating to get infected with this program, but the most important thing is to stay calm. You have to remove Bancocrypt Ransomware to continue using your computer as before. And if you find the removal process and the aftermath too daunting, you can always refer to a specialist for some professional assistance.