Home / Spyware Help / EduCrypt Ransomware Removal Guide

EduCrypt Ransomware Removal Guide

by 0 Comments

Do you know what EduCrypt Ransomware is?

If your system was infected with EduCrypt Ransomware, you should consider yourself lucky. The malicious application does actually encrypt data on user’s computer, but it also leaves a decryption key on the system, which is free of charge too. As it seems, the software was created to teach a lesson to those who carelessly download suspicious installers and other files from the Internet. As you realize, if the ransomware was created by cyber criminals who only want to extort money from their victims, all your personal data on the computer could have been lost. If you continue reading the article, we will explain to you more details about EduCrypt Ransomware. Also, we will place a removal guide that you can use to eliminate the malware.

Since EduCrypt Ransomware is a rather unusual program, it is not distributed via Spam email or dropped by Trojan infections like most of other ransomware. Its creators decided to distribute it with various files that users download from unreliable web pages. For example, the file could look like a useful tool for Skype users. When the user downloads this file and launches it, the application starts the encryption process. During it, the malware locks all data that can be found in the following directories or their subfolders: %UserProfile%\Desktop, %UserProfile%\Downloads, %UserProfile%\Documents, %UserProfile%\Pictures, %UserProfile%\Music, %UserProfile%\Videos.EduCrypt Ransomware Removal GuideEduCrypt Ransomware screenshot
Scroll down for full removal instructions

Our specialists say that EduCrypt Ransomware can only encrypt files that have the following extensions: .txt, .exe, .doc, .docx, .xls, .index, .pdf, .zip, .rar, .css, .lnk, .xlsx, .ppt, .pptx, .odt, .jpg, .bmp, .png, .csv, .sql, .mdb, .sln, .php, .asp, .aspx, .html, .xml, .psd, .bk, .bat, .mp3, .mp4, .wav, .wma, .avi, .divx, .mkv, .mpeg, .wmv, .mov, .ogg. Nonetheless, when a file is locked it receives another extension called .isis. Also, right after the encryption, user’s computer should open a text document titled as “Read.”

Moreover, the document says that you have a virus on the system, but you can get the decryptor if you open the provided link. According to the note, the decryption password is on your computer in a hidden folder. It seems that users have to find the file themselves. Our researchers learned that it is placed in the %USERPROFILE%\Documents directory, and it should be titled as “DecryptPassword.txt.” The text inside says “Smart Find!” and contains the promised password.

The "Read" file contains only a few lines, and one them says “Don't Download Random Shit On The Internet.” As we mentioned earlier, the ransomware was created to teach careless people who open random files without thinking twice. As you see, it is quite easy to catch such a malicious application, and if you do not protect the system, it might do a lot of damage to it. In the future, we would advise you to avoid suspicious programs, updates or files. Whenever in doubts, users should check files or installers with a trustworthy antimalware tool that would warn about infected data.

Now that you know what EduCrypt Ransomware is and how it works, it is time to get rid of it. Before you eliminate the malicious application, you should decrypt the locked data. However, you should know that downloading the decryptor from the link provided in the “read.txt” document could be risky. The link might be unsafe, so it is possible that the file could be replaced with malware. Thus, you may want to look for another source on the Internet to download the decryptor.

The decryption password is HDJ7D-HF54D-8DN7D. Our specialists say that it should be the same for everyone who infected their computers with the ransomware. As soon as you unlock encrypted data, you should delete a malicious file that launched the malware. Users could also erase the text files since they would not be needed anymore. If you require any help with the deletion part, have a look at our removal guide below.

Display hidden files and folders

Windows 8 & Windows 10

  1. Press Windows Key+E and select the View tab.
  2. Choose Options and click on Change folder and search options.
  3. Click the View tab, mark Show hidden files, folders and drives.
  4. Press OK.

Windows 7 & Windows Vista

  1. Click the Start and open Control Panel.
  2. Select Appearance and Personalization and open Folder Options.
  3. Choose the View tab and select Show hidden files, folders and drives.
  4. Select OK.

Windows XP

  1. Open Start and select Control Panel.
  2. Pick Appearance and Themes.
  3. Select Folder options, click the View tab, and mark Show hidden files and folders.
  4. Click OK.

Erase EduCrypt Ransomware

  1. Download the decryptor.
  2. Decrypt all data that was encrypted.
  3. Search for a malicious file that you downloaded and launched yourself (e.g. Desktop, Downloads, etc.).
  4. Right-click the infected file and press Delete.
  5. Go to your Desktop, find Read.txt, and delete it.
  6. Press Windows Key+E, and insert the following directory into the Explorer: %USERPROFILE%\Documents
  7. Locate DecryptPassword.txt, right-click it and press Delete.
  8. Empty the Recycle bin.

In non-techie terms:

EduCrypt Ransomware is a malicious program that infects your computer, but also provides the means to repair the damage. Moreover, its creators do not even try to extort money from their victims; it looks like their primary goal is to make you more aware of ransomware and other malware that users can encounter daily. No doubt that malware's appearance is a sign that you need to protect the system, because the next time you encounter ransomware, its creators could ask to pay a huge ransom for the decryption key. Thus, we advise you to use a reliable antimalware tool that would guard your system all the time.