Holycrypt Ransomware Removal Guide

Do you know what Holycrypt Ransomware is?

Ransomware is a pretty common and dangerous and it can easily infect unprotected computers. Holycrypt Ransomware is distributed via email spam, and if it gets onto your PC, then it will encrypt all of your valuable files and demand that you pay a ransom. However, there a twist to this story as this malware does not have a working link necessary to pay the ransom. This ransomware uses scare tactics such as claiming that it will remove the private decryption key within 24 hours if the cyber criminals do not receive the payment. So a lot is going on with this ransomware because it has yet to be completed and its developers have released it in a beta version. Nevertheless, it is dangerous and has to be taken seriously. Please continue reading to learn more.

Our security analysts say that this particular infection is currently being distributed using email spam. Email spam is a distribution technique that is widely practiced by ransomware developers because it is the most effective, easy, and problem-free method. If done correctly, the infection rate can be very high, but it requires the emails to look as authentic as possible. We do not know the peculiarities of the emails that distribute Holycrypt Ransomware, but our researchers say that they might imitate the emails of banks, shipping companies, airlines, and so on. The email features an attachment that is a plain archive file that you can extract. If you extract and run this ransomware’s executable, then it will immediately encrypt documents, pictures, videos, and audio files.Holycrypt Ransomware Removal GuideHolycrypt Ransomware screenshot
Scroll down for full removal instructions

Research has revealed that, while encrypting, this ransomware appends the file name with the word “(encrypted)” in brackets. This serves as an indication that the file has been encrypted. Furthermore, this infection creates an image file named alert.jpg in the same location where you extracted the executable, and this picture is set as your computer’s desktop wallpaper. Also, the image serves as the ransom note that states that your files have been encrypted and you need to pay a ransom within 24 hours or your files will remain encrypted forever because the remote server will delete the private decryption key stored on it. In any case, this is irrelevant since this ransomware is a beta.

Our malware researchers say that the provided link that is supposed to give you instructions on how to pay the ransom does not work, so there is no way to pay it and even if it worked we would not recommend paying either because there is no guarantee that you will get the decryption key. Indeed, you are dealing with cyber criminals so you should not count on them to keep their end of the bargain. Unfortunately, currently, there is no third-party decryption tool that could decrypt your files, but they may be one in the future. Nevertheless, this ransomware will also continue to improve, and an older decryption tool may become useless once a newer version of this ransomware comes out. So it can go either way.

If you want to continue using your computer, then you have to remove Holycrypt Ransomware, and there are several ways you can do this. You can delete its executable manually if you know where it is (it is named randomly.) Alternatively, you can use an antimalware application such as SpyHunter. Testing has shown that this particular antimalware is more than capable of identifying and eradicating this infection. Malware such as this one can render your valuable files inaccessible, and you may be tempted to pay the ransom to get them back, but by doing so, you will fund the cyber crooks and encourage them to design more of these applications in the near future.

How to eradicate this infection

  1. Locate alert.jpg and the executable file (look in the Downloads folder and the Desktop)
  2. Right-click on the files and delete them.
  3. Empty the Recycle Bin.

In non-techie terms:

Holycrypt Ransomware is a ransomware-type infection designed to encrypt the files stored on your computer. It will demand that you pay a ransom for the decryption key, but the link that is supposed to give you the instructions on how to pay it does on work. Either way, we do not recommend paying the ransom and suggest removing it.