Technicy Ransomware Removal Guide

Do you know what Technicy Ransomware is?

According to our cyber security experts at, Technicy Ransomware is a new malicious application that is based on the abandoned Hidden-Tear Ransomware project. The original source code was leaked to the Internet, and amateur cybercriminals use it as a basis for building their own programs. This application is as dangerous as the rest of the programs in this family as it uses Advanced Encryption Standard (AES) to encrypt your files. However, the difference between this and other programs based on Hidden-Tear is that it does not ask you to pay a ransom. It encrypts files for the sake of encrypting them, so you ought to remove it as soon as you can. Unfortunately, there is no free decryption tool either, so you will have to do with what this ransomware has not encrypted.

While there is no concrete information on how this ransomware is disseminated, we have received information that claims that this application is being distributed using fake emails. Its Polish developers may have set up an email server to send spam email to people in Poland and elsewhere in an effort to infect as many computers as possible. The executable file can be disguised as a PDF or DOCX document using the double extension method when the fake extension is added in front of the real extension which is an EXE extension. If you open that malicious file, then this ransomware will copy itself to %HOMEDRIVE%\[User name]\Rand123\. The name of the executable you should look out for is local.exe. This file may have a point of execution created for it to launch it on each system startup.Technicy Ransomware Removal GuideTechnicy Ransomware screenshot
Scroll down for full removal instructions

Technicy Ransomware start encrypting files as soon as it is launched. While testing this ransomware, our researchers found that it was configured to encrypt files located in Links, Contacts, Desktop, Documents, Downloads, Pictures, Music, OneDrive, Saved Games, Favorites, Searches, and Videos, as well as on the desktop. It is clear as day that its creators want to encrypt as many of your personal files as possible. as far as the list of encrypted file types is concerned the inlcude the flowing:

.txt .jar .exe .dat .contact .settings .doc .docx .xls .xlsx .ppt .pptx .odt .jpg .png .csv .py .sql .mdb .sln .php .asp .aspx .html .htm .xml .psd .pdf .dll .c .cs .mp3 .mp4 .f3d .dwg .cpp .zip .rar .mov .rtf .bmp .mkv .avi .apk .lnk .iso .7-zip .ace .arj .bz2 .cab .gzip .lzh .tar .uue .xz .z .001 .mpeg .mp3 .mpg .core .crproj .pdb .ico .pas .db .torrent

Once the encryption process has been completed, this ransomware is set to change the desktop background image with a picture from It was also set to drop a ransom note “czytaj.txt” that does not contain a note at all. It has text in the Polish language but no instructions on how to pay the ransom. It seems that this ransomware was configured to encrypt your files for the sake of encrypting them.

In closing, Technicy Ransomware is just another ransomware that can infect your PC secretly and encrypt your valuable files. If your PC has been infected with it, then that is very unfortunate because there is no free decryption tool to help you. However, if you wish to protect your Pc from the likes of Technicy Ransomware, then get an antimalware program such as our recommended SpyHunter anti-malware program. You can also use the said program to remove this ransomware. Alternatively, you can delete its files manually see the good below for more information.

How to delete this ranomware

  1. Hold down Windows+E keys.
  2. Type %HOMEDRIVE%\[User name]\Rand123\ in the File Explorer address box.
  3. Hit Enter.
  4. Find local.exe
  5. Right-click local.exe and click Delete.
  6. Go to the desktop and delete czytaj.txt
  7. Empty Recycle Bin.

In non-techie terms:

Technicy Ransomware is a malicious program that can enter your PC via email. If you open a fake document in an email, then your PC can become infected with this ransomware. As a result, this program will encrypt your most valuable files but will not demand money to decrypt them. Therefore, the only solution for you at this point is to remove Technicy Ransomware manually or using an anti-malware application.