UmbreCrypt is a virus from a family of CrypBoss ransomware. Once started, it will encrypt all victim’s files and documents stored on a computer drives and attached network drives. It uses very strong hybrid encryption with 2048-bit key. When UmbreCrypt encrypts a file, it will change a file extension to the .umbrecrypt_ID_{your_id}. Once the virus finished enciphering of all files, it will display a screen like below.
UmbreCrypt says that user have 72h to make a payment 1 BTC = $400 to get a key to decrypt files. If the user does not make a payment within this time frame, the amount will be higher.
So, if your computer is infected with UmbreCrypt virus, then most importantly, do not panic! Use the step-by-step guide below to remove the virus itself and restore your files.
How does a computer get infected with UmbreCrypt virus
UmbreCrypt virus is distributed through the use of spam emails. Below is an email that is infected with UmbreCrypt virus.
Once this attachment has been opened, this virus will be started automatically as you do not even notice that. After that, the UmbreCrypt will run the encryption process. When this process is done, it will display the usual ransom screen like a screenshoot above with instructions on how to decrypt your files.
Step-by-step instructions on How to remove UmbreCrypt virus and decrypt .umbrecrypt files
If you do not want to pay for a decryption key then you have a chance to restore your files. The following instructions is a full step-by-step guide, which will help you to remove UmbreCrypt malicious software and decrypt all encrypted files. Important to understand that we cannot guarantee that you will be able to recover all encrypted documents. Please do the instructions step by step. If you need a help or have any questions, then ask for our assistance here or type a comment below.
1. Remove UmbreCrypt virus.
2. Decrypt .UmbreCrypt files.
1. Remove UmbreCrypt virus.
Download MalwareBytes Anti-malware (MBAM) from the link below.
MalwareBytes Anti-malware download link
Once downloaded, close all programs and windows on your computer. Open a directory in which you saved it. Double-click on the icon that named mbam-setup like below.
When the installation begins, you will see the Setup – Wizard that will help you install MalwareBytes Anti-malware on your computer.
Once installation is complete, you will see window similar to the one below.
Now click on the Scan Now button to start scanning your computer. This procedure can take some time, so please be patient.
When the scan is finished, make sure all entries have “checkmark” and click Remove Selected button. MalwareBytes Anti-malware will start to remove ransoware related files, folders, registry keys. Once disinfection is completed, you may be prompted to Restart.
2. Decrypt .umbrecrypt files.
Download Decrypter for UmbreCrypt from the link below.
Decrypter for UmbreCrypt download link.
On first step, the decrypter need to determine the decryption key for your computer. You should help. Create a folder on your desktop, copy to this folder an encrypted .png file and a random unencrypted .png file (download it from the Internet) or use a pair of an encrypted file (.umbrecrypt file) and original unencrypted version of the file. Drag and drop both files to decrypt_hydracrypt.exe as shown below.
Click Yes in the user account control pop-up window, if it appears.
Once started, the program will start a brute force process to detect a decryption key. When the decrypter is finished, it will display your key. Click the OK button to start decrypting your files with this key.
The End.
Your computer should now be free of UmbreCrypt malware. If you need help with the instructions, then ask for help here.
