Infected with Iron Ransomware? Need to decrypt .encry files?
What is Iron Ransomware
Iron Ransomware, also known as Iron Locker, Iron Unlocker Ransomware, Maktub Ransomware, is a malware file encryptor, which locks users documents, photos, videos and other files using AES + RSA for the key, and then cybercriminals demand a 0.2-1.1 Bitcoins for decryption. In fact, real decryption is not guaranteed after payment. Ransomware virus creates a unique id for every infiltrated machine. Also, it creates a file !HELP_YOUR_FILES.HTML with a following content:
Your personal files are encrypted.
Your documents, photos, databases and other important files have been encrypted with strongest encryption and unique key, generated for this computer. Private decryption key is stored on a secret Internet server and nobody can decrypt your files until you pay and obtain the private key. The server will eliminate the key after a time period specified in this window.
in your browser. They are public gates to the secret server.
The website can help you complete the decryption work automatically.
You could also send 0.2 BTC to 1cimKyzS64PRNEiG89iFU3qzckVuEQuUj
and contact this email email@example.com with below ID.
Write in the following personal ID in the input from on server:
Cybercriminals verify victims and show any information only after id confirmation. Design of their sites is very similar to previously distributed Maktub Ransomware, so we guess all listed viruses is a single “family”.
All sites, specified in !HELP_YOUR_FILES.HTML contains additional information about decryption and payment:
During this time you need to make a payment or the price will be increased.
We’re very sorry that all of your personal files have been encrypted :( But there are good news – they aren’t gone, you still have the opportunity to restore them! Statistically, the lifespan of a hard-drive is anywhere from 3 to 5 years. If you don’t make copies of important information, you could lose everything! Just imagine! In order to receive the program that will decrypt all of your files, you will need to pay a certain amount. But let’s start with something else…
WE ARE NOT LYING!
It's easy to delete the program from your personal computer. But not one of the third party programs will be able to do the most important thing – to decrypt your files! In order to do this, you need to have the private master-key that only we have. And only we can restore all of your files.
HOW MUCH DOES IT COST?
We hope that you are convinced that we can decrypt all of your files. Now, the most important thing! The faster you transfer the money, the cheaper file decryption will be. At every stage of payment, you get 3 days or 72 hours. You can see the countdown in the right top corner. After the clock shows 00:00:00 you go to the next stage of payment and the price automatically increases. We only accept the electronic currency Bitcoin as a form of payment. Here is a table that shows the date of payment and the price. Your current stage is marked in yellow.
Stage Time of payment How much money should be sent
> 1 During the first 3 days 0.2 BTC (~$1200)
2 From 3 to 6 days 0.5 BTC (~$3000)
3 From 6 to 9 days 0.8 BTC (~$4800)
4 From 9 to 12 days 1.1 BTC (~$6600)
5 From 12 to 15 days 1.4000000000000001 BTC (~$8400)
6 (*) More than 15 days 1.7000000000000002 BTC (~$10200)
Fortunately, Maktub Ransomware doesn’t remove shadow copies and files from some directories, so you can restore some of encrypted files by windows recovery tools. If you find files with .encry suffix on your PC you should firstly turn off your Internet connection. If you want to found and remove Iron Ransomware and decrypt .encry files, please read our step-by-step manual
How Iron Ransomware infected your PC
Iron Locker can spread by hacking through an unprotected network configuration, using email spam and malicious attachments, fraudulent downloads, web injections, fake updates, repackaged and infected installers. Encryption inserts .encry suffix to every coded file. Way to protect your computer from such threats is to use antiviruses with crypto-protection like HitmanPro.Alert with CryptoGuard.
First of all, don’t panic. Follow these easy steps below.
1. Start your computer in Safe Mode with networking. To do that, restart your computer before your system starts hit F8 several times. This will stop system from loading and will show Advanced boot options screen. Choose Safe mode with networking option from the options list using up and down arrows on your keyboard and hit Enter.
2. Log in to the system infected with the Iron Ransomware virus. Launch your Internet browser and download a reliable anti-malware program and start a full system scan. Once the scan is complete, review scan results and remove all entries detected.
SpyHunter 4 – fully removes all instances of Iron Ransomware – files, folders, registry keys.
Step 2: Remove following files and folders of Iron Ransomware:
Remove following registry entries:
Remove following files and folders:
How to decrypt files infected by Iron Ransomware (.encry files)?
Decrypt .encry files manually
Restore the system using System Restore
Although latest versions of ransomware can remove system restore files, this method may help you to partially restore .encry files. Give it a try and use standard System Restore to revive your data.
- Initiate the search for ‘system restore‘
- Click on the result
- Choose the date before the infection appearance
- Follow the on-screen instructions
Roll the files back to the previous version
Previous versions can be copies of files and folders created by Windows Backup (if it is active) or copies of files and folders created by System Restore. You can use this feature to restore files and folders that you accidentally modified or deleted, or that were damaged. This feature is available in Windows 7 and later versions.
- Right-click the file and choose Properties
- Open the Previous Version tab
- Select the latest version and click Copy
- Click Restore
Restore .encry files using shadow copies
- Download and run Shadow Explorer.
- Select the drive and folder where your files are located and date that you want to restore them from.
- Right-click on folder you want to restore and select Export.
- Choose export location and view restored files.
Protect your computer from ransomware
Most modern antiviruses can protect your PC from ransomware and crypto-trojans, but thousands of people still get infected. There are several programs that use different approach t protect from ransomware and lockers. One of the best is HitmanPro.Alert with CryptoGuard. You may already know HitmanPro as famous cloud-based anti-malware scanner. Check out ultimate active protection software from SurfRight.
Information provided by Tim Kas