Infected with The Brotherhood ransomware? Need to decrypt .ransomcrypt files?

What is The Brotherhood ransomware

Сyber scammers don’t sit in one’s hands and they are constantly looking for ways to make money on the helplessness of ordinary users. The Brotherhood Ransomware is another product of such intruders, namely a cryptovirus. Like similar viruses, it encrypts custom office files, photos, videos, multimedia files, archives and much more, adding .ransomcrypt to the extension of these files. After encrypting with AES algorithms, files become unusable. The virus creates a special text file that contains the decryption conditions. Here’s what this file looks like:

The Brotherhood ransomware virus

Note contains the following text:

Your files have been encrypted. To decrypt your file, please transfer 100 BTC
to Bitcoin Address
Otherwise, you will lose your file today at 16:30:00hrs

From this note’s contents it implies that the user must pay fabulous money, namely 100 BTC, however, it is worth noting that the attackers did not specify ways of communicating with them. Most likely this cryptovirus is not finished yet, but, judging by the constant updating of some similar cryptographers, you can be sure that these defects will be corrected later. In any case, note that you do not need to try to decrypt the attacked files on your own, because you can make it worse. In this case, a professional approach is needed. For this purpose, you can take advantage of our tips and recommendations to remove The Brotherhood Ransomware and decrypt the .ransomcrypt files.

Update: Use following service to identify the version and type of ransomware you were attacked by: ID Ransomware. Also check following website for possible decryptor: Emsisoft Decryptors.

How The Brotherhood ransomware infected your PC

Cryptoviruses can differ from each other by names, developers and algorithms of encryption, but they are united by ways of penetration on the PC. Sometimes, The Brotherhood comes when the user opens a file-attachment in the spam mailing, sometimes it filters through unprotected network settings and so on. One of the important reasons for such troubles is that users neglect paid antivirus programs and utilities that can help protect their computers. If it so happens that your computer is already attacked by The Brotherhood, and the files are encrypted with .ransomcrypt extension, then remove it immediately using our guide. HitmanPro.Alert with CryptoGuard.

First of all, don’t panic. Follow these easy steps below.

1. Start your computer in Safe Mode with networking. To do that, restart your computer before your system starts hit F8 several times. This will stop system from loading and will show Advanced boot options screen. Choose Safe mode with networking option from the options list using up and down arrows on your keyboard and hit Enter.
2. Log in to the system infected with the The Brotherhood ransomware virus. Launch your Internet browser and download a reliable anti-malware program and start a full system scan. Once the scan is complete, review scan results and remove all entries detected.

Recommended Solution:

Norton is a powerful removal tool. It can remove all instances of newest viruses, similar to The Brotherhood ransomware – files, folders, registry keys.


Download Norton*Trial version of Norton provides detection of computer viruses for FREE. To remove malware, you have to purchase the full version of Norton.

Restore .ransomcrypt files using shadow copies


  1. Download and run Stellar Data Recovery.
  2. Select type of files you want to restore and click Next.
  3. Select the drive and folder where your files are located and date that you want to restore them from and press Scan.
  4. Once the scanning process is done, click Recover to restore your files.
Download Stellar Data Recovery

Step 2: Remove following files and folders of The Brotherhood ransomware:

Related connections or other entries:

BTC: 24fAcfdYasU975qwFGyesl45eH63cNuCZP

Related files:


How to decrypt files infected by The Brotherhood ransomware?

You can try to use manual methods to restore and decrypt your files.

Decrypt files manually

Restore the system using System Restore

system restore

Although latest versions of The Brotherhood ransomware remove system restore files, this method may help you to partially restore your files. Give it a try and use standard System Restore to revive your data.

  1. Initiate the search for ‘system restore
  2. Click on the result
  3. Choose the date before the infection appearance
  4. Follow the on-screen instructions

Roll the files back to the previous version

Previous versions can be copies of files and folders created by Windows Backup (if it is active) or copies of files and folders created by System Restore. You can use this feature to restore files and folders that you accidentally modified or deleted, or that were damaged. This feature is available in Windows 7 and later versions.

windows previous versions

  1. Right-click the file and choose Properties
  2. Open the Previous Version tab
  3. Select the latest version and click Copy
  4. Click Restore

Protect your computer from ransomware

hitmanpro alert with cryptoguard

Most modern antiviruses can protect your PC from ransomware and crypto-trojans, but thousands of people still get infected. There are several programs that use different approach t protect from ransomware and lockers. One of the best is HitmanPro.Alert with CryptoGuard. You may already know HitmanPro as famous cloud-based anti-malware scanner. Check out ultimate active protection software from SurfRight.

Download HitmanPro.Alert with CryptoGuard

Written by Rami Douafi

Leave a Reply

Time limit is exhausted. Please reload CAPTCHA.