What is UmbreCrypt?

UmbreCrypt is a name for recently developed ransomware that targets for media files. After the ransomware finds certain types of files it encrypts them and adds umbrecrypt_ID_youruniqueID extension. After that the threat generates a pop-up window with a message that states the information about the encryption. In the note there are also instructions about the means to retrieve the files. UmbreCrypt sets time limit of 72 hours during which user should first contact the ransomware developer by email and then transfer 0.5-1.5 BitCoin to the stated account. As a guarantee, the cyber criminals offer victim to send one file for decryption. However critical the situation may seem, try to remove UmbreCrypt and decrypt the files yourself first.

UmbreCrypt

How UmbreCrypt gets on your PC?

Just as many other examples of ransomware, UmbreCrypt is distributed through several common ways. One is stealth installation triggered by click on fake update messages. To avoid it do not rush clicking on every popup that appears on the screen. Take a careful look – the fakes are usually slightly differ from the genuine ones. Another method is spreading through p2p networks and spam messages – remember to always scan the files obtained by these ways with anti-virus/anti-malware.

How to remove UmbreCrypt from your computer?

To uninstall UmbreCrypt remove it from Control Panel, then delete all files and regkeys.

In our view, there are 3 products that potentially have UmbreCrypt in their database. You can try to use them for removing UmbreCrypt.

Recommended Solution:

Norton is a powerful removal tool. It can remove all instances of newest viruses, similar to UmbreCrypt – files, folders, registry keys.

 

Download Norton*Trial version of Norton provides detection of computer viruses for FREE. To remove malware, you have to purchase the full version of Norton.

Alternative Solution:

Norton Antivirus – detects files, registry values and folders of viruses that show the same behavior as UmbreCrypt.

 

Download Norton
 

You can try both of these products to remove UmbreCrypt

Or uninstall UmbreCrypt manually.

Step 1: Remove UmbreCrypt from Control Panel

Windows XP:

  1. Click Start.
  2. Control Panel.
  3. Then click Add or Remove Programs.
  4. Find UmbreCrypt.
  5. Click Uninstall.

Learn more about uninstallation of programs in Windows XP.

Windows 7/Windows Vista:

  1. Click Start.
  2. Then Control Panel.
  3. Click Uninstall a Program.
  4. Find UmbreCrypt and click Uninstall.

Learn more about uninstallation of programs in Windows 7.

Windows 8/Windows 8.1:

  1. Open the Menu.
  2. Click Search.
  3. After that click Apps.
  4. Then Control Panel.
  5. Then as in Windows 7, click Uninstall a Program under Programs.
  6. Find UmbreCrypt, select it and click Uninstall.

Learn more about uninstallation of programs in Windows 8 (8.1).

Windows 10:

  1. Click on the Start button (or press the Windows key) to open the Start menu, click on the Settings at the top.
  2. Click on App & features on the left menu.
  3. On the right side, locate UmbreCrypt and click it, then click on the Uninstall button.
  4. Click on Uninstall to confirm.

Learn more about uninstallation of programs in Windows 10

Note: If you can’t find required program, sort programs by date in Control panel and search for last installed programs.

Step 2: Remove following files and folders of UmbreCrypt:

Remove following registry entries:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Internet Explorer Update “[path_to_installer.exe]”
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ChromeSettingsStart3264 “%AppData%\ChromeSetings3264\wosybiny.exe”
HKCU\Software\Microsoft\Windows\ChromeRandomAdress3264 [random].exe
HKCU\Software\Microsoft\Windows\ChromeSettiings3264 [path_to_installer.exe]
HKCU\Software\Microsoft\Windows\ChromeStarts3264 [path_to_installer.exe]
HKCU\Software\Microsoft\Windows\TRUECRT3264 TrueUMBRE

Remove following files:

%AppData%\ChromeSetings3264\
%AppData%\ChromeSetings3264\default32643264.bmp
%AppData%\ChromeSetings3264\default432643264.jpg
%AppData%\ChromeSetings3264\[random].exe
%UserProfile%\Desktop\README_DECRYPT_UMBRE_ID_[victim_id].jpg
%UserProfile%\Desktop\README_DECRYPT_UMBRE_ID_[victim_id].txt

How to decrypt files infected by JobCrypter Ransomware?

Use the decrypting tool

Here you can download the decryptor

For managing the work of the decryptor you will need to ‘tune’ the application a bit.

You need to find the original version of any encrypted file. If it’s not possible, then use any encrypted PNG file and a random PNG picture from the Internet. Drag both files to the decryptor executable – this will initiate generation of master key. NOTE that this can take up to several days.

When the detecting on the encryption code is finished, you will see an info window, simply click OK. Now you can start decryption – choose folders and click Select. We recommend trying the application out on several files before starting the full decryption.

Restore the system

  1. Initiate the search for ‘system restore’
  2. Click on the result
  3. Choose the date before the infection appearance
  4. Follow the on-screen instructions

Roll the files back to the previous version

  1. Right-click the file and choose Properties
  2. Open the Previous Version tab
  3. Select the latest version and click Copy
  4. Click Restore

Leave a Reply

Your email address will not be published. Required fields are marked *