Wincrypto Ransomware

WinCrypto is a piece of ransomware designed to encrypt the victim's data and demand a ransom payment in exchange for a decryption tool. Encrypted files get the ".wincrypto" suffix appended to their file type extensions. Once the encryption process has come to a successful end, the WinCrypto Ransomware generates a ransom note in the form of a text file called "README WINCRYPTO.txt".

Here's the text of the WinCrypto ransom note:

'WINCRYPTO RANSOMWARE

YOUR DOCUMENTS, PHOTOS, DATABASES AND OTHER IMPORTANT FILES HAS BEEN ENCRYPTED!

THE ONLY WAY TO DECRYPT YOUR FILES IS TO RECEIVE THE PRIVATE KEY AND DECRYPTION SOFTWARE.

TO RECEIVE THE PRIVATE KEY AND DECRYPTION SOFTWARE GO TO ANY DECRYPTED FOLDER – INSIDE THERE IS THE SPECIAL FILE "README WINCRYPTO.TXT" WITH COMPLETE INSTRUCTIONS HOW TO DECRYPT YOUR COMPUTER.

IF YOU CANNOT FIND ANY "README WINCRYPTO.TXT" FILE AT YOUR PC FOLLOW THE INSTRUCTIONS BELOW

DOWNLOAD "TOR BROWSER" FROM HTTPS://TORPROJECT.ORG AND INSTALL IT

IN THE "TOR BROWSER" OPEN YOUR PERSONAL PAGE HERE.

NOTE! THIS PAGE IS AVAILABLE VIA "TOR BROWSER" ONLY.

FILE RECOVERY IS IMPOSSIBLE WHEN ANTI-VIRUS IS ACTIVATED AND THIS SOFTWARE IS TERMINATED!'

The ransom note alone does not say how much you need to pay to get your files back. To learn the exact amount of the demanded ransom, you need to contact the crooks via Tor.

Security researchers have yet to develop a fully-working decryption tool. Until then, we recommend against paying the ransom – doing so rarely makes the crooks remain true to their word.

Ransomware threats typically attack via spam, malware-laden Web links, and Peer-to-Peer networks. The WinCrypto Ransomware makes no exception. However, you have every chance of avoiding infection, as long as you tread carefully when browsing the Web. Employing a reputable anti-malware scanner would provide you with further protection along the way.