AutoEncryptor Ransomware Removal Guide

Do you know what AutoEncryptor Ransomware is?

AutoEncryptor Ransomware is a nasty ransomware infection that encrypts your files and demands a ransom of 10,000 bitcoins, which is over 11 million Euros and around 13 million US dollars. The creators of the ransomware are surely not aware of the value of 1 bitcoin as nobody is likely to pay such a hefty fee for regaining access to their lost data. Such data encryption incidents should be prevented by using reputable security programs and backing up files on a regular basis. There are no guarantees that the attackers would decrypt the compromised data, so all that you should do is remove the AutoEncryptor Ransomware.

The analysis of the AutoEncryptor Ransomware has revealed that this threat was created using the .Net framework and is considered as unfinished or poorly built. Moreover, it has been found that the infection does not connect to its server and does not lock the screen as opposed to some other notorious ransomware infections. However, it does encrypt files, which means that the user cannot use them as usual.

The malicious ransomware uses a window, named FileLocker, with four tabs to scare the victim into paying the ransom. The executable UserFilesLocker.exe is added to the startup, desktop, and the Documents folder. As a result, the ransom window pop-ups at every system startup.

Information about encryption is provided in separate tabs, titled Info, Step 1 - payment, Step 2 - Inform us, and Step 3 - restore your data. First, victims are informed that their files have been encrypted using an AES-256 key, which has also been encrypted using a public RSA-2048 encryption key, stored on the desktop and in the Documents folders. Double encryption is a very common method employed by ransomware creators.

On the second tab, victims are given instructions on how to make a payment and pay the entirely illogical sum of 10,000 bitcoins. According to the requirement, the user has to visit simplecoin.cz and buy the requested amount of digital money. After purchasing the sum required, the victim is expected to sent an email with a unique encryption key given on the third tab. The email given is babis@mfcr.cz, which is invalid. On the last tab, a green type-in box is given where the victim has to enter the decryption key.

As the domain ending of the address and email given suggest, the AutoEncryptor Ransomware is targeted at English-speaking and Czech Republic-based computer users. For the email address, the attackers chose a billionaire's name. The victims are probably believed to be naive enough to think that they are paying up to the businessman. This instance is no surprise to malware researchers as ransomware developers tend to use names of well known institutions or organizations to put a bigger pressure on the victim.

To restrict victims from accessing their data, the AutoEncryptor Ransomware encrypts files that are most commonly used, including .exe, .jpg, .txt, .xml, and some others. The infection alters the affected file's extension by adding additional extension .ENCR, so an image file has the .jpg.ENCR extension.

Targeted files' locations have been found to differ on different operating systems. For example, in Windows XP, the infection finds and encrypts files stored on Desktop and in the My Documents and My Pictures folders. In older versions, the AutoEncryptor Ransomware encrypts files in the %PUBLIC% directory (C:\Users\Public). Other locations that are checked for files are the desktop and two folders: My Pictures and Documents.

We highly recommend that you take action to remove the AutoEncryptor Ransomware from the computer. There is no need to worry about the money required as nothing is likely to change even if you pay the ransom. Below you will found our instructions on how to remove AutoEncryptor Ransomware. Hopefully, they will guide you through the removal of the infection. But if you find this manual removal too complex, rely on a reputable antimalware program.

How to remove AutoEncryptor Ransomware

  1. Press Win+E and delete suspicious files from the Downloads folder and the Desktop folder.
  2. Press WIn+R and type in %temp%. Press Enter.
  3. Delete suspicious files.
  4. Use the Win+R command to navigate to these directories:
    • %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\
    • %USERPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup\
    • %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup\
    • %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\Startup\
  5. Find and delete the files __encrypt.pinfo and UserFilesLocker.exe.
  6. Delete the file UserFilesLocker.exe from these directories: %USERPROFILE\Documents\ and %USERPROFILE\Desktop\.
  7. Remove all deleted files from the Recycle Bin.

In non-techie terms:

AutoEncryptor Ransomware is a dangerous infections that you should remove from the computer. If you are required to pay a ransom of 10,000 bitcoins, it is likely you can no longer use your music files, images, and other documents. The malicious threat encrypts files in an attempt to persuade you to spend money on the retrieval of the data. As there are hundreds of similar threats, it is crucial to keep your data backed up. Due to the fact that the ransom fee is irrationally high, all that you can do now is remove the AutoEncryptor Ransomware from the computer and provide the operating system with effective protection against cyber attacks.