Decryption Assistant Ransomware Removal Guide

Do you know what Decryption Assistant Ransomware is?

Decryption Assistant Ransomware is a new malicious application our team of researchers has discovered. Luckily, at the time of writing, it does not encrypt any files like other ransomware infections do, so users who encounter this infection should not lose any of their files. Unfortunately, we cannot promise that all users will find their files intact because Decryption Assistant Ransomware might be updated one day and start encrypting files. Ransomware infections do that to be able to obtain money from users, and it seems that Decryption Assistant Ransomware is no exception because the message it opens to victims clearly says that users need to purchase a private decryption key if they find their files locked. Luckily, this ransomware infection does not encrypt any files at present, so do not waste your time on trying to find a way to pay a ransom to cyber criminals. The only job users who encounter this infection have to do is to eliminate ransomware from their computers. The worst decision users can arrive at is keeping active ransomware on their systems because this might result in disastrous outcomes, e.g. the loss of personal data.

Although this HiddenTear-based ransomware infection is still in development and does not encrypt files, cyber criminals might fix it soon. If it is ever updated and starts working properly, it will encrypt files having the following filename extensions the second it successfully enters the system: .mdb, .odt, .ppt, .pptx, .psd, .sql, .txt, .xlsx, .xml, and .txt. All these files will get a new extension .pwned appended next to the original extension. After encrypting users’ files, Decryption Assistant Ransomware will open a window on their Desktops. It will contain a ransom note providing more information about the condition of files. Users find out quickly why they cannot access their files and what the possible solution to the problem is. Like other ransomware infections, it demands a ransom in Bitcoins. The version which does not encrypt any files opens this window on users’ Desktops too, so if you see it, it does not necessarily mean that your files have already been locked. We cannot indicate the amount of money required by Decryption Assistant Ransomware because buttons Payment Status and Decrypt Files, which should contain more information, do not work at the time of writing. If this ransomware infection is fixed one day, you should not rush to send money to get the private decryption key because a) cyber criminals might not have it stored on their server; b) cyber criminals will never stop developing malicious applications if all users hand in money to them; c) there might be a way to recover those files without a private key cyber criminals claim to have, e.g. recover them from a backup. Either way, a ransomware infection must be erased from the system as soon as possible.

Decryption Assistant Ransomware is not a popular infection actively distributed by cyber criminals, so we do not have much to say about its distribution. According to our specialists, distribution methods used to spread it should not differ at all from those used to disseminate other ransomware infections developed some time ago. Specifically speaking, they are 99% sure that Decryption Assistant Ransomware also travels as an attachment in spam emails and illegally enters computers when users open these attachments. Additionally, they say that this infection might be available on file-sharing websites. It is not the only infection spread using these methods, so you must be more cautious from now on.

It is a must to remove Decryption Assistant Ransomware from the system no matter you are going to send money to cyber criminals or not because it will stay active on your computer if you do not do anything. You should use our removal guide (you will find it placed below this article) if you have never deleted a ransomware infection before. The other, considerably easier, method would be to scan the system with an automatic malware remover. It is up to you which one of these methods to employ.

Decryption Assistant Ransomware Removal Guide

  1. Press Win+E simultaneously.
  2. Remove all files you find suspicious from the following directories:
  • %USERPROFILE%\Downloads
  • %USERPROFILE%\Desktop
  • %TEMP%
  • %APPDATA%
  1. Empty the Recycle bin.

In non-techie terms:

Ransomware infections are sneaky threats which illegally enter computers and then start performing undesirable activities, e.g. encrypting files. These infections always cause a bunch of problems if they successfully enter computers, so users should do everything what it takes not to encounter them. What our security specialists recommend for those users who wish to be safe is installing security software on their systems. It must be kept active 24/7 and updated periodically.