Smartransom Ransomware Removal Guide

Do you know what Smartransom Ransomware is?

Smartransom Ransomware is a ransomware-type computer infection that was first seen at the end of May 2017. It was developed by Chinese cybercriminals and was designed to encrypt the files on the victim’s computer as well as lock the PC’s screen so that the user could not use it. While you can risk paying the unspecified ransom, we do not recommend that you do as you might not get the promised decryption tool. We recommend that you not comply with the cybercriminals’ demands and remove this application as soon as the opportunity arises. To find out more about it, we invite you to read this whole article.

If this particular ransomware were to infect your computer, then it will immediately start encrypting your files with an advanced encryption algorithm that is not yet decryptable. Once executed, Smartransom Ransomware is set to open a photo of a girl model, and when you minimize or close the picture, then this ransomware will lock the screen. It replaces the screen with a black background with a ransom note in Mandarin. The locks screen also features a QR code that redirects to https://tieba.baidu{.}com/f?kw=戒色.

Smartransom Ransomware was set to enumerate files stored in %USERPROFILE%\Desktop and %USERPROFILE%\Documents. Testing has shown that this ransomware was designed to encrypt file types that include .7z, .zip, .rar, .au3, .png, .jpg, .psd, .xls, .xlsx, .pptx, .ppt, .docx, .doc, and .pdf. The ransomware encrypts the contents of the files but does not change the original extension of the files. Nevertheless, the fact that it does not append the file extension is of little significance since the encryption is still strong without that. At present, this ransomware’s encryption is impossible to decrypt, but it might be in the future.

Now let us talk about the origins of Smartransom Ransomware. As mentioned in the introduction, it was created by Chinese cyber criminals for the Chinese market because the text of the ransomware is in Mandarin only. Our malware analysts say that this ransomware is most likely distributed using malicious emails that feature this ransomware in an attached file. Downloading or running the attachment will mean that the ransomware will appear in either %TEMP% (if you run it) or %USERPROFILE\Downloads or %USERPROFILE\Desktop (if you download it.) The emails can be disguised as legitimate invoices, receipts, tax return forms, business correspondence and so on. The emails feature text that uses subtle tactics to compel you to open the attached file.

In closing, Smartransom Ransomware is a highly malicious computer infection that was designed to encrypt your personal files and then also lock the computer’s screen to prevent you from using it. This ransomware’s developers want you to pay a ransom to unlock the PC and decrypt the files. However, you should not do that as you cannot trust cyber criminals to keep their word. Our malware analysts have found that you can bypass the lock screen by pressing Alt+F4. Once the lock screen is down, you can go the location of the malware and delete it or download an anti-malware program such as SpyHunter that will remove it automatically.

Removal Guide

  1. Simultaneously hold down Alt+F4 to close the lock screen.
  2. Simultaneously hold down Windows+E keys.
  3. Type the following file paths and hit Enter.
    • %TEMP%
    • %USERPROFILE\Downloads
    • %USERPROFILE\Desktop
  4. Identify the malware.
  5. Right-click it and click Delete.
  6. Empty the Recycle Bin.

In non-techie terms:

Smartransom Ransomware is a dangerous computer infection that can prevent you from you accessing your files by encrypting them and also locking the computer’s screen. Without a doubt, you ought to remove it from your PC because you cannot trust the cyber crooks to give you the decryption key after you pay. Please check the guide above for more information.