TrueCrypter Ransomware Removal Guide

Do you know what TrueCrypter Ransomware is?

TrueCrypter Ransomware is a malicious computer infection that will definitely give you a hard time if it manages to slither into your system. It is a new program, but it employs old ransomware tactic to get what it wants. Ransomware programs have been developed for one single purpose: They want to steal your money by pushing you into transferring the ransom payment. In this article, we will tell you how to get rid of TrueCrypter Ransomware, and you will also have an opportunity to protect your PC from similar intruders by acquiring a licensed antispyware tool.

Our research team says that this infection was first detected in April 2016. This program usually gets distributed via spam email attachments. It is a very common ransomware distribution vector. Users are tricked into thinking they have received a notification from a legal financial institution, but quite often mail messages like that (especially if they come with attachments) are bound to be phishing or malware attacks. Therefore, it is important that you think twice before you open an attachment from an unfamiliar party.

What’s more, TrueCrypter Ransomware may also come via a malicious exploit. This happens when an exploit is placed in a vulnerable website. Usually, malware creators make use of Flash exploits. For example, there might be a malicious Flash in a pop-up that springs into your face when you open a specific website. Clicking an infected pop-up, even accidentally, could lead to a malware infection.TrueCrypter Ransomware Removal GuideTrueCrypter Ransomware screenshot
Scroll down for full removal instructions

When the downloaded malware installer is launched, this malware runs a code that encrypts most of your files. It affects files that have .xls, .htm, .doc, .txt, .php, .inc extensions, and many other types of documents. All of the important files are encrypted using the AES-256 encryption method. This means that TrueCrypter Ransomware uses one key to encrypt your files, and the same key will be used to decrypt them. But only the program’s developers have that key, and you are supposed to pay 0.2 BTC or ~$115 USD in Amazon gif cards (specifically from the domain) to retrieve the decryption key.

Once the encryption is complete, all the affected files will have the .enc extension. Needless to say, you will not be able to open the said files. The interesting thing is that at the moment the ransomware might still be going through its test runs. We can make such an assumption because it is still possible to decrypt your files without transferring the payment. If you click the Pay button on the TrueCrypter’s interface, the affected files get decrypted automatically. Obviously, it is a fatal flaw in the malware programming, but you can be sure that sooner, rather than later, the program’s creators will address this issue.

The program may also experience some difficulties while trying to contact its command and control server, so in some cases, it may not even be able to decrypt your files. That is why it is important to keep a file backup, either on an external hard drive or online cloud storage. The infection is clearly just in the beta testing stages, and it might be that soon enough there will be a new version of this program rampaging around.

It might be somewhat complicated to remove TrueCrypter Ransomware on your own because you would need to remove the main installer file that you have downloaded and launched. The file should be in your Downloads folder, so look for any recently downloaded file that you opened, and then everything began going downhill afterwards.

If you think that manual removal is a big too much of a task for you, you can always get yourself a licensed antispyware tool. A computer security program of your choice will assist you in removing malware and other potentially threatening files. What’s more, if you update the program regularly, it will safeguard your PC against similar intruders in the future.

Should you have any further questions about this infection or your computer’s security in general, please do not hesitate to leave us a comment. Our team is always ready to assist you.

How to Remove TrueCrypter Ransomware

  1. Go to the Downloads folder and find the random-name installer file.
  2. Delete the file.
  3. Press Win+R and type %AppData% into the Open box.
  4. Click OK and open the directory.
  5. Go to the Microsoft folder and delete the TrueCrypter folder.

In non-techie terms:

TrueCrypter Ransomware is an underdeveloped computer infection that encrypts user’s files. The program, however, does not have a secure decryption mechanism. Decryption should work even without the ransom payment, although there is a good chance that the communication between the program and the Command and Control center might be down. That should not faze you. You have to remove TrueCrypter Ransomware from your computer as soon as possible because such applications bring nothing but havoc.