HDDCryptor ransomware virus. How to remove? (Uninstall guide)

removal by Olivia Morelli - - | Type: Ransomware
12

HDDCryptor infection: what are risks?

HDDCryptor virus is ransomware-type virus which grounds its data encryption capacities on Master Boot Record (MBR) [1] alterations. These changes enable the parasite to block its victims from booting their computers properly and accessing any documents or programs stored on it. This way, the virus creators ensure that HDDCryptor removal is particularly complex, and the regular computer users are left with no other option but to pay the virus creators for the ability to have a functioning device once again. This is the main working principle of the majority of ransomware infections [2]. Sadly, this principle brings the criminals success more often than it should. Frightened victims are ready to pay the money without evaluating other potential options of the data retrieval. We also urge you not to rush with the money transfer and decide whether it is really worth paying after reading this article. If you have already decided on the virus removal, we recommend taking all the security measures possible. First of all, do not try eliminating the virus yourself and use the professional and legitimate software for this purpose. Reimage is one of the options.

An image of HDDCryptor virus

As we have already mentioned, HDDCryptor ransomware differs from the majority of ransomware infections because it involves alteration of the MBR. Nevertheless, it is not a completely novel practice among the virus creators. In fact, a few of the famous ransomware, such as Satana, Petya or Mischa are known for messing with these settings, too. An aspect on which HDDCryptor really differs from the rest of its kind is the integration of the open source tools [3] in the process of system scanning and data encryption. For instance, the virus uses a tool called Network Password Recovery to scan the system for the network-shared folder credentials and employs DiskCryptor to encrypt the files located on the computer’s hard drives and the data possibly obtained after using the tool discussed previously. Adding to the file encryption, smooth booting of the computer also gets interrupted. So, instead of loading your regular start screen properly, the boot stops and displays a black screen featuring a ransom note. In this note, the criminals provide an email address which the victims have to address in order to receive further data recovery instructions. At the moment of writing, the ransom reaches 1 Bitcoin (around 610 USD) and has to be paid straight into the criminal’s Bitcoin wallet. That’s how the crooks protect their identities and weasel their way out of this criminal offense unpunished. Do not lift their spirits and motivation even more by sending these hackers your money and better hurry to remove HDDCryptor from your PC as soon as possible.

From the very beginning, HDDCryptor was a threat to individual computer users, but now it is becoming a serious problem to larger organizations as well. In particular, this virus has been spotted in one of the Canadian universities [4], asking 39 Bitcoin for the regained access to all campus computers, while individual devices could be decrypted for 2 Bitcoin. Early on after discovering about the infection Carleton University representatives started tweeting about “network issues” and warning the students against using the university’s internal network. The IT department had to shut down the service completely before the issue is resolved. More detailed information about this incident is yet to be disclosed, so follow us to learn about first.

What are your options for data protection against ransomware?

Since viruses nowadays do not have much difficulty invading computers, aggravation of this task has become more important than ever before. Nevertheless, even the most professional and sophisticated antivirus utilities cannot be fully trusted as ransomware like HDDCryptor are often good at bypassing the defense. Frankly, any crack in your computer’s security can result in data loss. Thus, the people who have some important data on their devices should also consider data backup [5] option. It is a much more guaranteed technique of data protection as it involves storing the documents on external drives, disconnected from the network. Consequently, such data becomes inaccessible to the ransomware which works via the network. Please note that external storage drives are NOT resistant to the ransomware infections, so, in the case of the HDDCryptor, this infection has to be removed from the computer completely, before you try restoring files from these devices.

Remove HDDCryptor 

If you are already thinking about the HDDCryptor removal, you should do a quick checkup of your gear. Make sure a reputable antivirus software is installed on the infected device and check it for the newest updates. Keep in mind that such utility should be obtained legally and have a full system scan function available. When everything’s set up, you can proceed with the virus elimination. Please be aware that HDDCryptor virus may struggle on its way out and prepare yourself for such a challenge. Please have the virus decontamination instructions at hand, in case your antivirus utility is blocked from running. You will find these instructions below next to the additional data recovery guide. If you still can’t remove HDDCryptor, do not hesitate to contact our experts via the Ask Us panel.

do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove HDDCryptor ransomware virus you agree to our privacy policy and agreement of use.
Reimage is recommended to uninstall HDDCryptor ransomware virus. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.

More information about this program can be found in Reimage review.
Alternate Software
Plumbytes Anti-Malware
We have tested Plumbytes Anti-Malware's efficiency in removing HDDCryptor ransomware virus (2016-12-07)
Malwarebytes Anti Malware
We have tested Malwarebytes Anti Malware's efficiency in removing HDDCryptor ransomware virus (2016-12-07)
Hitman Pro
We have tested Hitman Pro's efficiency in removing HDDCryptor ransomware virus (2016-12-07)
Webroot SecureAnywhere AntiVirus
We have tested Webroot SecureAnywhere AntiVirus's efficiency in removing HDDCryptor ransomware virus (2016-12-07)

Manual HDDCryptor virus Removal Guide:

Remove HDDCryptor using Safe Mode with Networking

Reimage is a tool to detect malware.
You need to purchase Full version to remove infections.
More information about Reimage.

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove HDDCryptor

    Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete HDDCryptor removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove HDDCryptor using System Restore

Reimage is a tool to detect malware.
You need to purchase Full version to remove infections.
More information about Reimage.

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of HDDCryptor. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that HDDCryptor removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove HDDCryptor from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.

If your files are encrypted by HDDCryptor, you can use several methods to restore them:

Data Recovery Pro method

If you want to have quick data recovery results, you can try out specialized software like Data Recovery Pro. This software automatically scans the computer and tries to recover a variety of data types, so this solution is especially useful for the users who have less proficient computer skills. Below are the steps you will need to complete to recover your data using Data Recovery Pro.

Windows Previous Versions feature method

First of all, we should note that the System Restore function is necessary for the Windows Previous Versions to work properly. If it has been enabled before the HDDCryptor virus attack, follow the steps provided below. If not — you can proceed to other methods of data recovery.

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

ShadowExplorer method

ShadowExplorer method is a commonly used technique used for recovering data after ransomware infiltration. Nevertheless, it is not always successful because some ransomware delete the Volume Shadow Copies needed for the ShadowExplorer to recover your data. If HDDCryptor was not programmed to delete them, follow the steps below to recover your data:

  • Download Shadow Explorer (http://shadowexplorer.com/);
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from HDDCryptor and other ransomwares, use a reputable anti-spyware, such as Reimage, Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus or Malwarebytes Anti Malware

About the author

Olivia Morelli
Olivia Morelli - Ransomware analyst

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

More information about the author

References


  • Kreppe

    Are there a single version of this program of are there more? Im infected with some similar virus but it asks only 100 dollars for the data decryption…

  • PetroAmIright

    …soon there will be no safe place to browse the web

  • Bond008

    Cant decrypt anything… Any other ideas how to unlock the files after HDDCryptor attack?