Virus-encoder ransomware is a relatively old data locking malware that recently came back with its newest version that attaches four random letters to files after the encryption

Virus-encoder ransomware is a dangerous cyber-threat that focuses on locking data on the host computer and then demand ransom from its owner for the decryption tool. Initial release dates back to 2016, however, the malware recently made a comeback with the new version, dubbed GetCrypt ransomware.
Just as all file-locking viruses, Virus-encoder ransomware uses a sophisticated file locking technology that uses ancryption algorithms.[1] The original malware used AES + RSA ciphers, while the new version resorts to RSA + Salsa20. Regardless of which encryption method is used, victims cannot access their pictures, music, videos, and other data anymore, which is marked by a random extension at the end of each file.
As explained by cybercriminals in a ransom note # DECRYPT MY FILES #.txt, users need to email them via helpme@freespeechmail.org, and, later via getcrypt@cocl.li/cryptget@tutanota.com to be able to retrieve the data with the unique decryption tool that is stored on a remote server and cost a specific amount of Bitcoins. However, experts suggest avoiding any contact with the criminals and rather focus on Virus-encoder ransomware removal.
| Name | Virus-encoder |
| Also known as | GetCrypt |
| Type | Ransomware |
| Infiltration | Rig exploit kit, |
| Cipher | AES, RSA, Salsa20 |
| Contact | helpme@freespeechmail.org, getcrypt@cocl.li, cryptget@tutanota.com |
| Ransom note | # DECRYPT MY FILES #.txt |
| Removal | Use anti-malware software, such as SpyHunterCombo Cleaner |
| File decryption | Make use of Emsisoft's decryptor |
| Recovery | To restore Windows system files, scan it with FortectIntego |
There are a variety of methods Virus-encoder ransomware could get into your machine, including via spam emails, fake updates, unprotected RDP,[2] software cracks, etc. Nevertheless, security researchers observed the latest samples of the virus being distributed via Rig exploit kit.[3]
Once inside the system, Virus-encoder virus will show the following ransom note
Attention! Your computer has been attacked by virus-encoder!
All your files are now encrypted using cryptographically strong algorithm.
Without the original key recovery is impossible.
To get the decoder and the original key, you need to email us at helpme@freespeechmail.org
Our assistance is not free, so expect to pay a reasonable price for our decrypting services. No exceptions will be made.
Later versions of Virus-encoder ransomware drop a very similar note, although the contact emails are different. Regardless of what type of message you receive, you should not get in contact with cybercriminals as it can result in money loss. Quite often, bad actors are simply not interested in sending the decryptor for the paid money and choose to ignore victims. In some cases, virus authors themselves are incapable of restoring the encoded data.
Therefore, it is best to ignore the criminals and remove Virus-encoder ransomware from your device entirely. For that, you need to employ reputable anti-malware software, because deleting the virus manually is practically impossible for a regular user. After that, experts[4] recommend scanning the device with FortectIntego to fix broken Windows system files, such registry.
After you terminate the infection and fix Windows system, you can connect your backup device to restore your personal files. In case you did not have any prepared, there are alternative methods that you can try – such as third-party recovery tools. Additionally, if you are infected with the latest version of Virus-encoder ransomware, you can also try the official decryption tool that was recently released by Emsisoft security researchers.

Ransomware-type virus propagation methods and how to avoid them
Virus-encoder can infiltrate your computer via several different ways. For example:
- It can infect your computer if you tend to open unknown email letters from unknown senders AND especially if you download the attachments from such messages. It is the most common way of the virus-encoder distribution. Such emails are often sent to business people.
- If you tend to surf through unreliable websites, if you are browsing through a site that shows an enormous amount of ads, suggests to fill various surveys or offers to install free software, you should know that such web page is not worth your trust. Sometimes even one click can initiate execution of a malicious program.
- If you tend to install new programs on your computer carelessly, always check if the website that provides the download link is reliable. Also, when installing new programs, select the Advanced or Custom installation setting, and deselect every statement that suggests installing unfamiliar applications.
Terminate Virus-encoder ransomware with the help of reputable security application
Virus-encoder ransomware removal should not be executed manually – cryptoviruses usually make significant changes to the Windows operating system, and restoring all the settings and fixing infected system files is not an easy task. Therefore, you should rather trust reputable security software that can do the job for you automatically.
If Virus-encoder virus is tampering with your security software, you should access a safe environment where the functionality of the threat will be disabled. Please follow the instructions below to find out how to remove Virus-encoder ransomware in the Safe Mode with Networking.
If you got infected with the latest variant of the malware, there is a good chance you can recover your files with the help of Emsisoft's decryption tool. If your System is infiltrated by the older version – you can try alternative solutions, such as recovery software. We provide all the download links and usage instructions below.
Was this guide helpful?
4 comments