Banco Crypt asks to pay only 10 USD for data recovery

BancoCrypt is a new version of Jhash ransomware virus. The malicious program’s code is based on the HiddenTear[1] project. Thus, it uses AES cryptography, appends .locky file extension, changes the desktop picture and delivers data recovery instructions in Spanish language either in Leeme_Nota_de_Rescate.txt or READ_IT.txt file.
Authors of the BancoCrypt ransomware asks to pay 10 USD via online payment platform Payza and send a screenshot of the transaction to jhash.bancaenlinea@zoho.com. Nevertheless, the size of the ransom is small; you should still not pay the ransom and motivate hackers to create more threatening variants of malware.
The malicious program mostly spreads via malicious spam emails. BancoCrypt virus might enter the system when a user opens an infected email attachment. Once inside, it starts scanning the system and locking files with .locky file extension which has been used at the beginning of Locky ransomware era.
However, these viruses have nothing in common. Cyber-criminals might just have lent the infamous suffix to scare people into paying the ransom. However, security experts do not recommend paying the ransom for BancoCrypt even if it’s a small amount of money because:[2]
- criminals might ask for more money once they see that you are willing to pay for data recovery;
- you might be offered to download other malware on the computer instead of decryption software;
- hackers might blackmail you;
- you might never get promised BancoCrypt decryptor.
Instead of having business with crooks, you should remove BancoCrypt from the computer and try alternative data recovery instructions. The crypto-malware is based on HiddenTear which is decryptable virus. Therefore, there’s hope to restore your files as well.
However, BancoCrypt removal should be completed first to prevent from getting your files encrypted again, system slowdowns and other possible security issues. Elimination of the malicious program is performed using reputable malware removal tools, such as FortectIntego.

Distribution methods of the crypto-virus
We have already mentioned that ransomware spreads via malicious spam email. Thus, you should be careful with received letters, invoices and other documents. Do not open any attachment if you do not know the sender, or if his or her email seems suspicious or you are not sure what you have received such email at all.
However, authors of the ransomware might also distribute malware via:
- malware-laden ads;
- bogus software downloads or updates;
- illegal downloads;
- compromised websites.
To avoid BancoCrypt and similar threats, users should be careful when browsing the web and avoid clicking unknown content. Additionally, installing antivirus protection is also recommended. Security experts from Les Virus[3] also suggest creating backups and updating them carefully. Bad accidents happen, and backups are crucial after ransomware attacks.
BancoCrypt virus removal guidelines
The file-encrypting virus is a complicated cyber threat that might make critical changes to the system and make your computer vulnerable. Thus, gentle and professional BancoCrypt removal is necessary. Only reputable security programs, such as FortectIntego or MalwarebytesMalwarebytes can safely remove malware from your device.
However, you might encounter difficulties because ransomware might block antivirus or malware removal program. For this reason, you should reboot your PC to Safe Mode with Networking first to remove BancoCrypt successfully.
Was this guide helpful?
Be the first to comment