Skip to content
  • Active
  • Severity: High
  • Ransomware
  • Windows
  • Verified · Oct 2020

How to remove Curator ransomware

A step-by-step removal guide for affected devices. Follow the verified procedure below — most readers complete it in under 10 minutes.

Alice Woods · Likes to teach users about virus prevention

Curator ransomware is the new cryptovirus that appends all encoded files with .CURATOR

Curator ransomwareCurator ransomware – a threat that demands money for decryption tool that supposedly should recover affected data. The intruder can affect the performance significantly when it alters more than common files on the computer. Even though it focuses mainly on such alterations to images, documents, archives, there are system parts that can get damaged by this virus directly. Once the process of file-locking is done, threat releases a ransom note file on the machine named !=HOW_TO_DECRYPT_FILES=!.txt. This is the direct message from criminals that includes money demands. Extortionists ask to write an email via assistantkeys@rape.lol, mending7788@protonmail.ch, so the recovery tool can be bought.

However, we do not recommend paying these people anything. There are no guarantees that malicious actors can restore files for you. Especially when .CURATOR ransomware virus is a new one and cannot be associated with other strains that researchers know already. According to users[1] who suffered from this threat, it can affect networks of devices and create serious damage to the system. You should never consider paying for the decryption tool because cybercriminals are not the ones who can be trusted. 

Name Curator ransomware
Encryption method ChaCha and AES algorithm[2] mix
File extension .CURATOR is the appendix that appears at the end of every affected file. It usually comes after the original name and filetype, without changing anything else
Ransom note !=HOW_TO_DECRYPT_FILES=!.txt – a file that contains answers on what happened and what to do next
Contact information assistantkeys@rape.lol, mending7788@protonmail.ch
Distribution Malicious files loaded as email attachments or downloaded from hacked pages can trigger the infection. The same can happen when trojans, malware, and other intruder drop the payload of cryptovirus directly on the machine
File Recovery If no backups are available, recovering data is almost impossible. Nonetheless, we suggest you try the alternative methods that could help you in some cases – we list them below
Malware removal Perform a full system scan with anti-malware software or other tools that rely on the AV detection engine and run the  Curator ransomware removal
System fix Malware can seriously affect Windows systems, cause errors, crashes, and other stability issues. To remediate the OS and avoid its reinstallation, we recommend scanning it with the FortectIntego tool that can find and fix virus damage too

Curator ransomware is the virus that creates issues with the system by corrupting files directly. It manages to create needed changes in the system, so the problem with affected files is not the only issue that cryptovirus creates on the infected machine. The threat directly alters files like:

  • images;
  • documents;
  • video files;
  • archives;
  • database.

The purpose of such an infection is to trigger the attack that comes in stages. The first thing that Curator ransomware goes for is the malicious changes to registry keys or shadow volume copies that when damaged, affect the persistence of the virus and file recovery significantly.

The most important thing – remove Curator ransomware properly. That is not easy, but you can employ SpyHunterCombo Cleaner or MalwarebytesMalwarebytes and run a full system scan to find all the intruders, associated programs, and files. This is how you prepare for the file restoring. You might need additional help from features like Safe Mode or System Restore since experts[3] often mention disabled AV tools. Check below for the guide on how to use these functions.

Curator ransomware virus

Paying should be considered as the last option when it comes to .CURATOR file recovery

Various triggers can ensure the difficult Curator ransomware removal process. Malicious actors alter particular settings, to ensure that users have no other options but to pay the ransom. These demands get listed in the ransom message delivered in the form of !=HOW_TO_DECRYPT_FILES=!.txt that reads the following:

Hello!

All your important data has been encrypted. !

Your files are safe! Only modified(ChaCha+AES)

There is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is CURATORly stored on our server.

HOW TO RECOVER FILES???

Please write us to the e-mail:
assistantkeys[@]rape.lol

If you will get no answer within 24 hours contact us by our alternate emails:
mending7788[@]protonmail.ch

To verify the possibility of the recovery of your files we can decrypted 1-3 file for free.

Attach 1-3 file to the letter (no more than 5Mb). Indicate your personal ID on the letter:
id-RA[redacted 10 lowercase hex]

* No software available on internet can help you. We are the only ones able to solve your problem.
* Make contact as soon as possible. Your private key (decryption key) is onlystored temporarily.
* Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.

Besides being difficult to remove, Curator virus can damage your data permanently and cause issues with the system when it can run for a longer period on one device. Such issues can be fixed with PC repair tools, optimization, cleaning utilities like FortectIntego. There are many things you need to do before you can recover your files using copies stored in the backup device or the cloud.

Curator ransomware virus has no decryption options, so people who suffered from this malware attack need to rely on their data backups or find a third-party application for such a file restoring purpose. Otherwise, it is a waiting game, and you can store some of the ransomware files,e encrypted data on an external device.

Such a thing would come in handy when researchers release a decryptor or law enforcement leak the database of ransomware creators' information and unique victim IDs. File repair is not easy when it comes to crypto-malware and  Curator ransomware encrypted data. This is why you should create backups more frequently.

.CURATOR virus

Go for a full Curator ransomware virus termination procedure right away

The serious damage that Curator file virus might create can lead to permanent losses. The loss of data is not the worst, even though you may lose important files, documents, and other belongings. Unfortunately, ransomware payments might be the ones that frustrate victims more.

When you decide to pay the ransom, you expect to get the decryption tool right away, but criminals still do not provide you the option. You are left with affected data and fewer options to recover after infection. This is why we recommend going for the Curator ransomware removal option eliminating payment as an option. The best way to tackle the issue is SpyHunterCombo Cleaner or MalwarebytesMalwarebytes –  security tools or AV engines. 

Remove Curator ransomware from the system and then run a tool like FortectIntego, so the machine gets scanned and checked for altered files, corrupted programs, virus damage. Such repair of the system performance can help with later on procedures of file recovery and improve the time on your PC.

Be the first to comment

Spyware news
Privacy preferences

We use cookies to improve your experience and analyze traffic. Some cookies enable embedded content like videos and social posts. Choose what you allow — you can change this anytime.