WinSec ransomware strikes at Portuguese users
WinSec virus seems to target one specific group of netizens – Portuguese users. However, if it does not mean that residents of other countries should let their guard down. It is yet another virus created on the basis of open-source crypto-malware – HiddenTear[1]. The internet has no borders so virus targeted at one group may soon spread into other cyber regions[2]. Unintentionally users facilitate the distribution as well. Speaking of this malware, its transmission frequency is still low, but it is already detectable by several security applications. It also contains quite unusual features but is said to use AES encryption method which unfortunately bothers the decryption process. If you accidentally happened to open the email attachment and activate this file-encrypting threat, find out how you can remove WinSec from the device.
Portuguese ransomware viruses are not a rarity. In the past, there were already a couple of viruses directed at this country‘s Internet users: CryptoLocker Portuguese virus, etc. There have been also poor imitations. However, some of them even happen to be quite elaborate[3]. WinSec malware seems to possess quite insidious features: once it gets into the system, it might trigger fake Windows error messages which might be presented as Windows Security alerts. Likewise, if users notice winsec.exe file running on the system, they may not regard it as a fraudulent file. As a result, they accidentally pave way for the ransomware to operate without disturbance. Furthermore, WinSec malware does not indicate any email address for contacting the racketeers.

Instead, the program of the infection presents a box where users should enter their email and supposedly receive the decryption key. No specific amount of ransom is indicated so the sum varies each case. Needless to say, that we do not recommend contacting the cyber villains[4]. Besides your computer, your email account might be hacked as well. If you store your important documents in Google Docs, such WinSec hijack might be too severe. Speaking about data recovery, you might need to opt for alternative methods to restore documents which now contain .locked file extension. You can do it with the help of backup copies, shadow volume copies or data recovery programs. Some of the recommendations are provided below.
How did the malware settle on my device?
Spam emails remain the most profitable and popular distribution methods. Regardless of constant warnings, users still pay little attention when reviewing their spam folder. They should not get on the hook even if the emails are addressed to them directly. Some hackers may scare users with a subpoena from a court or tax refund emails[5]. In such cases, restrain from opening the attached files and remove the email right away. Alternatively, WinSec ransomware might occupy the device in the form of a trojan. Now it is detectable as Trojan.MSIL.Filecoder, Win32:Malware-gen, Troj.Ransom.W32.Foreign!c, Ransom_CRYPTEAR.SM, etc. Thus, you should combine your anti-virus with malware elimination utility, e.g. FortectIntego or MalwarebytesMalwarebytes, to improve the overall protection of the system. Now let us proceed to WinSec removal section.
WinSec elimination guidelines
Whether it is more elaborate or quite weak ransomware, manual termination might be futile. Use security apps to remove WinSec virus. If either anti-virus or malware elimination utility is shut down forcefully, look up the below instructions to regain full access. Then, you will be able to proceed with WinSec removal. Note that security applications do not restore encrypted files. take a look at the bottom of the page. Under “Bonus: Recover your data,” you might find useful tips.
Was this guide helpful?
2 comments