HYDRACRYPT is a virus that once started will encrypt all personal files stored on a computer drives and attached network drives. It uses very strong hybrid encryption with 2048-bit key. When HYDRACRYPT encrypts a file, it will change a file extension to the .hydracrypt_ID_{your_id}. Once the virus finished enciphering of all files, it will display a screen like below.
HYDRACRYPT says that user have 72h to make a payment 1 BTC = $400 to get a key to decrypt files. If the user does not make a payment within this time frame, the amount will be higher.
So, if your computer is infected with HYDRACRYPT virus, then most importantly, do not panic! Use the step-by-step guide below to remove the virus itself and restore your files.
How does a computer get infected with HYDRACRYPT virus
HYDRACRYPT virus is distributed through the use of spam emails. Below is an email that is infected with HYDRACRYPT virus.
Once this attachment has been opened, this virus will be started automatically as you do not even notice that. HYDRACRYPT will start the encryption process. When this process is done, it will display the usual ransom screen like a screenshoot above with instructions on how to decrypt your files.
Step-by-step instructions on How to remove HYDRACRYPT virus and restore encrypted files
If you do not want to pay for a decryption key then you have a chance to restore your files. The following instructions is a full step-by-step guide, which will help you to remove HYDRACRYPT malicious software and decrypt all encrypted files. Important to understand that we cannot guarantee that you will be able to recover all encrypted documents. Please do the instructions step by step. If you need a help or have any questions, then ask for our assistance here or type a comment below.
1. Remove HYDRACRYPT virus.
2. Decrypt .hydracrypt files.
1. Remove HYDRACRYPT virus.
Download MalwareBytes Anti-malware (MBAM) from the link below.
MalwareBytes Anti-malware download link
Once downloaded, close all programs and windows on your computer. Open a directory in which you saved it. Double-click on the icon that named mbam-setup like below.
When the installation begins, you will see the Setup – Wizard that will help you install MalwareBytes Anti-malware on your computer.
Once installation is complete, you will see window similar to the one below.
Now click on the Scan Now button to start scanning your computer. This procedure can take some time, so please be patient.
When the scan is finished, make sure all entries have “checkmark” and click Remove Selected button. MalwareBytes Anti-malware will start to remove ransoware related files, folders, registry keys. Once disinfection is completed, you may be prompted to Restart.
2. Decrypt .hydracrypt files.
Download Decrypter for Hydracrypt from the link below.
Decrypter for Hydracrypt download link.
On first step, the decrypter need to determine the decryption key for your computer. You should help. Create a folder on your desktop, copy to this folder an encrypted .png file and a random non-encrypted .png file (download it from the Internet). Drag a non-encrypted file and .hydracrypt file to decrypt_hydracrypt.exe as shown below.
Click Yes in the user account control pop-up window, if it appears.
Once started, the program will start a brute force process to detect a decryption key. When the decrypter is finished, it will display your key. Click the OK button to start decrypting your files with this key.
The End.
Your computer should now be free of HYDRACRYPT malware. If you need help with the instructions, then ask for help here.
