• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

MyAntiSpyware

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

GETCRYPT@COCK.LI ransomware virus (Restore, Decrypt encrypted files files)

Myantispyware team May 24, 2019    

GETCRYPT@COCK.LI ransomware is a malicious software that invisibly penetrates the computer and encrypts personal files which stored on PC system disks. While encrypting, it renames all encrypted documents, photos and music so that they have a new file extension.

Files encrypted by "GETCRYPT.COCK@LI ransomware"

Files encrypted by “GETCRYPT.COCK@LI ransomware”

GETCRYPT@COCK.LI ransomware will hijack a whole computer and its data and demand a ransom in order to unlock (decrypt) them. The authors of ransomware have a strong financial motive to infect as many systems as possible. The ransomware will encrypt all files that are not located in the following folders:

  • %AppData%
  • $Recycle.Bin
  • ProgramData
  • Users\All Users
  • Program Files
  • Local Settings
  • Windows
  • Boot
  • System Volume Information
  • Recovery

When encrypting a file it will add a new file extension to each encrypted file name to identify that the file has been encrypted. For example, a file called sample.doc would be encrypted and renamed to sample.doc.NDSA.

When the encryption procedure is complete, the malicious software leaves a ransomnote called ‘# DECRYPT MY FILES #.txt’ with instructions on how to purchase a private key to decrypt all personal files. You can see an one of the variants of the ransom instructions below:

Attention! Your computer has been attacked by virus-encoder!
All your files are now encrypted using cryptographycalli strong aslgorithm.
Without the original key recovery is impossible.

TO GET YOUR DECODER AND THE ORIGINAL KEY TO DECRYPT YOUR FILES YOU NEED TO EMAIL US AT:
GETCRYPT@COCK.LI

It is in your interest to respond as soon as possible to ensure the restoration of your files.

P.S only in case you do not recive a response from the first email address within 48 hours,

 

Threat Summary

Name GETCRYPT@COCK.LI ransomware
Type Ransomware, Filecoder, Crypto virus, File locker
Encrypted files extension random 4 character extension
Ransom note # DECRYPT MY FILES #.txt
Contact getcrypt@cock.li
Ransom amount $300-$1000 in Bitcoins
Symptoms
  • Unable to open files
  • You get an error message like ‘Windows can’t open this file’, ‘How do you want to open this file’
  • Your file directories contain a ‘ransom note’ file that is usually a .txt file
  • You have received instructions for paying the ransom
Removal To remove GETCRYPT@COCK.LI ransomware use the removal guide
Decryption To decrypt GETCRYPT@COCK.LI ransomware use the steps

 

In the tutorial below, I have outlined few methods that you can use to remove GETCRYPT@COCK.LI ransomware from your computer and restore (decrypt) encrypted files from a shadow volume copies or using file recover apps.

Quick links

  1. How to remove GETCRYPT@COCK.LI ransomware
  2. How to decrypt GETCRYPT@COCK.LI ransomware
  3. Use GetCrypt Decryptor to decrypt encrypted files
  4. How to restore encrypted files
  5. How to protect your PC system from GETCRYPT@COCK.LI ransomware virus?
  6. Finish words

How to remove GETCRYPT@COCK.LI ransomware

Using a malicious software removal tool to find and remove ransomware virus hiding on your machine is probably the easiest method to remove the GETCRYPT@COCK.LI ransomware virus. We recommends the Zemana program for MS Windows computers. MalwareBytes Free and KVRT are other antimalware utilities for Microsoft Windows that offers a free malware removal.



Use Zemana Anti-malware to remove GETCRYPT@COCK.LI ransomware virus

We suggest you to use the Zemana Anti-malware which are completely clean your computer of this ransomware virus. Moreover, the tool will allow you to remove trojans, malicious software, worms and adware software that your system may be infected too.

Installing the Zemana Anti-Malware (ZAM) is simple. First you’ll need to download Zemana Free by clicking on the link below.

Zemana AntiMalware
Zemana AntiMalware
165036 downloads
Author: Zemana Ltd
Category: Security tools
Update: July 16, 2019

Once the downloading process is finished, close all software and windows on your machine. Open a directory in which you saved it. Double-click on the icon that’s called Zemana.AntiMalware.Setup as displayed below.

Zemana icon

When the install starts, you will see the “Setup wizard” that will help you install Zemana Anti Malware on your PC.

Zemana SetupWizard

Once install is complete, you will see window as shown below.

Now press the “Scan” button . Zemana Free utility will start scanning the whole computer to find out the GETCRYPT@COCK.LI ransomware and other security threats. Depending on your machine, the scan can take anywhere from a few minutes to close to an hour. While the tool is checking, you can see how many objects and files has already scanned.

Zemana search for GETCRYPT@COCK.LI ransomware virus, other kinds of potential threats such as malware and trojans

Once Zemana AntiMalware (ZAM) has completed scanning your PC, the results are displayed in the scan report. Review the results once the tool has complete the system scan. If you think an entry should not be quarantined, then uncheck it. Otherwise, simply click “Next” button.

Zemana Free scan is finished

The Zemana will remove GETCRYPT@COCK.LI ransomware virus related files, folders and registry keys.

Use MalwareBytes AntiMalware (MBAM) to remove GETCRYPT@COCK.LI ransomware

If you are having issues with the GETCRYPT@COCK.LI ransomware removal, then download MalwareBytes Anti Malware. It is free for home use, and scans for and deletes various malicious software that attacks your machine or degrades computer performance. MalwareBytes Anti-Malware (MBAM) can remove adware, worms as well as malware including ransomware and trojans.
MalwareBytes Free for MS Windows, scan for ransomware is finished

Visit the page linked below to download the latest version of MalwareBytes Free for Windows. Save it on your Desktop.

Malwarebytes Anti-malware
Malwarebytes Anti-malware
327265 downloads
Author: Malwarebytes
Category: Security tools
Update: April 15, 2020

When the download is finished, run it and follow the prompts. Once installed, the MalwareBytes Anti-Malware will try to update itself and when this task is finished, press the “Scan Now” button . MalwareBytes application will scan through the whole PC system for the GETCRYPT@COCK.LI ransomware, other malicious software, worms and trojans. Depending on your machine, the scan can take anywhere from a few minutes to close to an hour. When a threat is found, the count of the security threats will change accordingly. Wait until the the checking is finished. Review the report and then press “Quarantine Selected” button.

The MalwareBytes is a free application that you can use to remove all detected folders, files, services, registry entries and so on. To learn more about this malicious software removal utility, we suggest you to read and follow the tutorial or the video guide below.

Remove GETCRYPT@COCK.LI ransomware with KVRT

The KVRT utility is free and easy to use. It can scan and remove ransomware, malicious software, trojans and adware. KVRT is powerful enough to find and remove malicious registry entries and files that are hidden on the PC system.

Download Kaspersky virus removal tool (KVRT) from the following link. Save it to your Desktop so that you can access the file easily.

Kaspersky virus removal tool
Kaspersky virus removal tool
129294 downloads
Author: Kaspersky® lab
Category: Security tools
Update: March 5, 2018

Once the download is finished, double-click on the KVRT icon. Once initialization procedure is done, you’ll see the Kaspersky virus removal tool screen as on the image below.

Kaspersky virus removal tool main window

Click Change Parameters and set a check near all your drives. Press OK to close the Parameters window. Next press Start scan button to perform a system scan for the GETCRYPT@COCK.LI ransomware virus . A system scan can take anywhere from 5 to 30 minutes, depending on your PC system. While the KVRT is checking, you can see how many objects it has identified either as being malware.

KVRT scanning

When the checking is complete, KVRT will display a scan report as shown on the screen below.

KVRT scan report

Review the scan results and then click on Continue to begin a cleaning procedure.

How to decrypt encrypted files

The GETCRYPT@COCK.LI ransomware offers victim to contact it’s authors in order to decrypt all personal files. These persons will require to pay a ransom (usually demand for $300-1000 in Bitcoins).

Should you pay the ransom

We don’t recommend paying a ransom, as there is no guarantee that you will be able to decrypt your documents, photos and music. In addition, you must understand that paying money to the cyber criminals, you are encouraging them to create a new ransomware virus.

Files encrypted by "GETCRYPT.COCK@LI ransomware"

Files encrypted by “GETCRYPT.COCK@LI ransomware”

With current variants of the GETCRYPT@COCK.LI ransomware, it is possible to decrypt or restore encrypted files using free tools such as GetCrypt Decryptor, ShadowExplorer and PhotoRec.




Use GetCrypt Decryptor to decrypt encrypted files

EMSISOFT company released a free decryption tool named GetCrypt Decryptor.

GetCrypt Decryptor

GetCrypt Decryptor

  1. GetCrypt Decryptor can be downloaded from here. Save it directly to your MS Windows Desktop.
  2. At the download page, click on the Download button. Your internet browser will open the “Save as” dialog box. Please save it onto your Windows desktop.
  3. When the download is complete, please close all applications and open windows on your machine. Next, launch a file called “decrypt_GetCrypt.exe”.
  4. Select an encrypted file and its unencrypted version.
  5. Further, press the Start button.
  6. GetCrypt Decryptor will start brute forcing to find out your decryption key.
  7. When finished, click OK button. Add all of the locations you want to decrypt to the list and press Decrypt button.

How to restore encrypted files

In some cases, you can recover files encrypted by GETCRYPT@COCK.LI ransomware virus. Try both methods. Important to understand that we cannot guarantee that you will be able to recover all encrypted photos, documents and music.




Use shadow copies to recover encrypted files

In order to restore encrypted files encrypted by the GETCRYPT@COCK.LI ransomware virus from Shadow Volume Copies you can run a utility called ShadowExplorer. We suggest to use this method as it is easier to find and restore the previous versions of the encrypted files you need in an easy-to-use interface.

ShadowExplorer can be downloaded from the following link. Save it on your Windows desktop or in any other place.

ShadowExplorer
ShadowExplorer
439666 downloads
Author: ShadowExplorer.com
Category: Security tools
Update: September 15, 2019

Once the download is finished, extract the saved file to a folder on your system. This will create the necessary files as shown below.

ShadowExplorer folder

Start the ShadowExplorerPortable application. Now select the date (2) that you want to restore from and the drive (1) you want to recover files (folders) from like below.

recover encrypted files with ShadowExplorer utility

On right panel navigate to the file (folder) you want to restore. Right-click to the file or folder and click the Export button as shown in the following example.

ShadowExplorer restore encrypted files

And finally, specify a directory (your Desktop) to save the shadow copy of encrypted file and click ‘OK’ button.

Use PhotoRec to recover encrypted files

Before a file is encrypted, the GETCRYPT@COCK.LI ransomware virus makes a copy of this file, encrypts it, and then deletes the original file. This can allow you to restore your photos, documents and music using file restore applications like PhotoRec.

Download PhotoRec from the following link.

PhotoRec
PhotoRec
221318 downloads
Author: CGSecurity
Category: Security tools
Update: March 1, 2018

Once the downloading process is complete, open a directory in which you saved it. Right click to testdisk-7.0.win and select Extract all. Follow the prompts. Next please open the testdisk-7.0 folder like below.

testdisk photorec folder

Double click on qphotorec_win to run PhotoRec for MS Windows. It will open a screen as displayed in the figure below.

PhotoRec for windows

Select a drive to recover as shown in the figure below.

photorec select drive

You will see a list of available partitions. Choose a partition that holds encrypted personal files as displayed on the screen below.

photorec select partition

Press File Formats button and specify file types to recover. You can to enable or disable the recovery of certain file types. When this is finished, click OK button.

PhotoRec file formats

Next, click Browse button to choose where recovered documents, photos and music should be written, then press Search.

photorec

Count of recovered files is updated in real time. All recovered photos, documents and music are written in a folder that you have chosen on the previous step. You can to access the files even if the restore process is not finished.

When the recovery is complete, click on Quit button. Next, open the directory where recovered personal files are stored. You will see a contents as displayed on the image below.

PhotoRec - result of recovery

All recovered files are written in recup_dir.1, recup_dir.2 … sub-directories. If you’re searching for a specific file, then you can to sort your recovered files by extension and/or date/time.

How to protect your PC system from GETCRYPT@COCK.LI ransomware virus?

Most antivirus software already have built-in protection system against the ransomware virus. Therefore, if your computer does not have an antivirus program, make sure you install it. As an extra protection, use the HitmanPro.Alert.

Run HitmanPro.Alert to protect your computer from GETCRYPT@COCK.LI ransomware

HitmanPro.Alert is a small security utility. It can check the system integrity and alerts you when critical system functions are affected by malware. HitmanPro.Alert can detect, remove, and reverse ransomware effects.

HitmanPro Alert can be downloaded from the following link. Save it on your Microsoft Windows desktop.

HitmanPro.Alert
HitmanPro.Alert
6879 downloads
Author: Sophos
Category: Security tools
Update: March 6, 2019

After the downloading process is finished, open the file location. You will see an icon like below.

HitmanPro.Alert file icon

Double click the HitmanPro.Alert desktop icon. When the tool is started, you will be displayed a window where you can choose a level of protection, as displayed below.

HitmanPro.Alert install

Now click the Install button to activate the protection.

Finish words

Now your PC system should be clean of the GETCRYPT@COCK.LI ransomware virus. Remove MalwareBytes and Kaspersky virus removal tool. We suggest that you keep Zemana AntiMalware (to periodically scan your PC for new malware). Moreover, to prevent ransomware, please stay clear of unknown and third party programs, make sure that your antivirus program, turn on the option to block or detect ransomware.

If you need more help with GETCRYPT@COCK.LI ransomware virus related issues, go to here.

 

Virus

 Previous Post

How to remove See Scenic Elf adware [Virus removal guide]

Next Post 

How to remove Henhemnatorstold.pro pop-ups [Chrome, Firefox, IE, Edge]

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

Leave a Reply Cancel reply

New Guides

scam alert
Safe Sync GPS Tracker Reviews, Scam or Legit, Uncovering the Truth!
scam alert
TEKORON.com Scam Alert: Fake Bitcoin Promo Codes
scam alert
Avoid Sanobit.com Scam: The Truth About Bitcoin Promo Codes
Rexocoin.com BTCUS Promo Code Scam: What You Should Know
Plobsi.com Promo Code Fraud: A Bitcoin Scam to Watch Out For

Follow Us

Search

Useful Guides

remove android virus
How to remove virus from Android phone
Smart Captcha Virus redirect
What is a Virus that Redirects Web Pages? A Comprehensive Guide
Iphone Calendar virus spam
Iphone Calendar Virus/Spam 2022 (Removal guide)
Managed by your organization chrome virus
Chrome Managed by your organization malware removal guide
Files encrypted by ransomware become useless
How To Recover Encrypted Files (Ransomware file recovery)

Recent Guides

How to remove See Scenic Elf adware [Virus removal guide]
Onlinefeed.xyz
How to remove Onlinefeed.xyz pop-ups [Chrome, Firefox, IE, Edge]
Shipment Tracker
How to remove Shipment Tracker [Chrome, Firefox, IE, Edge]
search.hshipmenttracker.co
How to remove Search.hshipmenttracker.co [Chrome, Firefox, IE, Edge]
Muchlingreinri.pro
How to remove Muchlingreinri.pro pop-ups [Chrome, Firefox, IE, Edge]

Myantispyware.com

Myantispyware has been a trusted source for computer security and technology advice since 2004. Our mission is to provide reliable tech guidance and expert, practical solutions to help you stay safe online and protect your digital life.

Social Links

Pages

About Us
Contact Us
Privacy Policy

Copyright © 2004 - 2024 MASW - Myantispyware.com.