Decryption Assistant Ransomware

What is Decryption Assistant Ransomware?

Decryption Assistant Ransomware is a new ransomware-type infection that is part of the Hidden-Tear ransomware family that also includes ransomware such as Kill Zorro Ransomware, Angleware Ransomware, and several others. This new ransomware is now being distributed, but the twist here is that it does not even work. Our malware analysts have tested it and found that it does not encrypt your files, and you could not pay the ransom even if it did. Therefore, you can simply remove this computer infection from your PC and carry on using it as normal. While this ransomware is not a threat now, it can be in the future as it seems that it has not been completed yet. Indeed, it is still in development, and it might actually encrypt your files in the future.test

Where does Decryption Assistant Ransomware come from?

As mentioned in the introduction, Decryption Assistant Ransomware belongs to the Hidden-Tear ransomware family that also includes CryptoKill Ransomware, Korean Ransomware, Redants Ransomware, Kill Zorro Ransomware, and Angleware Ransomware. All of these applications are highly malicious and can cause you many problems. Also a fact, Hidden-Tear ransomware infections have a habit of being released before being completed entirely, so it is not surprising that this new ransomware was released at this stage. Still, it is semi-functional since it can infect your PC.

Researchers say that this new ransomware can be distributed via email spam. It is possible that its secretive developers have set up an email server dedicated to sending email spam to random users. The emails can feature a deceptive link that will download this ransomware when clicked. However, it is more likely that the emails feature this ransomware as an attached file that is dropped onto your PC when you open or extract it. Note that if you run the executable without downloading it, then it will be run from the %Temp% folder. As far as the emails are concerned, at this point, we do not know how the emails are presented, but they may be disguised as emails from legitimate, well-known private companies or government institutions. Researchers say the file name of Decryption Assistant Ransomware can be FlashPlayerUpdate.exe as it has been seen using this name but, nevertheless, there can be other variations as well.

How does Decryption Assistant Ransomware work?

Researchers say that Decryption Assistant Ransomware should use the AES encryption algorithm. However, as we already discussed, it does not encrypt anything, but if it did, then it would target your documents, pictures, videos and audios files. The targeted file extensions include .asp, .aspx, .csv, .doc, .docx,.exe, .html, .jpg, .mdb, .odt, .php, .png, .ppt, .pptx, .psd, .sln, .sql, .txt, .xls, .xlsx, and .xml. In short, it would target file formats that are more likely to hold personal and, thus, valuable information. Furthermore, this program would append the encrypted files with the ".pwned" file extension. Once the encryption is complete (when it actually is not) this program opens its GUI window that features the ransom note and a timer that is set to run it within an hour. The developers want you to pay the ransom within one hour of the encryption, or they will delete the private decryption key. However, as already stated, this program neither encrypts nor deletes the decryption key. The Payment status and decrypt files buttons do not work, so this ransomware is just an empty shell, so do not attempt to pay the ransom as you can simply get rid of this ransomware can continue using your PC.

How do I remove Decryption Assistant Ransomware?

We hope you found this article insightful and you are now ready to get rid of Decryption Assistant Ransomware because you do not have to comply with its demands as it does not encrypt files like it says it does. We recommend either using our manual removal guide or getting SpyHunter — our featured anti-malware program in case you have trouble detecting and identifying this ransomware.

Removal Guide

  1. Simultaneously press Win+E keys.
  2. In File Explorer’s address box, type the following file paths.
    • %USERPROFILE\Downloads
    • %USERPROFILE\Desktop
    • %TEMP%
  3. Press Enter.
  4. Locate this ransomware (e.g. FlashPlayerUpdate.exe,) right-click it and click Delete.
  5. Empty the Recycle Bin. 100% FREE spyware scan and
    tested removal of Decryption Assistant Ransomware*
Disclaimer
Disclaimer

Leave a Comment

Enter the numbers in the box to the right *