Technicy Ransomware

What is Technicy Ransomware?

We want to inform you about a new ransomware-type computer infection called Technicy Ransomware that belongs to the Hidden-Tear ransomware family. It uses the Advanced Encryption Standard (AES) to encrypt your personal files. The cybercriminals do not ask you to pay money for a decryption key as the ransom note contains no links or instructions. Therefore, all you can do is remove this program and wait for a free decryption tool to be produced by the cybersecurity industry.

What does Technicy Ransomware do?

If your PC were to become infected with Technicy Ransomware, then it would spring into action immediately and begin encrypting your files. As mentioned, it uses the AES encryption method which is very effective and ensures a strong encryption. When you run this ransomware for the first time, it creates a copy of itself in %HOMEDRIVE%\[USERNAME]\Rand123\local.exe. Note that the executable is named local.exe which is a rather unassuming name and can potentially pass as legitimate. However, we want to note that the location of the executable and name are subject to change. Also, this ransomware drops an image file called technicy.png in %HOMEDRIVE%\[USERNAME] which should probably change the desktop background but did not do that during testing. The image is downloaded from https://i.imgur.com/apwHIIg.png.

As far as the encryption process is concerned, we have found that it was set to encrypt file types that include, without limitation, .mp3 .mp4 .f3d .dwg .cpp .zip .rar .mov .rtf .bmp .mkv .avi .apk .lnk .iso .7-zip .ace and .arj. It encrypts files in on the desktop as well as in Links, Contacts, Desktop, Documents, Downloads, Pictures, Music, OneDrive, Saved Games, Favorites, Searches, and Videos folders. Evidently, this ransomware was designed to target files of personal nature to compel you to pay the ransom. All of the encrypted files receive a custom '.technicy' file extension.

Once the encryption is complete, this ransomware drops ransom note named czytaj.txt which is a text file that has text in Polish. However, this ransom note does not appear to be a ransom note at all. It appears that the developers do not want you to pay a ransom as they encrypt your files for the sake of encrypting them.

Where does Technicy Ransomware come from?

Technicy Ransomware is similar to Onion3Cry Ransomware, VideoBelle Ransomware, and Balbaz Ransomware because it belongs to the Hidden-Tear ransomware family. All of the programs in this family have been based on the Hidden-Tear project that has since been abandoned by its original developer. Unfortunately, the source code was available to the public, so cybercriminal-wannabes used it as a basis to build their own ransomware-type programs.

The distribution methods used for this ransomware are unknown, but we believe that the cybercriminals might have set up an email server to send this ransomware in fake emails. The emails can be disguised to look like they come from legitimate companies and might be made to look like invoices, receipts and so on. These emails might contain the main executable of Technicy Ransomware attached to them which will infect your PC when you open the attached file.

How do I remove Technicy Ransomware?

Unfortunately, there is no free decryption tool developed by the cybersecurity industry, so if this ransomware has infected your PC, then, sadly, your files are likely to remain encrypted  indefinitely (unless a free decryption tool appears.) In the meantime, we recommend that you remove this ransomware from your PC as soon as possible. You can use an anti-malware program called SpyHunter, but you can also delete it manually using the guide below.

Manual Removal Instructions

1. Press Windows+E keys.
2. Type %HOMEDRIVE%\[USERNAME]\Rand123\ in the File Explorer address box.
3. Hit Enter.
4. Find local.exe
5. Right-click local.exe and click Delete.
6. Type %HOMEDRIVE%\[USERNAME] and hit Enter.
7. Find technicy.png
8. Delete czytaj.txt
9. Right-click the Recycle Bin and click Empty Recycle Bin. Download Removal Tool100% FREE spyware scan and
   tested removal of Technicy Ransomware*

Stop these Technicy Ransomware Processes: