Strictor Ransomware

Posted by Lisa Blanc on March 25, 2016

What is Strictor Ransomware?

Strictor Ransomware is a ransomware infection that was first detected on the 16th of March, 2016. The infection itself is not very prevalent; however, it is an extremely harmful one, so you should take measures to ensure the system’s safety. If you have not been able to protect your system from harm and Strictor Ransomware sneaked onto your computer, you should eliminate it from the system even though it seems that it is the only one which can unlock files for you. Yes, this ransomware infection will encrypt a bunch of files from the Documents folder in order to extort money from users. In this sense, it does not differ from other ransomware infections, e.g. Rokku Ransomware, Redshitline Ransomware, and Better_call_saul Ransomware. Luckily, this infection does not stay on the system and does not apply many changes, so it will not be a very difficult task to erase it from the system.testtesttest

How does Strictor Ransomware act?

Strictor Ransomware uses the AES-256 encryption algorithm, and, as you already know, it touches files in the Documents folder only. If you keep music, important text documents, pictures or other files there, you will not be able to access them anymore in case the ransomware infection sneaks onto the computer. It is possible to easily recognize encrypted files. All of them will have the .locked extension, for example, picture.locked. The ransomware infection will also drop the WindowsUpdate.locked file on the system in order to inform users: “All your files are now under my rule, Pay me some Bitconis and make them yours.” Ironically, this file also contains the encryption key that can help users to decrypt files without paying money as well. Last but not least, Strictor Ransomware will also modify the Wallpaper by putting the message with the following text:

All your precious Files on your computer

I have successfully encrypted!

Your files are encrypted. To get the key to decrypt files you have to pay 500USD. If payment is not made before {date} the cost of decrypting files will increase 2 times and will be 1000 USD.

Click below to pay us the bitcoins!!!

If you click on the Pay button, the HTTP request will be made to the web page located on the C & C server and you will see the page ahead of you. You will be able to pay a ransom of 500USD on this page and download the decryption tool after doing that. It is said that the payment will increase if you do not do that within the stated time: “if you do not take the necessary measures for the specified time then the conditions for obtaining the private key will be changed.” You can pay money if you need your files desperately; however, keep in mind that we cannot guarantee that you could download the decryption tool after doing that. Actually, Strictor Ransomware does not seem a well-developed threat because it keeps popping-up messages “Oopz !! URL not reachable” and “Oopz !! Are you trying to fool me? Connect me to the Internet;)” from time to time even though the Internet is not disconnected, which is why we do not recommend trusting it and sending the money. If we have convinced you not to do that, you should know that you can restore files from a backup. Of course, it is a problem if you do not have a copy of, at least, your main files.

Where does Strictor Ransomware come from?

Researchers working at anti-spyware-101.com have managed to find out that Strictor Ransomware is usually spread as a legitimate-looking .pdf file in Spam email attachments. In most cases, it has a fake name, e.g. Bank_Account_Summary.exe, which is why users tend to download the attachment. The threat slithers onto the computer the moment a user double-clicks on the executable file. Of course, ransomware infections might find other ways to sneak onto computers, for example, they might slither onto computers together with other unreliable programs. Last but not least, the entrance of Strictor Ransomware might be the result of the presence of other malicious applications. You should be much more careful in the future and definitely install a security tool on your PC in order to protect the system from harm in the future.

How to delete Strictor Ransomware

Strictor Ransomware does not install many files on the system. Therefore, you will simply have to remove the malicious executable file you have probably downloaded yourself. You will also need to remove the WindowsUpdate.locked too; however, we suggest keeping it if you have decided to wait for a decryption tool to appear on the web because the password this file contains might help you to decrypt files for free. Last but not least, you will also have to change your wallpaper to get rid of this ransomware completely. You should do that only if you are not going to pay the ransom.

Delete Strictor Ransomware

  1. Find and delete the malicious file, e.g. Bank_Account_Summary.locked.
  2. Find and delete WindowsUpdate.locked from the Documents/My Documents directory (do not do that if you are going to wait for a decryption tool to be available).
  3. Change your wallpaper.
  4. Empty the recycle bin.

You can also scan your system in order to find out whether your system is really clean after the deletion of this ransomware.

100% FREE spyware scan and
tested removal of Strictor Ransomware*
Disclaimer
Disclaimer
Threats

Leave a Comment

Enter the numbers in the box to the right *