Bancocrypt Ransomware

What is Bancocrypt Ransomware?

Bancocrypt Ransomware is another name of Jhash Ransomware. Its primary goal is to help cyber criminals to obtain money from users, so the first activity it performs on affected computers is the encryption of victims’ personal files (for instance, pictures, downloads, games, videos, and much more). The encryption of victims’ personal data is nothing new – the majority of ransomware infections created using the source code of Hidden-Tear, open-source ransomware, lock users’ data right after slithering onto their computers. We suspect that your files have already been locked too if you are reading this article. There are hundreds of crypto-threats that could have done that, but you can be sure that Bancocrypt Ransomware is the one responsible for encrypting your data if these files you can no longer open have a new extension appended to them. Specifically speaking, this infection uses the .locky extension to mark those locked files. You will not remove this extension easily. In fact, only a decryptor can do that. You will be offered to purchase it, but you should not do that because cyber criminals behind this threat might not even give it to you. There might be no other ways to decrypt data for free, but you can always restore it from a backup you have. You should not rush to delete these encrypted files from your system even if you have never backed up your data too because free decryption software might be developed someday.

What does Bancocrypt Ransomware do?

You could barely find files that have not been locked if Bancocrypt Ransomware ever manages to infiltrate your computer. Yes, it will leave files in the %WINDIR% directory (Windows files) intact as it does not seek to corrupt the operating system, but it will surely lock files located in all other directories, e.g. %USERPROFILE%\Desktop, %USERPROFILE%\Documents, %USERPROFILE%\Music, %USERPROFILE%\Saved Games, %USERPROFILE%\Videos, and %USERPROFILE%\Searches. Bancocrypt Ransomware also checks whether READ_IT.txt.locky is located on Desktop, and if it finds it there, it deletes it and drops Leeme_Nota_de_Rescate.txt in its place – it is a ransom note. The ransom note tells users to send 10 dollars via PAYZA in exchange for the decryption tool that can unlock personal data. The ransom it demands is very small if compared to amounts of money other ransomware infections require. You can send it to cyber criminals if you need your files back badly, but do not forget that there are no guarantees that you will get that decryption tool from them.

Where does Bancocrypt Ransomware come from?

Researchers working at say that Bancocrypt Ransomware should be mainly distributed via spam emails. Specifically speaking, it is very likely that it is disguised as a spam email attachment. When the attachment is opened and the ransomware infection is executed, it deletes itself. It does not mean that it disappears from the system completely – it copies itself to %HOMEDRIVE%\{user name}\Rand123\local.exe. Also, it downloads a .jpg image with a message for users and might set it as a new Desktop Wallpaper. Luckily, it is not one of those infections that make changes in the system registry or blocks system utilities, so its removal should not be very complicated. We can assure you that there is a ton of sophisticated ransomware infections available and cyber criminals develop new crypto-malware every day, so it would be a huge mistake to leave the system unprotected after the removal of this ransomware infection. If Bancocrypt Ransomware has managed to infiltrate your computer successfully, the chances are high that other threats will do that too easily, so you should take all possible security measures to protect your system from harmful malicious software. Our security specialists say that users do not need to do much to ensure the maximum protection of their computers. The installation of a reputable antimalware tool is enough to prevent future malware from entering the system illegally, according to them.

How to delete Bancocrypt Ransomware

No matter you pay the ransom to cyber criminals or not, you need to delete the ransomware infection from your computer because they will not remove it for you. Even though it does not make many modifications following the successful entrance, you will still need to put some effort into its deletion, so if you are far from an expert in malware removal, you should consult the manual removal guide you can find below this article. If you are looking for a quicker removal method, you should use an automated scanner, aka an antimalware tool, instead.

Remove Bancocrypt Ransomware manually

  1. Tap Ctrl+Shift+Esc.
  2. Click Processes to open this tab.
  3. Kill all suspicious processes and then close Task Manager.
  4. Open Explorer (tap Win+E).
  5. Go to %HOMEDRIVE%\[user] .
  6. Delete the entire Rand123 folder.
  7. Delete ransom.jpg.
  8. Open %USERPROFILE%\Desktop.
  9. Delete the ransom note Leeme_Nota_de_Rescate.txt.
  10. Empty Recycle bin. 100% FREE spyware scan and
    tested removal of Bancocrypt Ransomware*

Leave a Comment

Enter the numbers in the box to the right *