Smartransom Ransomware

What is Smartransom Ransomware?

Smartransom Ransomware is a Chinese-developed ransomware that was designed to encrypt your files and also lock your PC entirely so that you could not use it. Its creators use an innovative technique for receiving ransom payments. However, we do not recommend that you comply with their demands because you might not get the promoted decryption key. You may lose not only your files but also your money. In this short article, we will discuss how this program is disseminated, how it is distributed and how you can remove it from your PC safely.

Where does Smartransom Ransomware come from?

As mentioned, this browser hijacker was created by Chinese developers and for the Chinese speaking population as its ransom note is in the Mandarin language only. The methods used to infect the computers of unwary users are unknown. Therefore, we can only assume that the developers have employed the most commonly used method for distributing ransomware and that is email spam. This ransomware can be sent as a file attached to an email. The file may be zipped and presented to the victim as some document such as an invoice, receipt, and so on. If the user opens the archive and opens the file in it, then the computer will become infected with Smartransom Ransomware.

What does Smartransom Ransomware do?

If your computer becomes infected with Smartransom Ransomware, then it will drop a photo of a girl model and open it. When you close the photo or minimize it, the ransomware locks the screen. The lock screen is a black background with text in Mandarin. The lock screen also contains a QR code that redirects to https://tieba.baidu.com/f?kw=戒色. Apparently, the QR code is needed to pay the ransom. While we do not know the specifics, it seems that you have to pay an unspecified sum of money via the featured link and then you will get the decryption tool. However, there are no guarantees in this case as the developers might receive your payment but fail to keep their end of the bargain. This happens quite often, so if they ask for a substantial sum of money, you should decline to pay. However, the bad news is that the algorithm used to encrypt your files can not be decrypted.

Our researchers have acquired a sample of this ransomware and tested it. Testing has shown that, before encrypting your files, it will enumerate files in %USERPROFILE%\Desktop and %USERPROFILE%\Documents. Research has shown that it will encrypt only a shrot list of file types that include .7z, .zip, .rar, .au3, .png, .jpg, .psd, .xls, .xlsx, .pptx, .ppt, .docx, .doc, and .pdf. However, the ransomware only encrypts the contents of the files and does not append the default file extension.

How do I remove Smartransom Ransomware?

In closing, Smartransom Ransomware is a typical ransomware-type infection that is set to encrypt your files and lock your computer’s screen. The good news is that you can bypass the lock screen and delete the malicious files manually or get an anti-malware program such as SpyHunter to do that for you. We do not recommend that you pay the ransom as you might not get the promised decryption tool. Please follow the instructions below and remove this ransomware safely.

Removal Guide

1. Press Alt+F4 to close the lock screen.
2. Press Windows+E keys.
3. Type the following file paths and hit Enter.
   • %TEMP%
   • %USERPROFILE\Downloads
   • %USERPROFILE\Desktop
4. Delete recently downloaded files (possible ransomware name: WTF.exe)
5. Empty the Recycle Bin. Download Removal Tool100% FREE spyware scan and
   tested removal of Smartransom Ransomware*