What is Smartransom ransomware? This computr infection is a ransomware developed by Chinese cyber criminals and was first discovered later in May, 2017. Most of its target victims are from Asian-Pacific countries. So if even if you are not from Asia, that does not mean you are exempted to this threat so you should never let your guard down. The Smartransom ransomware was designed to encrypt the user’s computer files and lock the computer screen making it inaccessible to the user. Once it infiltrates your computer, it will then immediately start to encrypt the files on your computer using an advanced encryption algorithm that is not yet decryptable as of the moment of writing this article. After it finishes the encryption process, the Smartransom ransomware will open a photo of a girl and if you minimize or close the picture that’s when the ransomware locks the screen. After the screen is locked, it will display a black background with the ransom note that is written in Mandarin as well as a QR code that redirects you to https://tieba.baidu{.}com/f?kw=戒色 so that a payoff in BitCoin can be paid through scanning the code from phone using the BitCoin application.
It then displays this message:
“你好
你一定很想知道我是谁
我告诉你吧,我是你爹
我把你电脑里重要文件都加密了
你一定很想打我对不对
扫描屏幕上的二维码,向我付款
芫事后我会给你解密工具
记得把屏幕上方的密钥记下来哦
这样我才能帮你解密嘛‘”
The message means:
“Hello
Do you know who I am?
I am your father.
Your files have been encrypted.
Scan the two-digit code on the screen.
Do not forget to write down the key on the top screen so I could give you the decryption tool.”
Once it gets in to your computer the Smartransom ransomware will scan for certain types of files. The following are some of the files that are usually targeted by this ransomware:
au3, .BMP, .CUR, .doc, .docx, .GIF, .ICO, .JPG, .MID, .MIDI, .pdf, .PNG, .ppt, .pptx, .prn, .psd, .rar, .txt, .WAV, .xls, .xlsx, .zip.
Despite the Smartransom ransomware being unique from its group, its distribution methods are quite the same. This ransomware is usually spread via malicious spam emails that contains the infected file or corrupted link. Most of the attachments are usually archieved like .zip, .rar, etc. The spam email portrays an important message like an invoice, confirmation letter and other documents that can pique your curiosity. This ransomware also uses fake installers and updates, corrupted links to suspicious websites, etc.
The Smartransom ransomware is somewhat different from the other ransomware. While other ransomware might still let you access your computer, which is not the case for Smartransom ransomware. It will really leave you no choice at all. A naïve computer user might just give in because there seems to be no way out since the ransomware has already locked the screen making it inaccessible and thus, will consider paying the ransom just so they can access their computer and recover their encrypted files. But that’s not what you should be thinking. Never even consider giving in to the demands of the cyber criminals for their promise to decrypt your files is as good as nothing, meaning to say, there is no guarantee that they will do their end of the bargain. What you should try to instead is look for a solution on how to get rid of the Smartransom ransowmare such as this article you are reading right now. Fear not, this guide will walk you through removing this destructive ransomware.
To access and remove the Smartransom ransomware, follow the steps below:
Step 1. Hold down Alt + F4 simultaneously to close the lock screen.
Step 2Hold down Windows + E keys simultaneously.
Step 3. Type the following paths and press Enter.
- %TEMP%
- %USERPROFILE\Download
- %USERPROFILE\Desktop
Step 4. Look for the malicious file.
Step 5. Right-click on it and click Delete.
Step 6. Empty the Recycle bin.
Step 7. Reboot your computer into Safe Mode.
Step 8. Open the Windows Task Manager by pressing Ctrl + Shift + Esc. Go to the Processes tab
Locate suspicious processes that can be related to the Smartransom ransomware. Right-click on them and select Open File Location then scan them using any up-to-date antivirus. After opening each folder, end the infected processes and delete their folders.
Step 3: Open Control Panel by pressing Start key + R to launch Run and type appwiz.cpl in the search box and click OK.
Find Smartransom ransomware or any suspicious program that might be related to the TopSites Tab and then Uninstall. Then click the Windows button and type msconfig in the search box and hit Enter to Open System Configuration. Go to Startup and unmark items with an unknown manufacturer.
Step 9. Press the Start key + R and type the following:
Notepad %windir%/system32/Drivers/etc/hosts
This file will open which will determine if you are hacked through a bunch of IP addresses at the bottom:
Open the start menu by clicking the Windows button and search for Network Connections using the search box and hit Enter.
-
Right-click on your Network Adapter, go to Properties, Internet Protocol Version 4 (ICP/IP), then click Properties.
-
The DNS line will be set to Obtain DNS server automatically.
-
Select Advanced on the DNS tab, and if there is anything there, remove it and click OK.
Step 10. Scan your computer with the help of an excellent antivirus and anti malware program; SpyRemover Pro.