Once the data has been "taken hostage" (blocked), its owner (user) receives a ransom demand. The victim is supposed to deliver the ransom in exchange for pirate's promise to send a utility that would restore the data or repair the PC.

Kaspersky Lab specialists have developed a special utility for decrypting the data encrypted by Trojan-Ransom.Win32.Rector. The utility has a GUI.

Do the following to decrypt files encrypted by Trojan-Ransom.Win32.Rector:

  • Download the utility RectorDecryptor.zip to an infected computer;
  • Extract its content using an archiver (WinZip, e.g.);
  • Run the file RectorDecryptor.exe;
  • The utility starts working by clicking the button Start scan.
  • It finds and decrypts encrypted files.

Select the option Delete crypted files after decryption to delete copies of encrypted files with extensions .vscrypt, .infected, .bloc, .korrektor, etc. after successful decryption.