Once the data has been “taken hostage” (blocked), its owner (user) receives a ransom demand. The victim is supposed to deliver the ransom in exchange for pirate's promise to send a utility that would restore the data or repair the PC.
Kaspersky Lab specialists have developed a special utility for decrypting the data encrypted by Trojan-Ransom.Win32.Rector. The utility has a GUI.
Do the following to decrypt files encrypted by Trojan-Ransom.Win32.Rector:
- Download the utility RectorDecryptor.zip to an infected computer;
- Extract its content using an archiver (WinZip, e.g.);
- Run the file RectorDecryptor.exe;
- The utility starts working by clicking the button Start scan.
- It finds and decrypts encrypted files.
Select the option Delete crypted files after decryption to delete copies of encrypted files with extensions .vscrypt, .infected, .bloc, .korrektor, etc. after successful decryption.