Smrss32 ransomware is a new ransomware discovered (about few weeks old), which states in the overelaborate ransom note that it is CryptoWall ransomware. Actually, it is the falsehood of the legend that its developers want to surround this ransomware virus. Smrss32 virus is simply another AES encryptor.
About Smrss32 Ransomware
Smrss32 cryptomalware encrypts the victim’s data with AES asymmetric encryption algorithm. It does not touch the files, having .bmp extension. But, instead, this malware bug corrupts the vast number of 233 file types in total, having the following extensions:
.18113 .3gp2 .3gpp .8pbs .acs2 .acsm .aifc .aiff .albm .amff .ascx .asmx .aspx .azw3 .back .backup .backupdb .bank .bdmv .blob .bndl .book .bsdl .cache .calb .cals .cctor .cdda .cdr3 .cdr4 .cdr5 .cdr6 .cdrw .ciff .class .clipflair .clpi .conf .config .contact .craw .crtr .crtx .ctor .ctuxa .d3dbsp .data .dazip .ddat .ddoc .ddrw .desc .divx .djvu .dmsk .dnax .docb .docm .docx .dotm .dotx .dsp2 .dump .encrypted .epfs .epub .exif .fh10 .flac .fmpp .forge .fsproj .gray .grey .group .gtif .gzip .h264 .hkdb .hplg .html .hvpl .ibank .icns .icxs .ilbm .im30 .incpas .indd .indt .ipsw .itc2 .itdb .ithmb .iw44 .java .jfif .jhtml .jnlp .jpeg .json .kdbx .kext .keychain .keychain .kpdx .lang .latex .lay6 .layout .ldif .litemod .log1 .log2 .log3 .log4 .log5 .log6 .log7 .log8 .log9 .m2ts .m3url .macp .maff .mcmeta .mdbackup .mddata .mdmp .menu .midi .mobi .moneywell .mp2v .mpeg .mpga .mpls .mpnt .mpqge .mpv2 .mrwref .ms11 .msmessagestore .mspx .mswmm .oeaccount .opus .otpsc .pack .pages .paint .phtml .pict .pj64 .pkpass .pntg .potm .potx .ppam .ppsm .ppsx .pptm .pptx .ppxps .psafe3 .psmdoc .pspimage .qcow2 .qdat .qzip .rels .rgss3a .rmvb .rofl .rppm .rtsp .s3db .sas7bcat .sas7bdat .sas7bndx .sas7bpgm .sas7bvew .sidd .sidn .sitx .skin .sldm .sldx .smil .sqlitedb .svg2 .svgz .targa .temp .test .text .tiff .tmpl .torrent .trace .tt10 .uns2 .urls .user .vcmf .vfs0 .view .vmdk .wallet .wbmp .webm .webp .wlmp .wotreplay .wrml .xbel .xfdl .xhtml .xlam .xlsb .xlsm .xlsx .xltm .xltx .xspf .xvid .ycbcra .ychat .yenc .zdct .zhtml .zipx .ztmp
The previous file types affected are appended the extra extension – ‘‘.encrypted’’. For instance, Image.jpeg is renamed Image.jpeg.encrypted. The files are not only renamed they are made unreadable. Thus, they are made useless. Once Smrss32 crypto-malware is done with the encryption, _HOW_TO_Decrypt.bmp file hits every folder of the damaged data. This file contains the ransom note, which reads as follows:
1 BTC (Bitcoin) which amounts to 566.64 USD, at this particular point in time, is the ransom the hackers behind Smrss32 virus require. As usual, this sum of money must be transferred using the Bitcoin wallet. The instructions on how to create one are given in the note, as well as the unique bitcoin address. These cyber crooks call themselves as ‘‘helpers’’ and tries to convince you that antivirus programs will not solve the issue. They blackmail you to pay the money and provide one of the alternative e-mail addresses: firstname.lastname@example.org or email@example.com, which are to be employed to send the confirmation of the payment. Do not pay a cent to these cyber criminals. They call themselves saviors, at the same time stealing your data. What do you expect them to do after you have payed them? Well, its quite obvious you shouldn’t expect them to give you your files back. Even in the best-case scenario, you will lose your money.
How is Smrss32 Ransomware Spread?
Smrss32 ransomware virus is different from the conventional ransomware trojans. This particular file-encrypting virus is installed on the victim computer’s system manually by hacking RDP (Remote Desktop Protocol). It is quite scary tactics these hackers use. They take control over your computer by accessing it remotely, and then install the payload of the ransomware. You cannot do much about it yourself except for one paramount action every user must undertake. It is the installation of the reputable security software such as Reimage and the performance of regular updates of this software.
How to Decrypt Files Encrypted by Smrss32 Ransomware?
Smrss32 encoder has made quite a fuss among the cyber community. The leading experts claim to come up with the solution within days. For the time being, you can use your backup or Shadow Volume Copies. If you were quite reluctant as regards the storage and additional copies of your data, try professional data recovery tools such as the software by Kaspersky Lab, Recuva, R-Studio, PhotoRec, etc. Just do not forget to make a copy of the infected drive and remove the malware prior to any data recovery procedures. To remove Smrss32 virus employ credible automatic malware removal tools such as Reimage, Spyhunter or Malwarebytes. When you choose to apply one of these security scanners, you can feel at ease since your computer’s system is going to be cleaned swiftly from practically any malware threats present on the system.
Update: the decrypter is now available at here: link. You can download it for free and successfully decrypt your files.