What is CURATOR Ransomware
CURATOR is another version of ransomware infections that puts up a lock on victim’s data demanding a fee for its return. The basic symptom of CURATOR leaving its traces in your system is the appendance of new extensions onto affected files. For example, a file like 1.mp4
will emerge as 1.mp4.CURATOR
after interacting with ransomware. To recover your data, extortionists offer to read instructions in the !=HOW_TO_DECRYPT_FILES=!.txt note that is created soon after encryption.
Hello!
All your important data has been encrypted. !
Your files are safe! Only modified(ChaCha+AES)
There is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server.
HOW TO RECOVER FILES???
Please write us to the e-mail:
assistantkeys@rape.lol
If you will get no answer within 24 hours contact us by our alternate emails:
mending8888@airmail.cc
To verify the possibility of the recovery of your files we can decrypted 1-3 file for free.
Attach 1-3 file to the letter (no more than 5Mb). Indicate your personal ID on the letter:
id--
* No software available on internet can help you. We are the only ones able to solve your problem.
* Make contact as soon as possible. Your private key (decryption key) is onlystored temporarily.
* Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.
According to the provided note, attackers have encrypted your files with strong algorithms (ChaCha+AES), which restrict attempts to restore files on your own. As a result, the only feasible way appears to buy the decryption key stored on the server of cybercriminals. Once you make a decision, extortionists kindly ask you to contact them via e-mail to get further instructions. You can also take advantage of a special offer – send up to 3 files (not more than 5 MB) for free decryption. Although such a move can instill trust in gullible users, we recommend against paying the ransom. There is always a risk of getting money-naked and not receive any of the promised tools for data recovery. At this point, there are no tools that could guarantee 100% decryption. This is why the best option is to delete CURATOR Ransomware and recover your data using backup storage if one was created prior to the infection. If you do not have one, follow this tutorial and try some of the tools presented below.
How CURATOR Ransomware infected your computer
Ransomware developers embrace a large number of channels to infect their victims. The most frequently-used are e-mail spam, trojans, unprotected RDP configuration, keyloggers, backdoors, fake software cracking tools, and so forth. Most cybercriminals use e-mail to send spam messages all over the web. They bundle them with malicious attachments of generally-accepted formats (MS Office documents, PDFs, executables, JavaScrip files), which is done to force inexperienced users into opening such files. Another obvious trait highlighting malicious intentions is that such messages are disguised as something legitimate claiming that opening files is necessary. The combination of both instantly hints at the presence of malware within the attached files. We insist on avoiding the opening of unfamiliar content, especially if it is presented in such a delusive manner. Also, you should be wary when implementing downloads of pirated software, because it can be used as a cover to promote malware as well. Even so-called “cracks” used to unlock the capabilities of licensed software can be a cape for the installation of malware. Watch close and download programs only from trusted and approved resources. If you want to enlighten yourself with the essentials of online protection alongside removal instructions, our guide below is right for you.
- Download CURATOR Ransomware Removal Tool
- Get decryption tool for .CURATOR files
- Recover encrypted files with Stellar Data Recovery Professional
- Restore encrypted files with Windows Previous Versions
- Restore files with Shadow Explorer
- How to protect from threats like CURATOR Ransomware
Download Removal Tool
To remove CURATOR Ransomware completely, we recommend you to use Norton Antivirus from Symantec. It detects and removes all files, folders, and registry keys of CURATOR Ransomware and prevents future infections by similar viruses.
Alternative Removal Tool
To remove CURATOR Ransomware completely, we recommend you to use SpyHunter 5. It detects and removes all files, folders, and registry keys of CURATOR Ransomware. The trial version of Spyhunter 5 offers virus scan and 1-time removal for FREE.
CURATOR Ransomware files:
!=HOW_TO_DECRYPT_FILES=!.txt
64RA05.exe
{randomfilename}.exe
CURATOR Ransomware registry keys:
no information
How to decrypt and restore .CURATOR files
Use automated decryptors
Download Kaspersky RakhniDecryptor
Use following tool from Kaspersky called Rakhni Decryptor, that can decrypt .CURATOR files. Download it here:
There is no purpose to pay the ransom because there is no guarantee you will receive the key, but you will put your bank credentials at risk.
Dr.Web Rescue Pack
Famous antivirus vendor Dr. Web provides free decryption service for the owners of its products: Dr.Web Security Space or Dr.Web Enterprise Security Suite. Other users can ask for help in the decryption of .CURATOR files by uploading samples to Dr. Web Ransomware Decryption Service. Analyzing of files will be performed free of charge and if files are decryptable, all you need to do is purchase a 2-year license of Dr.Web Security Space worth $120 or less. Otherwise, you don’t have to pay.
If you are infected with CURATOR Ransomware and removed it from your computer you can try to decrypt your files. Antivirus vendors and individuals create free decryptors for some crypto-lockers. To attempt to decrypt them manually you can do the following:
Use Stellar Data Recovery Professional to restore .CURATOR files
- Download Stellar Data Recovery Professional.
- Click Recover Data button.
- Select type of files you want to restore and click Next button.
- Choose location where you would like to restore files from and click Scan button.
- Preview found files, choose ones you will restore and click Recover.
Using Windows Previous Versions option:
- Right-click on infected file and choose Properties.
- Select Previous Versions tab.
- Choose particular version of the file and click Copy.
- To restore the selected file and replace the existing one, click on the Restore button.
- In case there is no items in the list choose alternative method.
Using Shadow Explorer:
- Download Shadow Explorer program.
- Run it and you will see screen listing of all the drives and the dates that shadow copy was created.
- Select the drive and date that you want to restore from.
- Right-click on a folder name and select Export.
- In case there are no other dates in the list, choose alternative method.
If you are using Dropbox:
- Login to the DropBox website and go to the folder that contains encrypted files.
- Right-click on the encrypted file and select Previous Versions.
- Select the version of the file you wish to restore and click on the Restore button.
How to protect computer from viruses, like CURATOR Ransomware, in future
1. Get special anti-ransomware software
Use ZoneAlarm Anti-Ransomware
Famous antivirus brand ZoneAlarm by Check Point released a comprehensive tool, that will help you with active anti-ransomware protection, as an additional shield to your current protection. The tool provides Zero-Day protection against ransomware and allows you to recover files. ZoneAlarm Anti-Ransomware is compatible with all other antiviruses, firewalls, and security software except ZoneAlarm Extreme (already shipped with ZoneAlarm Anti-Ransomware) or Check Point Endpoint products. The killer features of this application are: automatic file recovery, overwrite protection that instantly and automatically recovers any encrypted files, file protection that detects and blocks even unknown encryptors.
2. Back up your files
As an additional way to save your files, we recommend online backup. Local storages, such as hard drives, SSDs, flash drives, or remote network storages can be instantly infected by the virus once plugged in or connected to. CURATOR Ransomware uses some techniques to exploit this. One of the best services and programs for easy automatic online backup is iDrive. It has the most profitable terms and a simple interface. You can read more about iDrive cloud backup and storage here.
3. Do not open spam e-mails and protect your mailbox
Malicious attachments to spam or phishing e-mails are the most popular method of ransomware distribution. Using spam filters and creating anti-spam rules is good practice. One of the world leaders in anti-spam protection is MailWasher Pro. It works with various desktop applications and provides a very high level of anti-spam protection.