HDDCryptor Ransomware Removal

HDDCryptor Ransomware RemovalHDDCryptor Ransomware RemovalHDDCryptor Ransomware Removal

This page aims to help you remove HDDCryptor for free. Our instructions also cover how any HDDCryptor file can be recovered.

If you have recently been infected with HDDCryptor, you should know that this is one of the newest Ransomware threats that have been encrypting the files of unsuspecting users all around the web. Ransomware is one of the top cyber threats today and its malicious abilities cost its victims millions of dollars each year. New and unique crypto viruses of this type are popping up every day and they come with a handful of sophisticated encryption methods. Both businesses and private users are being targeted and the main goal of the cyber criminals behind these threats is to blackmail the victims for their encrypted data. They usually ask huge amounts of money as ransom and threaten the users with short deadlines and data corruption. But what if you simply don’t have the money? Or you really don’t want to pay these crooks and just want to remove that nasty infection from your PC? In this case, you have to delete the threat yourself and try to restore your data by other means. This is what we are going to show you here and if you stay with us until the end, you may soon be Ransomware free.

HDDCryptor Ransomware specifics

HDDCryptor is one of the newest and most sophisticated crypto viruses that has been released recently. It has been developed with the sole idea to infiltrate the victim’s computer for targeted file types and encrypt them with an almost unbreakable file encryption algorithm. It would not only encrypt your files but your whole HD/SSD drive as well, affecting your Mater Boot Record. When encrypted this way, the files become impossible to open and their file extension is changed with. A ransom note appears on the screen, in which the victims are informed about the malicious infection that has silently taken place on their computer. The hackers behind the ransomware usually place their ransom demands there and give short deadlines for the payment to be made. Typically, the ransom is required in Bitcoins – a cryptocurrency, which helps the crooks remain undetected. Payments made with Bitcoins are almost impossible to trace, which allows them to stay hidden from the authorities and eliminates any chance of you getting your money back.

How does Ransomware get inside people’s computers?

The Ransomware creators usually use many tricks and methods to distribute their crypto viruses and more importantly to mask them in such a way that even the antivirus software won’t detect them. Usually, they hide the malicious payload in attachments that they spread via spam emails. Different documents, PDF files, images or links may be ransomware transmitters. Malvertisements are also a popular method of infection. Fake ads, misleading links or compromised web pages you may get redirected to may hide an HDDCryptor infection. Such content usually looks almost legitimate and it is very hard to notice what it may infect you with. The hackers often use exploit kits or Trojan horses to break inside the system through security holes. System vulnerabilities and outdated software are an open gate for malware to sneak in and HDDCryptor effectively uses such vulnerabilities for do exactly that. That’s why it is essential that you ensure maximum protection of your computer with reputable antivirus and antimalware software and regularly update all your applications to minimize the chance of security breaches.

Paying the ransom: this is what the crooks want, but should you?

A good reason not to pay any money to cyber criminals is that this way you are helping them to keep doing malicious deeds and get richer at the expense of innocent users. Ransomware is popular mostly because of the number of people, who simply agree to pay. If nobody paid to the crooks, they would be starving to death and such threats would have never existed. That’s why, as a measure of restricting Ransomware’s development, many security experts, including our team, appeal not to sponsor such threats with your payments. Moreover, the risk of not getting what you have paid for is very realistic. Many victims are left with their system heavily corrupted and their files encrypted forever, despite having paid the ransom. The crooks simply may not send the decryption key once they get their money. At the end of the day, can a criminal really care about you and your misery?

If you don’t want to rely on the hackers’ mercy, there is something you could do yourself – remove this malware. You can easily do that with the help of the removal guide below. This way, your system won’t be compromised anymore and you could try to restore some of your files from backups, system recovery or external drives and clouds. We will share with you all the possible ways you can try to extract data from your PC. Unfortunately, the HDDCryptor encryption is a really bad one and we cannot guarantee you will be able to restore everything, but it is still worth trying. Just follow the steps closely and let us know about the outcome in the comments section.


Name HDDCryptor
Type Ransomware
Danger Level High (Ransomware is by far the worst threat you can encounter)
Symptoms A disturbing ransom note appears on the screen, revealing the malware.
Distribution Method Mostly distributed through spam emails, malicious attachments, exploit kits, Trojans, infected applications and malvertisements.
Detection Tool

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you’ll need to purchase the full version.
More information about SpyHunter and steps to uninstall.

HDDCryptor Ransomware Removal

Restoring basic Windows functionality
Before you are able to remove the HDDCryptor Ransomware virus from your computer you need to be able to access it in the first place. Since the ransomware will prevent Windows from booting itself your first job is to repair the Master Boot Records (MBR) of your drive.
To do that you’ll need your original Windows OS DVD (or an USB bootable drive for advanced users)
  1. Insert the DVD (or the USB) into the computer, then run the computer and choose to boot the OS from the DVD/USB. You may have to change Windows boot priorities from the bios by pressing Del
  2. When Windows boots from the DVD/USB select Windows Repair
  3. Open the Command Prompt and write the following commands inside: enter: bootrec / fixmbr, bootrec / fixboot and bootrec / rebuildbcd
  4. Your Windows OS should now be able to boot normally. You can proceed with the removal of the virus as usual.

HDDCryptor Ransomware Removal

Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).

HDDCryptor Ransomware Removal

Hold the Start Key and R –  copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

HDDCryptor Ransomware Removal

If there are suspicious IPs below “Localhost” – write to us in the comments.

Type msconfig in the search field and hit enter. A window will pop-up:

HDDCryptor Ransomware Removal

Go in Startup —> Uncheck entries that have “Unknown” as Manufacturer.

  • Please note that ransomware may even include a fake Manufacturer name to its process. Make sure you check out every process here is legitimate.

HDDCryptor Ransomware Removal

Press CTRL + SHIFT + ESC simultaneously. Go to the Processes Tab. Try to determine which ones are a virus. Google them or ask us in the comments.


Right click on each of the virus processes separately and select Open File LocationEnd the process after you open the folder, then delete the directories you were sent to.

HDDCryptor Ransomware Removal

HDDCryptor Ransomware Removal

Type Regedit in the windows search field and press EnterOnce inside, press CTRL and F together and type the virus’s Name. 

Search for the ransomware  in your registries and delete the entries. Be extremely careful –  you can damage your system if you delete entries not related to the ransomware.

Type each of the following in the Windows Search Field:

  1. %AppData%
  2. %LocalAppData%
  3. %ProgramData%
  4. %WinDir%
  5. %Temp%

Delete everything in Temp. The rest just check out for anything recently added. Remember to leave us a comment if you run into any trouble!

HDDCryptor Ransomware Removal 

How to Decrypt files infected with HDDCryptor

We have a comprehensive (and daily updated) guide on how to decrypt your files. Check it out here.

Did we help? Share your feedback with us so we can help other people in need!


About the author


Lidia Howler

Lidia is a web content creator with years of experience in the cyber-security sector. She helps readers with articles on malware removal and online security. Her strive for simplicity and well-researched information provides users with easy-to-follow It-related tips and step-by-step tutorials.

Leave a Comment