Inchin ransomware

Inchin ransomware – a cyber threat that comes from the Scarab ransomware family

Inchin ransomware

Inchin ransomware is a notorious infection that comes from the Scarab family and appends the .inchin extension to each locked file and document. Discovered by Amigo-A and announced on Twitter,[1] this ransomware virus drops the RECOVER.txt ransom message where it provides [email protected] and [email protected] email addresses for creating communication between the cybercriminals and victims. The crooks offer to help the users to decrypt their files by delivering them the decryption software for a specific payment. Also, Inchin virus developers offer to send them one file up to 5 MB for a free decryption process as bringing up evidence that the recovery tool truly exists. Additionally, this ransomware virus has multiple similarities with Danger ransomware.

Name Inchin ransomware
Type Ransomware virus/malware
Founder Amigo-A is a cybersecurity researcher that has announced about his findings on Twitter social network
Appendix The ransomware virus uses symmetric or asymmetric encryption to lock up the files and adds the .inchin appendix to each filename
Ransom note This malware provides all of its threatenings and demands via the RECOVER.txt text message
Crooks’ emails The criminals add [email protected] and [email protected] email addresses as a way to contact them
Distribution Ransomware infections are most commonly distributed through phishing emails and their infectious attachments. These cyber threats can also spread through cracked software that is downloaded from p2p networks, and through vulnerable Remote Desktop Protocol configuration
Removal You can get rid of the ransomware virus by employing automatical software and carrying out the process with a strong and reliable antimalware tool. Keep in mind that the manual elimination is not an option in this case as you might miss some crucial steps or locations where the malware might be hiding
Data recovery If you have discovered .inchin files and documents on your Windows computer system, you should not rush to pay the cybercriminals as these people might seek to scam you. Instead of taking such risk, go to the end of this article and try some data recovery methods that are placed there
Fix tip If you have found some compromised entries or other areas on your affected device, you can try repairing them with automatical software such as Reimage Reimage Cleaner  

Inchin ransomware is a notorious malware strain that can apply suspicious modifications to the Windows Task Manager and Registry locations. There you might discover unknown processes and registry keys injected. Note that such processes might allow the ransomware to boot itself up within every Windows computer startup process.

Continuously, Inchin ransomware might be able to scan the entire system once in a while and search for encryptable components. Once all files are locked, the cybercriminals save both encryption and decryption software on remote servers where the keys become unreachable for anyone except the cybercrooks themselves.

Afterward, Inchin ransomware provides a ransom message and threatens the users that the only way to recover the lost data is by purchasing the key from them, otherwise, the files might be lost forever:

All your files are encrypted, and currently unavailable. You can check it: all files on your computer have extension .inchin. Everything is possible to recover (decrypt), but you need to follow our instructions. Otherwise, you can never return your data. Write to our email [email protected].
It’s just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities – nobody will cooperate with us. It is not our interests.
For proof – send any file up to 5 megabytes and we will decrypt it.
If you will not cooperate with our service – for us, it does not matter. But you will lose your time and data, because we have the private key. In practice – time is much valuable than money.

However, we recommend not falling for believing in Inchin ransomware developers as these people might easily scam you. They might ask you for an inadequate sum of money and leave you with no tool at all. Mostly, such crooks demand Bitcoin or another type of cryptocurrency that allows the process to remain safe and untrackable.

Inchin ransomware virus
Inchin ransomware virus is a dangerous cyber threat that appends the .inchin extension to encrypted files and displays the RECOVER.txt ransom message

Continuously, Inchin ransomware might try to harden the process for you by deleting or permanently damaging the Shadow Volume Copies of infected files by running specific PowerShell commands. Also, the malware might be capable of destroying the Windows hosts file to prevent you from accessing security-related websites and forum pages.

In addition, Inchin ransomware makes the infected Windows computer system vulnerable to other infections. As a result, you might end up with a Trojan virus on your machine. If this happens, it may result in serious data and money theft. Also, your machine might receive serious damage that can be hardly repairable.

You should remove Inchin ransomware from your Windows computer, otherwise, it might experience serious damage. Besides, you will not be able to recover your files properly until the infection is gone. If you are having trouble with detecting the malware, travel to the end of the article where you will find system rebooting steps.

After Inchin ransomware removal, you should scan your entire computer system for possible damage. If the software finds any signs of corruption, you can try fixing the touched areas with the help of a repair program such as Reimage Reimage Cleaner . When the virus is gone and the damage is fixed, continue with data recovery techniques that are added to the end of this page.

Inchin virus
Inchin virus – ransomware that is distributed through email spam, unsecured RDP, and software cracks

Malicious actors deliver the infectious payload attached to phishing emails

Security experts from[2] state that ransomware infections are widely distributed through email spam[3] and the malicious attachments that come clipped to the phishing email message. This happens when the crooks succeed to trick the victims by pretending to be from well-known shipping companies such as FedEx and DHL or from other healthcare and banking organizations.

You should always carefully verify the sender and his email address. If you are seeing a questionable email sender address, you should avoid opening the message. However, if you have already viewed the content of the message, do not click on any hyperlinks that are provided in it and check for possible grammar mistakes as if it were a note from a reliable organization, no mistakes would be left in the text.

Continuously, cracked software is another possible delivery source of ransomware. If you are a frequent visitor of peer-to-peer networks, you might find yourself sitting with malware afterward. A piece of advice would be to get all of your products and services only from reliable websites and the official developers. Also, use antimalware protection so that you would be alerted if something dubious or malicious is trying to sneak into your computer system.

Last but not least, ransomware infections are distributed through unsecured Remote Desktop Protocol configuration. If the RDP includes an easy-guessable password such as “abc123”, then the hackers might easily hack your machine. Having none password at all, doubles the risk. What you have to do is properly secure your RDP. Think of complex security codes that include symbols, letters, and numbers.

Automatical removal guidelines for Inchin ransomware

If Inchin ransomware has been launching malicious processes that have been preventing you from detecting or eliminating the malware, you should boot your computer in Safe Mode with Networking or via System Restore to deactivate the ransomware virus first. We have provided instructions for both booting methods at the end of this article.

Afterward, you should proceed with Inchin ransomware removal automatically. This includes downloading and installing antimalware software that is strong enough to detect and remove the ransomware virus from your Windows computer. Also, if you want to look for possible damage, you can try employing software such as SpyHunter 5Combo Cleaner or Malwarebytes.

If the tools discover any corrupted areas, you can try fixing them with a tool such as Reimage Reimage Cleaner . Once you remove Inchin ransomware from the computer and fix all the damage that it might have brought, you can start going through some data recovery tips that have been added to the end of this page and might help you to restore some of your files.

Reimage Reimage Cleaner has a free limited scanner. Reimage Reimage Cleaner offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.

Remove Inchin using Safe Mode with Networking

To deactivate malicious settings on your Windows computer system and disable the parasite, you should boot your machine in Safe Mode with Networking. If you do not know how to opt for this feature, you should complete the below-provided step-by-step guide.

  • Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8

    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Log in to your infected account and start the browser. Download Reimage Reimage Cleaner or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete Inchin removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove Inchin using System Restore

To disable bogus changes on your Windows computer and deactivate Inchin ransomware virus, you should opt for the System Restore feature. You can use the steps below to apply for this function.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Inchin from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by security experts.

If you have spotted files with the .inchin appendix, it is an accurate sign of Inchin ransomware hacking your computer and encrypting your files. Rather than paying the demanded ransom price and risking to get scammed, you should try alternative data recovery techniques such as the ones that are provided below.

If your files are encrypted by Inchin, you can use several methods to restore them:

Using Data Recovery Pro might allow you to restore at least some of your files and documents.

If the ransomware virus has locked all of your files and documents, you can try recovering them back to their previous state by employing such software. Also, complete all steps exactly as displayed in the instructions, otherwise, you might not be able to reach the best results possible,

  • Download Data Recovery Pro;
  • Follow the steps of Data Recovery Setup and install the program on your computer;
  • Launch it and scan your computer for files encrypted by Inchin ransomware;
  • Restore them.

Windows Previous Versions feature might help you with data recovery tasks.

If you have activated System Restore on your Windows computer and disabled all malicious changes, you should give this method a try as it might recover some of your individual files.

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

Use Shadow Explorer for the files’ restoring process.

Try using this piece of software if there is some data that you want to bring back to its previous state. Note that this technique might not work properly if the ransomware virus has launched specific PowerShell commands to eliminate the Shadow Volume Copies of your encrypted files and documents.

  • Download Shadow Explorer (;
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

Currently, the cybersecurity experts are working on the official decryption tool.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Inchin and other ransomwares, use a reputable anti-spyware, such as Reimage Reimage Cleaner , SpyHunter 5Combo Cleaner or Malwarebytes

This entry was posted on 2020-01-13 at 08:29 and is filed under Ransomware, Viruses.