8chan Ransomware

What is 8chan Ransomware?

8chan Ransomware seems to be a new version of our previously researched malicious application called Scarab Ransomware. Our researchers at Anti-spyware-101.com say the malware acts similarly as it also encrypts user’s private data with a secure encryption algorithm and then shows a ransom note demanding to write the hackers who developed this threat via email. We are almost one hundred percent sure the reply letter should state the sum and method of paying as usually the purpose of creating infections like 8chan Ransomware is money extortion. To be more precise the hackers may suggest you pay them a ransom and promise to send decryption tools right away. However, the truth is they cannot be trusted, and as there are no reassurances they will do as they promise, we advise erasing the malware instead. It will not decipher any data, but this way users can have a fresh start with a clean system. If you keep reading our report, we will tell you more about this malicious application. Moreover, at the end of it, you should find detailed removal instructions that could help you eliminate the threat manually.

How does 8chan Ransomware work?

Our researchers say the malware may infect the device and begin the encryption process right after the user opens its launcher. In fact, it looks like 8chan Ransomware could even install more malicious applications (e.g., Trojans) on the infected device. Thus, it is possible besides enciphering your data, the threat’s creators might also seek to gain the computer’s control, steal the victim’s sensitive data, and so on. Since the additional infections might vary, we cannot say how to recognize them. Nevertheless, we can explain how to identify 8chan Ransomware.

First of all, when a ransomware application enciphers files, it often adds a second extension at the end of the file’s title. In this case, the malware might place a few slightly different extensions, e.g., .777@8chan.co. Clearly, the .777 part is random, but the @8chan.co ending should remain the same in all the threat’s used extensions. It comes from the email address mentioned on the malicious application’s ransom note. The message on it says “Your files are encrypted!” and asks “To decrypt files, please contact us by email: supdec@8chan.co.” As you probably realize it, the hackers will not decipher your data free of charge, and in exchange for their services, they may ask to pay a particular sum in Bitcoins to remain anonymous. The bad news is, no one can guarantee they have the decrypting tool and most importantly that they will be willing to help you.

In other words, even if you pay the sum 8chan Ransomware’s developers ask they might still not bother to deliver the decryption tool. Therefore, we would advise against paying the ransom. Instead, it would be safer to recover files from copies you could have on removable media devices. Besides, there is always a possibility computer security specialists could create a free decryption tool, so it might be worth your time to check it.

How to get rid of 8chan Ransomware?

If you consider yourself to be more or less experienced, you could try to remove the malicious application manually. Of course, to make it easier, our researchers have prepared step by step deletion instructions that you should see if you slide slightly below this paragraph. Needless to say, if the steps seem to be too complicated, you could get a legitimate antimalware tool. To erase 8chan Ransomware with it, users should perform a full system scan. Soon after the scanning is done, the tool is supposed to provide a removal button; simply click it, and the application should get rid of the malware with all other possible threats right away.

Eliminate 8chan Ransomware

1. Tap Windows key+E.
2. Check the given folders one by one:
   %TEMP%
   %APPDATA%
   %USERPROFILE%\desktop
   %USERPROFILE%\downloads
3. Look for files belonging to the infection, then right-click them and press Delete.
4. Then check these locations as well:
   %APPDATA%\Microsoft
   %TEMP%
5. Search for suspicious files that were created recently; right-click them and press Delete.
6. Remove the malware’s ransom notes, e.g., HOW TO RECOVER ENCRYPTED FILES-[extension_used_by_infection].txt, by right-clicking them and choosing Delete.
7. Press Windows key+R.
8. Insert Regedit and click Enter.
9. Look for this directory: HKU\[unique user_ID]\Software\Microsoft\Windows\CurrentVersion\Run
10. Find a value name related to the malicious application, right-click it and select Delete.
11. Leave Registry Editor.
12. Empty Recycle bin.
13. Restart the device. Download Removal Tool100% FREE spyware scan and
    tested removal of 8chan Ransomware*