ABCD Ransomware

What is ABCD Ransomware?

ABCD Ransomware is a textbook file-encryptor, and so the name suits it very well. It is very predictable indeed, but that does not make this malware any less dangerous. If it slithers in successfully, and if there is no security software to catch and delete it in time, your personal files can be locked up for good. Also known as LockBit Ransomware, this malware does not have a free decryptor. In some cases, such tools are created by malware experts, but creating a working decryptor is not an easy task, and that is why we do not have free decryptors for most infections. Unfortunately, due to his, the victims of this malware might feel trapped, and if they feel trapped, they might be pushed into following the attackers’ demands. Victims are promised “decryptor software” if they do as told, but trusting cybercriminals and their promises is always risky, and we cannot guarantee that you will be given what you need. To add insult to injury, the files are not automatically restored when you remove ABCD Ransomware.

How does ABCD Ransomware work?

Anti-Spyware-101.com researchers warn Windows users to take care of remote-access systems. If they are not secured and if vulnerabilities remain unpatched, ABCD Ransomware might slither in without your notice. Inside the system, this threat scans for personal files, and then it encrypts them. A complex encryption algorithm is employed, and the “.abcd” extension is added to the names. This extension is meant to make it clear which files were encrypted, and you do not need to delete it. That will not help you restore the files. Next to them, you should find a file named “Restore-My-Files.txt,” and this is the ransom note created by ABCD Ransomware. Most file-encrypting threats create such notes, and they are usually delivered using TXT or HTML files dropped by malware. If you have found this file next to your personal files, and if they cannot be read, there is a good chance that the threat has removed itself already. According to our researchers, the infection is meant to delete itself after successfully encrypting the files.

It is safe to open the “Restore-My-Files.txt” file, but we do not recommend following the instructions presented inside. According to them, the only way to recover the files is using the so-called “decryptor software.” To get it, you are supposed to send one encrypted file and a unique key to the attackers. You are supposed to send the file and the key to goodmen@countermail.com and goodmen@cock.li. The fourth step introduced to you via the “.txt” file suggests that you will need to pay for the decryptor, and since there is no further information about the payment in the message, you are likely to receive it after you email the attackers behind ABCD Ransomware. Even if you are desperate to get your files back, you do not want to be careless. Note that if you email the attackers, they will push you to pay the ransom, but they could also send you malware files and try to scam you in the future. Moreover, even if you fulfill all of the demands, there are no guarantees that you will receive the decryptor. In fact, we predict that you will not. If you do not want to waste money, consider focusing on the removal of the infection.

How to remove ABCD Ransomware

You might not want to delete ABCD Ransomware if your files are encrypted. Although a free decryptor does not exist, you might be able to replace your personal files if you have copies stored in backup. Some people choose virtual clouds, while others employ external drives. As long as copies are outside the infected operating system, you should have no trouble replacing the corrupted files. Of course, you want to delete the infection before you even connect to backups because the last thing you need is to have copies corrupted also. Hopefully, ABCD Ransomware has removed itself already, but that is not a given, and you definitely want to examine your operating system for potential leftovers. You can follow the instructions below, but we recommend installing anti-malware software. If anything was left behind, it will be removed instantly, but it is most important that your operating system will gain reliable protection, which you need to fend off ransomware and other types of malware in the future.

Removal Guide

1. Delete all copies of Restore-My-Files.txt from the affected locations.
2. Tap Win+R keys to access the Run dialog box.
3. Enter regedit and click OK to launch Registry Editor.
4. In the pane on the left, navigate to HKEY_CURRENT_USER\Software\.
5. Delete the key named LockBit.
6. Exit Registry Editor and then Empty Recycle Bin.
7. Use a malware scanner to check for leftovers you might have missed. Download Removal Tool100% FREE spyware scan and
   tested removal of ABCD Ransomware*