Admin@decryption.biz Ransomware

What is Admin@decryption.biz Ransomware?

It shouldn’t be hard for you to figure out that Admin@decryption.biz Ransomware has invaded your operating system because when this malware attacks, it attaches the “.id-[ID].[Admin@decryption.biz].bkpx” extension to the corrupted files. Also, it automatically launches a window titled “Admin@decryption.biz” that represents the threat. Our research team at Anti-Spyware-101.com was already familiar with this infection before any tests were conducted in our internal lab because it comes from the Crysis/Dharma Ransomware family. The infections from this family launch identical-looking ransom notes, and they work in the same ways too. Furthermore, it appears that this particular threat was created by someone who created at least one other file-encryptor. We discuss this further in the report. Without a doubt, our most important task here is to show you how to remove Admin@decryption.biz Ransomware. However, before you delete the threat, we want to share some knowledge with you because that is what will help you avoid this kind of malware in the future.

How does Admin@decryption.biz Ransomware work?

There is one thing that we mention most often when it comes to ransomware, and that is spam emails. Our research team informs that misleading messages could be used to spread the installer of the malicious Admin@decryption.biz Ransomware as an attachment file. It might be enough to click the attachment to release the infection without realizing what is going on. This is the method that most ransomware distributors employ. If the threat is not deleted right away, it is supposed to encrypt files, and it uses an encryption algorithm to do that. This algorithm is complex, and deciphering it manually appears to be impossible. Because of this, a free file decryptor does not exist. At the time of research, the real decryptor was not public. Unfortunately, that means that once files are encrypted, they are encrypted for good. The creator of Admin@decryption.biz Ransomware wants you to be out of options so that they could push you into paying a ransom. To inform you that that is what they want, the window titled “admin@decryption.biz” is launched. If you see this window, your files are already encrypted, and you cannot stop the process.

The message inside the Admin@decryption.biz Ransomware window informs that a ransom must be paid in Bitcoin for the files to be decrypted. No other information regarding the payment is provided; however, that is done intentionally. The message lists Admin@decryption.biz and bigbro1@cock.li as the email addresses that you should use to contact the creator of the infection. The second email address is presented as an alternative one, but we have seen it before. Dharma Ransomware (.bkpx extension) is the infection whose creator used the same email address, and that indicates that they might have created both infections. If you contact cyber criminals, they can start flooding you with spam emails immediately. They can also share your email address with other malicious parties. Unfortunately, this could lead to the infiltration of many other infections. On top of that, if you contact cyber criminals, they can push you to pay a ransom that, we assume, is not that small. Unfortunately, regardless of its size, if you pay the ransom, it is unlikely that your files would be decrypted.

How to remove admin@decryption.biz Ransomware

We do not recommend paying the ransom requested by admin@decryption.biz Ransomware because, most likely, that would be a total waste of your money. In the best case scenario, your personal files were backed up before the infection attacked, and now you can easily replace the corrupted files with backup copies. Of course, do so after you delete Admin@decryption.biz Ransomware. Removing this threat might be easy if you are more experienced and know where to find the .exe file (the launcher). However, if you cannot find this file, and you are inexperienced, the instructions below might be too complicated to follow. The good news is that you do not need to delete the infection manually. Instead, you can install an anti-malware program that will do it automatically. Even better, if other infections exist, they will be eliminated too! Also, your operating system’s protection will be reinforced to ensure that you can fight off malware in the future.

Removal Instructions

1. Delete the [unknown name].exe file that initially launched the infection.
2. Tap Win+E to launch Explorer.
3. Enter the paths of the following directories into the quick access field and Delete the file named Info.hta:
   • %APPDATA%\
   • %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\
   • %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\Startup\
   • %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup\
   • %WINDIR%\System32\
4. Move to these directories and Delete the [unknown name].exefile:
   • %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\Startup\
   • %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup\
   • %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\
   • %WINDIR%\System32\
5. Tap Win+R to launch Run and type regedit.exe into the dialog box to launch Registry Editor.
6. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.
7. Delete all [random name] values that are linked to Info.hta and [unknown name].exe files.
8. Close all windows, Empty Recycle Bin, and run a full system scan using a reliable malware scanner. Download Removal Tool100% FREE spyware scan and
   tested removal of Admin@decryption.biz Ransomware*