What is Ransomware?

A new ransomware infection encrypting files has emerged - Ransomware. At present, it is not a prevalent threat. According to researchers at, it has been primarily developed for testing purposes and, as a consequence, unlike other ransomware-type infections, it encrypts files in only one folder D:\DemoEnryption. Users should not have this folder on their computers. Even if they do, chances are zero to none that it will be located in the same place, i.e. D: drive, so they should not discover a single encrypted file on their systems. Of course, theoretically, Ransomware might be updated one day and start encrypting files in other directories too – cyber criminals might borrow this infection from its developers to extract money from users easier. No matter which of these versions of ransomware you encounter, the deletion of this infection is a must. Fortunately, this infection does not make any modifications that would be impossible to undo manually with our help. More information about this threat and its deletion is provided in the paragraphs that follow.testtesttest

What does Ransomware do? Ransomware has been developed to encrypt files stored in a certain location, i.e. D:\DemoEnryption, so it finds this folder and performs the encryption process the first thing it lands on the system. As mentioned above, you will not discover any files encrypted if you do not have such a folder. After the successful encryption of all files, i.e. when all files get a new extension .anon, this threat opens a window with the message on Desktop. Its second sentence tells users why their files are impossible to access – they have all been encrypted. Also, they are told that they can decrypt their files by writing an email to the provided email address: Do not even bother contacting the developer of this threat if your files have not been encrypted, but, instead, go to uninstall a ransomware infection from your computer. Even if Ransomware is ever updated and you encounter a version encrypting files, do not write an email to cyber criminals because money is the only thing they will want to get from you. Specialists have already developed a free decryptor that can help users to get their files back – download it from the web and then use it to unlock your files. If your files have been encrypted by ransomware, you can also recover them from a backup (it will only be possible to do that if you have a backup of all your important files).

Where does Ransomware come from?

Ransomware infections usually enter computers illegally, and users do not know anything about their installation. In fact, the majority of people who encounter Ransomware find out about its presence on their computers only after they notice that their files have a new extension .anon appended to them. Although at the time of writing this ransomware infection is not distributed actively, specialists say that cyber criminals might start disseminating it one day. If it happens, it will, most probably, be spread via spam emails. It is one of the most common ways to distribute ransomware infections – they travel in those spam emails as email attachments. Because of this, ransomware infections spread using this distribution method become prevalent very quickly. Ransomware is not the only type of malware which can enter users’ PCs when they open email attachments, so the possibility to encounter a new serious threat is quite high. Lower the chances of allowing malicious software to sneak onto the computer by installing security application. It will not let any other threat to enter the system and lock files again.

How to remove Ransomware Ransomware does not have a point of execution, does not create new registry keys in the system registry, and does not drop any new files, so its removal should not be a very complicated process. Use our removal guide (it is located below) if it is the first time you are going to remove a ransomware infection – you will be told what your moves should be. In addition, users can delete this threat from their PCs manually with an automatic tool. An automatic tool could not decrypt files either, but do not worry too much because the chances are high that you will never encounter this infection. As mentioned above, the infection rate of this threat is quite low.

Remove Ransomware

  1. Tap Ctrl+Shift+Esc to launch the Task Manager.
  2. Click on the Processes tab to open it.
  3. Right-click on the process representing ransomware (it should have a word “Encryption” in its description).
  4. Click End Process.
  5. Close the Task Manager and open the Windows Explorer (tap Win+E).
  6. Check three directories and delete all suspicious files from them: %TEMP%, %USERPROFILE%\Downloads, and %USERPROFILE%\Desktop. 100% FREE spyware scan and
    tested removal of Ransomware*

Leave a Comment

Enter the numbers in the box to the right *