What is Ransomware?

Our specialists discovered a new version of Ransomware; it is titled Ransomware. The moment the malicious application’s installer is launched it should show a window displaying the progress of data encryption. Users who notice it should try to unplug the computer immediately and restart it in Safe Mode, we cannot promise it will necessarily save the data located on the computer, but there is a possibility it might stop the encryption process. Of course, afterward, users should restart the system in Safe Mode. However, if your computer got infected and the files on it were affected there might be nothing else to do but to delete Ransomware and restore data from backup. As for more details on this malicious threat, you should continue reading our article. Also, at the end of the text, we will place instructions showing how to remove the malware manually.testtest

Where does Ransomware come from?

Our researchers at report Ransomware might be spread with malicious files downloaded from Spam emails, unreliable file-sharing web pages, suspicious pop-up advertisements, etc. Consequently, in order to protect your system from such threats in the future, you should keep away from potentially dangerous content you might encounter while surfing the Internet. Users should download programs only from legitimate websites and pay no attention to email attachments coming from unknown sources or asking to open data the user was not expecting to receive. Nonetheless, if you find it too difficult for you to recognize potentially malicious files or software you could employ a legitimate antimalware tool and scan all suspicious data before opening it.

How does Ransomware work?

The sample our researchers obtained showed a window with the encryption process right after the malware’s launch. Yet, Ransomware failed to encrypt any data. Therefore, the threat dropped a few log files (e.g., elog_{randomly_generated_ID}.txt) with information about an unsuccessful encryption. Moreover, despite it could not damage any files, the malicious application still dropped a ransom note (#README_ANN#.rtf) claiming the process was successful. The note contains instructions on how to contact the malware’s developers and get the encrypted files restored. The problem is it does not say what the user would have to do once he contacts the threat’s creators. Truth to be told, the ransom note mentions an agreement, which we believe the victim and hackers behind Ransomware should come to after negotiations for ransom.

No matter how much the malicious application’s developers may ask to pay for decryption, we would recommend not to agree with any demands as there are no guarantees they will hold on to their word. Especially, if you have backup copies and can restore encrypted files on your own. Naturally, this option might be needed only if the malware manages to encrypt the victim’s files. According to our researchers affected data should have a partly random title generated by the threat (e.g., [].7ZjQUQwK-eBGEqnfZ.ANN).

How to erase Ransomware?

Users who would like to get rid of Ransomware manually should follow the steps located below this paragraph. They will explain how to look for the malicious application’s data and how to remove its files one by one. Those who are willing to acquire a legitimate antimalware tool could erase the threat by performing a full system scan and clicking the deletion button provided by the chosen tool.

Eliminate Ransomware

  1. Press Ctrl+Alt+Delete.
  2. Select Task Manager.
  3. Search for the threat’s process.
  4. Select this process and click End Task.
  5. Leave Task Manager.
  6. Tap Windows key+E.
  7. Navigate to the following paths:
  8. Find the file that infected the device.
  9. Right-click the malicious file and press Delete.
  10. Locate files named #README_ANN#.rtf, then right-click them and press Delete.
  11. Navigate to %APPDATA%
  12. Search for randomly titled .bmp, .vbs, and .bat files, right-click them and select Delete.
  13. Then go to %USERPROFILE%\desktop and remove the log files that the malware might have created if it was unable to encrypt any files.
  14. Close File Explorer.
  15. Empty your Recycle bin.
  16. Restart the system. 100% FREE spyware scan and
    tested removal of Ransomware*

Leave a Comment

Enter the numbers in the box to the right *