Aviso Ransomware

What is Aviso Ransomware?

Aviso Ransomware is an infection that is targeted at users who live in Brazil. According to the research conducted by Anti-Spyware-101.com malware researchers, this infection can be spread via spam emails, and you might launch it yourself without even knowing it. If you want to prevent the entrance of malicious ransomware infections, you have to be extremely cautious about spam emails, as that is the primary instrument of distribution. A launcher of the ransomware is concealed as a harmless file, and the information presented via the email is meant to trick you into thinking that you will gain something from opening this file. Of course, if you do, the ransomware is executed, and that can be done without your knowledge. Unfortunately, the ransomware is likely to reveal itself to you only after it encrypts your files, and it might be too late to remove Aviso Ransomware then. Luckily, not all news is bad, and it appears that you might be able to delete the infection and retrieve your files.

How does Aviso Ransomware work?

There are not many ransomware infections that are directly targeted at users in Brazil. However, there are plenty of infections that can infect your operating system regardless of where you live, including Exotic Ransomware, Hades Locker Ransomware, or CryptFile2 Ransomware. Aviso Ransomware comes from the Crypt888 family, and – just like many other threats of its kind – it uses the AES (Advanced Encryption Standard) algorithm. The unique thing about this infection is that it does not add an extension to the files it encrypts. Instead, it appends “Lock.” at the front. For example, a file called “test.doc” will be renamed to “Lock.test.doc” after the encryption. It was also found that this infection corrupts the files that are found in the folders of the %USERPROFILE% directory. Needless to say, it will be very easy for you to spot which files were encrypted and which ones were not. Do not waste your time removing the “Lock.” appendage because that will not unlock your files. To have your files unlocked, you need a decryption key, and cyber criminals are promising to provide you with one.

Once the devious CryptFile2 Ransomware is unleashed – and that is done with the help of Sims.exe and Sims.exe.bat files in the %TEMP%\Sisem folder – it quickly locks your files and changes the Desktop background image to show a message in Portuguese. According to this message, you have to pay a fee of 2000 Brazilian Real in Bitcoins – which amounts to 1 BTC – to get a decryption tool that, allegedly, can unlock your personal files. The message also displays an email address, informacaoh@gmail.com, that you supposedly can use to communicate with the creator of CryptFile2 Ransomware. Obviously, we do not recommend that. We do not recommend paying the ransom either. First of all, there is no guarantee that cyber criminals would help you unlock your files even if you paid the huge ransom. Second, it looks like there might be a decryption tool that could help you decrypt your files without having to deal with devious cyber criminals. When you install a file decryptor, make sure it is authentic, legitimate, and reliable. Just like with any other kind of software, cyber crooks might create fake versions to trick you into installing and/or purchasing malware. If you install such software, you will need to delete it.

How to eliminate Aviso Ransomware

Aviso Ransomware belongs to one of the most dangerous groups of malware there is. Fortunately, this one is not that devastating because legitimate third-party file decryption software has been created to decrypt the files this infection encrypts. Hopefully, you will be able to free your files without any damage. Now, keep in mind that most ransomware threats are not that easy to “solve,” and so you have to make sure you back up your personal files to prevent their loss. Another important thing is the successful elimination of the ransomware. We suggest deleting CryptFile2 Ransomware with an automated malware remover, but you should also be able to get rid of this threat using the manual removal guide below. We are ready to help you out with any problems that might have arisen. If you need our assistance, please use the comments section below.

Removal Guide

1. Tap Win+E to launch Explorer.
2. Enter %TEMP% into the address bar at the top.
3. Delete the file named wl.jpg (this represents the ransom note).
4. Delete the folder named Sisem (it should contain Sims.exe, Sims.exe.bat, and Sims.exe.lnk).
5. Install a malware scanner to inspect your operating system for leftovers.

Download Removal Tool100% FREE spyware scan and
tested removal of Aviso Ransomware*