Azer Ransomware

What is Azer Ransomware?

The devious Azer Ransomware slithers in without your notice and immediately initiates the encryption of your personal files. Have you noticed that many of your files have been removed and replaced with suspicious files with random names? In reality, your personal files were not eliminated, and they were only encrypted. The names are changed so that you would have a harder time understanding which files were corrupted, but, of course, you should be able to figure things out. Another thing that the threat does is that it appends the “-email-[webmafia@asia.com].AZER” extension to all encrypted photos, documents, and other files. Needless to say, the name of the ransomware derives from this extension. As you can see it also includes an email address, and we discuss that further in the report. The infection, as you must know already, was created to make money, and it can do that by pushing their victims into paying ransoms in return of file-decryption. The thing is, a decryptor is unlikely to be given. Whatever happens, you must delete Azer Ransomware, and the tips in this report should help you.

How does Azer Ransomware work?

Azer Ransomware comes from the same family of malware as CryptoShield Ransomware and Revenge Ransomware infections. Whether or not they were created by the same party is unknown, but it was found that they work in different ways. The most surprising thing about the threat we are discussing is that it can encrypt files while offline. It does not require connection to remote servers, and it does not communicate with anything/anyone. To encrypt files, the infection selects one RSA-1024 key from the ten available ones. This key is used for the encryption of an AES key that, on its own accord, encrypts your personal files. That is when the infection encrypts and renames your files and when the ransom note file is created. This file is called “_INTERESTING_INFORMACION_FOR_DECRYPT.TXT”, and you are likely to find multiple copies of it in all folders hosting the encrypted files. This file discloses your ID that you apparently need to email to webmafia@asia.com (the email address represented via the extension) or donald@trampo.info. If you choose to contact the developer of Azer Ransomware, do not use your normal email address that you use on a daily basis. Also, think carefully before you follow the demands that you are likely to receive when cyber criminals respond.

Before the encryption, Azer Ransomware creates a file in the %APPDATA% directory. The name of this file is random, and so it should not be hard to spot. Note that this file is linked to two different point of execution entries (PoE) in HKCU\Software\Microsoft\Windows\CurrentVersion\RUN. Besides that, you have to think about the launcher file as well. This file might have been downloaded from a corrupted spam email, in which case, you should know where it is, or it might have been dropped via a malicious download or by cyber criminals using RDP exploits. It is crucial that you find this component because it must be removed as soon as possible. Of course, first you have to make the decision regarding your files. Since decrypting them manually appears to be impossible (that does not matter if your files are backed up), you might think about paying the ransom. Anti-Spyware-101.com researchers warn that the creators of ransomware infections rarely provide their victims with the necessary decryption keys.

How to delete Azer Ransomware

It is high time you employed a trusted anti-malware tool. The most important benefit you get when using this software is full-time protection. If that is taken care of, you will not need to face other malicious infections again. Another great thing about anti-malware software is that it can automatically remove Azer Ransomware. While some users might be successful at deleting this threat manually (you can use the guide below), we have to warn you that it is easy to make mistakes and possibly cause more issues. Therefore, if you are not 100% confident with your malware removal skills, it is best to trust anti-malware tools to have that taken care of.

Removal Guide

1. Delete the malicious ransomware launcher with a random name.
2. Launch Windows Explorer by tapping Win+E keys.
3. Enter %AppData% into the bar at the top to access the folder.
4. Delete the malicious .exe file associated with the ransomware.
5. Launch RUN by tapping Win+R keys on the keyboard.
6. Type regedit.exe and click OK to access Registry Editor.
7. Move to HKCU\Software\Microsoft\Windows\CurrentVersion\RUN.
8. Delete two malicious values with random names that are linked to the malicious .exe file in %AppData%.
9. Delete the file named _INTERESTING_INFORMACION_FOR_DECRYPT.TXT (all copies as well).
10. Empty Recycle Bin to completely erase the components of the ransomware. Download Removal Tool100% FREE spyware scan and
    tested removal of Azer Ransomware*