Meds Ransomware

Posted by Lisa Blanc on September 26, 2019

What is Meds Ransomware?

Meds Ransomware belongs to Stop Ransomware family as it is almost identical to the mentioned threat. It encrypts pictures, photos, and other personal files of the victim. Then it should suggest purchasing decryption tools from the malware’s developers. Same as many malicious applications from the Stop Ransomware family, Meds Ransomware asks to pay $490 in 72 hours or $980 if the given time runs out. Needless to say, we do not recommend rushing into it. There is a possibility you could get scammed, which means you should first consider if you are prepared to lose the mentioned sum should anything go wrong. If you are not, we advise not to pay the ransom. Also, we believe users should erase Meds Ransomware since it can restart with Windows, which means there is a chance it could encipher new data after each system restart. To prevent this, you could erase the threat with the instructions located below or with a chosen antimalware tool.test

Where does Meds Ransomware come from?

Meds Ransomware could likely be spread through Spam emails, unreliable file-sharing web pages, and sources alike. Meaning, users could infect their computer unknowingly if they interact with questionable data obtained from the Internet. If you do not want to repeat this mistake ever again, you should never open files if you are not entirely sure they are safe to interact with. If you are not certain, you could always scan suspicious files with a legitimate antimalware tool. If your scanned data appears to be malicious, your antimalware tool should help you get rid of it. Of course, it would be a good idea to minimize your interactions with unreliable files and to do so you ought to stay away from unreliable file-sharing websites and Spam emails.

How does Meds Ransomware work?

First, the malicious application needs to settle in and to do so Meds Ransomware should create a randomly named folder in the %LOCALAPPDATA% directory as well as place a text document called PersonalID.txt in the C:\SystemID location. Once it is done, the malware ought to locate its targeted data. According to our researchers at Anti-spyware-101.com, the threat should be after personal files, such as various documents, archives, pictures, audio/video files, and so on. As explained at the beginning of this report, the malicious application should encipher such data and mark it with the .meds extension, e.g., text.docx.meds. As a result, encrypted files should become useless without decryption tools.

Soon after all targeted data gets enciphered, Meds Ransomware ought to drop another text document called _readme.txt. This file might appear in the C: disk as well as directories containing enciphered files. Inside of this text document, victims should find a message saying: “ATTENTION! Don't worry, you can return all your files!” The rest of the note ought to explain how to email the malware’s creators, how much to pay for decryption tools, and so on. As you probably realize it yourself, cybercriminals can promise anything to convince their victims to pay. Thus, in reality, paying a ransom does not guarantee you will get the needed decryption tools.

How to delete Meds Ransomware?

Erasing Meds Ransomware is recommended because there is a possibility the malware could encrypt new data every time it restarts with Windows. To delete the malicious application manually, you should follow the instructions available below this text. If the process is too tricky or you prefer using automatic features, you should employ a legitimate antimalware tool instead. Scan your system with it, wait for scanning results, and remove all detections by pressing the provided deletion button.

Eliminate Meds Ransomware

  1. Click Ctrl+Alt+Delete.
  2. Pick Task Manager and select Processes.
  3. Locate a process belonging to the threat.
  4. Select it and click End Task.
  5. Exit Task Manager.
  6. Click Windows key+E.
  7. Locate these paths:
    %TEMP%
    %USERPROFILE%\Downloads
    %USERPROFILE%\Desktop
  8. Locate the malicious application’s launcher, right-click it, and select Delete.
  9. Navigate to this folder: %LOCALAPPDATA%
  10. Look for the malware’s created folder with a random name (e.g., 3125175b-re51-4esf-w27a-k1fo3137841w), right-click it, and select Delete.
  11. Locate this directory: C:\SystemID
  12. Find a file called PersonalID.txt, right-click it, and select Delete.
  13. Locate files titled _readme.txt, right-click them, and choose Delete.
  14. Exit File Explorer.
  15. Empty your Recycle Bin.
  16. Restart the computer. 100% FREE spyware scan and
    tested removal of Meds Ransomware*
Disclaimer
Disclaimer
Trojans

Leave a Comment

Enter the numbers in the box to the right *