Plague17 Ransomware

What is Plague17 Ransomware?

The “.PLAGUE17-{ID}” extension attached to your personal files indicates that Plague17 Ransomware has slithered in and encrypted them. According to our malware research team at Anti-Spyware-101.com, it looks like this infection was created to attack Russian-speaking Windows users, and if you can identify yourself as one, you need to be cautious. It is most important that you secure your operating system before the infection even manages to slither in, as prevention is most important in this situation. So, how are you supposed to prevent malware from slithering in? It is crucial that you install trusted anti-malware software to protect you against invaders. It is also important that you update your operating system and software to ensure that no vulnerability is left unpatched. Finally, it is crucial that you stay away from suspicious downloaders, spam email attachments, links, warnings, etc. If it is too late, remove Plague17 Ransomware, but do not forget to reinstate Windows security afterward.

How does Plague17 Ransomware work?

While you are unlikely to notice when your files get encrypted, Plague17 Ransomware informs you about the attack as soon as it is complete. This is when you will notice the “.PLAGUE17-{ID}” extension attached to the files that cannot be read normally. Also, you will find “PLAGUE17.txt,” which is a text file that delivers a message from your attackers. This message informs: “Внимание! Если Вы читаете это сообщение, значит Ваш компьютер был атакован опаснейшим вирусом.” The purpose of the note is to make you think that you need to email plague17@riseup.net if you want to learn how to decrypt your personal files. While this might seem like a harmless action, it is extremely risky. By contacting the attackers, you would be exposing your own email address to them, and while they are likely to use it to demand a ransom payment in return for the decryptor first, they could use it to scam you in the future. If you decide to take the risk, you will be pushed to pay the ransom. We cannot know how much money the attackers would demand from you, but even if you are able to pay it, you need to think carefully.

Whether you face Plague17 Ransomware, Silenced Ransomware, Nemty Ransomware, or some other malicious threat alike, you are facing cybercriminals. Malware is not created for fun – at least, not in most cases – and it is usually used to make money. When it comes to ransomware, the attackers are blatantly demanding for money without using any disguises, and that is because they know that most victims value personal files. Well, if you value them, you might have created backups. Since Plague17 Ransomware does not delete shadow volume copies to destroy internal backups, you might be able to use a restore point (if it was set), or maybe you can access backups of your personal files using external drives or cloud storage. Whatever your preference is, we hope that backups exist; otherwise, you will not be able to replace the encrypted files. Does that mean that you should pay the ransom? We do not believe that the attackers would provide you with a decryptor anyway, and so we do not recommend it.

How to delete Plague17 Ransomware

There is no time like now to take care of your system’ security. Yes, you are dealing with the malicious Plague17 Ransomware, but the existence of this malware indicates the poor state of your virtual security, and you should be inclined to change that. Also, you can take care of the infection and your system’s security simultaneously, which you can do by implementing trusted anti-malware software. It will immediately find and remove Plague17 Ransomware components, and it will also erect safeguards that will make it much harder – and, hopefully, impossible – for new threats to come in. Obviously, you also want to start backing up your files to keep them safe in the future to create a second layer of security. We suggest that you use external sources to create backups because some infections are able to delete shadow volume copies and destroy internal backups. You must think about all of this even if you decide to delete the infection manually.

Removal Guide

1. If you can locate the malicious [unknown name].exe file that executed the infection, right-click the file and select Delete.
2. Find every copy of the PLAGUE17.txt file and also right-click and Delete it.
3. Empty Recycle Bin.
4. Perform a thorough system scan using a legitimate malware scanner. If threats exist, delete them ASAP. Download Removal Tool100% FREE spyware scan and
   tested removal of Plague17 Ransomware*