What is Ransomware?

According to our specialists, Ransomware could be still in the development stage and it is unknown if the malware is being distributed yet. However, if you did encounter it, you should know that there might be a way to recover files encrypted by this malicious program. Apparently, while enciphering user’s data, Ransomware should create a decryption key and place it in a specific directory on the infected computer. Thus, all you have to do is find the key before it gets automatically erased. To help you with this task our researchers at prepared the instructions available below this report. They list not only all necessary steps to decrypt enciphered files, but also shows how to remove the malicious program. If you are interested in learning other details about the malware’s working manner, you could read the rest of the article as well.testtest

Where does Ransomware come from?

At the moment there is still no information on how Ransomware could be distributed. Nevertheless, based on our experience with other similar threats, our specialists think the cyber criminals behind it might spread it through malicious email attachments. Usually, it is enough to launch such a file, and the computer gets infected. Therefore, to avoid threats alike in the future, we recommend scanning email attachments with an antimalware tool first. Given how much trouble such infections could cause, a minute of your time seems like a good investment.

How does Ransomware work?

Before Ransomware starts encrypting your files it should open a small dialog box titled as svchost; the random code it provides is the unique decryption key generated for your computer. Afterward, the malicious application should encipher all documents, pictures, photographs, and other files found on the user’s Desktop, Downloads, Pictures, Music, Documents, or Videos directories. Each encrypted file might be marked with .enc extension, for example, speech.docx.enc, image.jpg.enc, and so on.

Furthermore, right after the malware enciphers files in the directories listed above, it should display a pop-up window on top of the screen. It has a message from the cyber criminals who give users twenty-four hours to purchase the decryption key. The price is $100, but it must be paid in Bitcoins. Instead of putting up with these demands, we advise you to get the decryption key yourself while following the instructions placed below. In fact, even if the malware’s creators upgrade Ransomware and the decryption key becomes unavailable we would still not recommend paying the ransom. You can never be confident that the cyber criminals will be cooperative and willing to help you since all they care is getting your money.

How to delete Ransomware?

We would like to stress that the malware should be erased only after you decipher encrypted data. There are two ways to remove Ransomware. Firstly, you could locate and delete data related to the malicious program manually as it is shown in the steps provided below this paragraph. The other option is to download a reliable antimalware tool and perform a full system scan. During it, the tool could find malicious files automatically. If there are any other possible threats on the computer, they would be listed on the report as well. To erase all detections at once click the deletion button that should appear after the scan.

Reboot the system in Safe Mode with Networking

Windows 8\Windows 10

  1. Press Windows key+I for Windows 8 or click the Start menu for Windows 10.
  2. Click the Power button, then press and hold the Shift key when you click Restart.
  3. Select Troubleshoot and choose the Advanced Options.
  4. Open Startup Settings and click Restart.
  5. Click the F5 key and reboot the system.

Windows XP\Windows Vista\Windows 7

  1. Navigate to Start, click Shutdown options and select Restart.
  2. Press and hold the F8 key as soon as the system begins rebooting.
  3. Choose Safe Mode with Networking from the Advanced Boot Options window.
  4. Click Enter and log on to your computer.

Find the decryption key

  1. Press Windows Key+R.
  2. Insert Regedit and click Enter.
  3. Search for this location HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion
  4. Select a value name called pass, then right-click it and press Modify.
  5. The provided value data should be the unique decryption key; record it.
  6. Restart the computer in normal mode to access the infection’s window.
  7. Type the decryption key into the provided box and click DECRYPT.

Remove Ransomware

  1. Press Windows key+R.
  2. Type Regedit and click OK.
  3. Look for this directory HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  4. Select value name titled as svchost, right-click it and choose Delete.
  5. Exit the Registry Editor.
  6. Press Windows key+E.
  7. Find this path %HOMEDRIVE%\Logs\System\Windows\DefaultApplications
  8. Select a file named as svchost.exe, right-click it and press Delete.
  9. Close the File Explorer.
  10. Empty your Recycle bin.
100% FREE spyware scan and
tested removal of Ransomware*

Leave a Comment

Enter the numbers in the box to the right *