Schwerer Ransomware

What is Schwerer Ransomware?

Schwerer Ransomware is an Autoit script-based malicious application malware that analysts have detected recently. It is considered an extremely harmful computer infection because it causes a bunch of problems after its successful entrance. The main activity it performs on those affected computers is the encryption of files. It is nothing new – a number of ransomware-type threats act the same. These threats encrypt users’ files and then demand money from them. Specifically speaking, cyber criminals use those infections as tools that help them to obtain money from users easily. Schwerer Ransomware will demand money from you too after the encryption of your personal data. It allows its victims to understand that they have only two choices: 1) lose their files forever or 2) purchase the key and unlock files with it. Users whose valuable files have been encrypted by Schwerer Ransomware usually decide to pay a ransom, but they do not know that it is not such a good idea to do that because they might get nothing in exchange for the money paid. Since we have no proof that the decryption key will be sent to you once you make a payment, we suggest that you delete Schwerer Ransomware fully and do not purchase the key from the developer of this ransomware infection. Unfortunately, there is not much you can do without the key if you have never backed up any of your files – they can be restored for free only from a backup.

What does Schwerer Ransomware do?

Despite the fact that Schwerer Ransomware is a computer infection that enters PCs secretly, users soon realize that they have encountered a ransomware-type infection after its entrance because they find out that they cannot open their pictures, documents, movies, music files, etc. More attentive users should also be able to notice a new process pawje.exe in the Task Manager. Additionally, after the encryption of users’ files, this threat opens a window with a ransom note. It tells users more about their files and why they cannot access them: “All your computer files were encrypted with AES.” Additionally, it contains four-step instructions on how to restore files. First, users are told to send an email to 897698@mail2tor.com with a “personal identifier.” Second, users should receive an answer with a Bitcoin address. Third, a ransom of 150€ has to be sent to the provided Bitcoin address within 3 days, and then an email has to be sent to the same email address. Fourth, a decryption key should be sent to users – they need to enter this key in the Restore key box. Although users get a promise to receive the key for unlocking files right after making a payment to cyber criminals, there are no guarantees that this will happen. There are many cases when users hand in money but do not get anything, not even an answer from the developer of ransomware. Therefore, we suggest thinking twice before sending the required money. Without a decryption key, it might be impossible to decrypt those files with the .schw extension appended to them (encrypted files), but you should still not give up and try out all alternative file-recovery methods.

Where does Schwerer Ransomware come from?

Schwerer Ransomware not only acts like other ransomware-type infections, but it is also distributed like previously-released threats categorized as ransomware. According to specialists at anti-spyware-101.com, there are two methods used to spread it. First, it might be distributed via spam emails. It does not enter computers the second these emails are opened by users. Instead, they can only show up on PCs when users open malicious attachments. Moreover, researchers are sure that this infection might be promoted on untrustworthy third-party pages as a decent application or some kind of tool. Unfortunately, users do not know that they have made a decision to download malicious software until they discover it on their computers.

How to delete Schwerer Ransomware

After the successful entrance, Schwerer Ransomware creates two new registry keys in the system registry, several new files, a scheduled task, and a process in the Task Manager, so we cannot promise that it will be easy to delete it, but we are sure that you will manage to erase it with the help of our manual removal guide. Scan your computer with a trustworthy scanner after the removal of this infection to make sure that there are no its traces left. An automatic tool can also be used to delete a ransomware infection fully if the manual method happens to be too arduous.

Remove Schwerer Ransomware

1. Press Ctrl+Shift+Esc.
2. Click on the Processes tab to open it.
3. Right-click on the pawje.exe process and select End Process.
4. Close the Task Manager and launch Run (press Win+R).
5. Delete two registry keys: HKEY_CURRENT_USER\Software\Other\Schwerer and HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\waijo.
6. Close the Registry Editor and open the Windows Explorer (tap Win+E).
7. Open %APPDATA%\Other (enter it in the Windows Explorer’s URL bar to open it).
8. Delete awiem.bat and pawje.exe.
9. Go to %WINDIR%\System32\Tasks.
10. Delete waijo.
11. Empty the Recycle bin. Download Removal Tool100% FREE spyware scan and
    tested removal of Schwerer Ransomware*