Taargo Ransomware

What is Taargo Ransomware?

Taargo Ransomware is a new version of the infamous GlobeImposter Ransomware. In the past, we have reviewed quite a few other versions of this malware, including Ox4444 Ransomware, QP Ransomware, and Pig4444 Ransomware. All of these threats have unique elements, but in general, they are pretty much identical, and they cause the same kind of harm once they invade an operating system. Windows systems are the ones targeted by this malware, and according to our Anti-Spyware-101.com research team, the attackers are using the same attack methods over and over again. In most cases, we see spam emails and bundled downloaders used for the distribution of .exe files that are responsible for the execution of ransomware. Avoiding spam emails and bundled downloads is easy enough, but Windows users keep on taking risks. If you need to delete Taargo Ransomware from your operating system, there is a good chance that you have take some unnecessary risks as well.

How does Taargo Ransomware work?

If Taargo Ransomware uses spam emails or bundled downloaders to slither in, you might think that you are opening a harmless document or installing a useful program when this malware attacks. If there is no reliable security software to catch and remove this malware once it slithers in, your files get decrypted quickly. The ransomware, of course, only encrypts personal files, and once it is done with that, you should find the “.[taargo@olszyn.com].taargo” extension appended to their usual names. For example, a file named “list.doc” is renamed to “list.doc.[taargo@olszyn.com].taargo” after encryption. When files are encrypted, the data within them is ciphered, so that you could not read files normally. Next to the corrupted files, you should also find a file named “how_to_back_files.html.” Copies of this file should be strewn all over the place. You definitely should remove every single copy, but you can open the file to read the message from the attackers behind Taargo Ransomware. That being said, before you open the file, please remember that you are dealing with cybercriminals, and what they say is not necessarily what they mean.

The ransom note introduced by Taargo Ransomware informs that victims of the infection can recover their files only if they pay money for a decryption tool and a unique key. Do the attackers own a decryptor and a decryption key? In theory, they should, but that does not mean that they would give it to you. They are making a promise to decrypt your files just so that they could convince you to pay the ransom. The sum of the ransom is not revealed, and victims are supposed to send emails to taargo@iran.ir, taargo@feecca.com, or taargo@olszyn.com. You shouldn’t contact the attackers at all because this could put you on the target once more. When cybercriminals know your email address, they can expose you to various scams and send you new malware launchers. Also, if you contact the attackers, the only thing that they will offer you is to pay the ransom, and if you do that, you will find yourself without money and without a decryptor. Of course, if you want to take risks, that is up to you, but please be cautious.

How to delete Taargo Ransomware

When Taargo Ransomware slithers into your operating system and encrypts your personal files, you have nothing else to do but to delete the malicious infection. Unfortunately, that will not bring your personal files back. At the time of research, we also could not confirm the existence and efficiency of free decryptors offered by third parties. On rare occasions, such tools exist, and they can be used to restore the corrupted files. If you are going to look into that, make sure you are not duped into installing something malicious instead of a legitimate decryptor. Of course, this is not something you need to wonder about if you have copies of personal files and if you can use them to replace the ones that were corrupted. If this is something that is available to you, please remove Taargo Ransomware first. The removal instructions below show how to eliminate this threat manually, but we recommend implementing anti-malware software. It will ensure that your system is fully cleaned and protected for the future automatically.

Removal Instructions

1. Delete recently downloaded files that could belong to malware.
2. Delete all copies of the how_to_back_files.html file.
3. Tap Win+E keys to launch File Explorer.
4. Type %LOCALAPPDATA% into the quick access field at the top and tap Enter.
5. Delete the malicious [random name].exe file.
6. Tap Win+R to launch Run.
7. Type regedit into the dialog box and click OK to launch Registry Editor.
8. Navigate to HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce.
9. Delete the value named BrowserUpdateCheck.
10. Exist Registry Editor and then immediately Empty Recycle Bin.
11. Install a legitimate malware scanner to inspect your system for leftovers. Download Removal Tool100% FREE spyware scan and
    tested removal of Taargo Ransomware*