Zatrov Ransomware

What is Zatrov Ransomware?

We are sure that you care about your personal files, and if that is the case, Zatrov Ransomware is one threat that you do not want to encounter. It was designed to encrypt files, after which, they cannot be read without a decryptor. Supposedly, this decryptor exists, but it is in the hands of the cybercriminals who created the infection, and so you should not expect to receive it. The criminals suggest that they would be willing to release the decryptor to the victims who pay money for it, which is why the threat is classified as ransomware. Unfortunately, we cannot know whether or not the attackers would release the decryptor because they are unpredictable and untrustworthy. Hopefully, you cared enough about your files to have created backups, and so decryption is not something you need to worry about at all. In any case, you must remove Zatrov Ransomware from your operating system, and that might not be the easiest of tasks.

How does Zatrov Ransomware work?

Zatrov Ransomware is part of the STOP Ransomware family, to which Vesrato Ransomware, Cetori Ransomware, Masodas Ransomware, and hundreds of other infections belong to as well. In the past, most of the threats from this family were decryptable with the help of STOPDecrypter, but the attackers figured out a way to ensure that this tool does not work with newer variants of the infection. Hopefully, you can use it to your advantage, but we cannot make any promises. If you are planning on using the tool, make sure you do not accidentally download malware that uses the name of the decryptor as a disguise. Unfortunately, if you cannot employ a legitimate decryptor, all files with the “.zatrov” extension attached to their names will remain locked up. Next to these files, you should find “_readme.txt,” which is a file created by Zatrov Ransomware to introduce you to the attackers’ demands. You can open this file to read the message, but do not forget to remove it when the time comes. Make sure that all copies are removed.

Do you have $490? That is how much you would have to find in your pocket to pay the ransom requested by Zatrov Ransomware. This sum is huge, but it might not seem so big when you learn that it would go up to $980 after 3 days. Although it is clear how much the attackers expect, the ransom note does not explain how to pay the ransom, and so you might decide to send a message to gorentos@bitmessage.ch and gorentos2@firemail.cc as instructed. Do not do this, unless you want your inbox flooded with potentially misleading, malicious, malware-containing messages. Did you know that Zatrov Ransomware could have slithered in when you opened a corrupted spam email attachment as well? This is why you really need to be careful when interacting with unfamiliar messages or messages sent by the attackers. In general, you should contact the cybercriminals only if you are sure you want to take the risk of paying the ransom. We do not recommend it, but you need to decide what is best for you yourself.

How to remove Zatrov Ransomware

You want to make sure that you delete Zatrov Ransomware from your operating system. If your files are backed up, you can easily replace the corrupted files, and so you should not postpone the removal for any longer. How you remove Zatrov Ransomware depends on your own skills. For example, if you are not experienced, you might be unable to get rid of the infection manually. That might seem like a problem, but it is not because you can also employ reliable anti-malware software to have your operating system cleaned. In fact, this is the software we recommend installing without further hesitation because besides automatically clearing the system it also can ensure protection thereafter, and if you do not take care of that, you could face new ransomware infections in the future. Even if you secure your operating system, you still need to double-protect your files, which we recommend doing by creating backups. Store them outside the computer to ensure that backups stay safe.

Removal Instructions

1. Tap Win+R keys simultaneously to launch the Run dialog box.
2. Enter regedit and click to launch Registry Editor.
3. Navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
4. Delete the value named SysHelper if it is linked to a malicious .exe file linked to the ransomware (step 7).
5. Tap Win+E keys simultaneously to launch Windows Explorer.
6. Enter %USERPROFILE%\Local Settings\Application Data\ into the quick access field at the top (depending on Windows version, the path could be %LOCALAPPDATA%).
7. Delete the [random name] folder that contains the malicious [random name].exe file.
8. Enter %WINDIR%\System32\Tasks\ into the quick access field.
9. Delete the task named Time Trigger Task.
10. Empty Recycle Bin to eliminate the malicious components completely.
11. Employ a trusted malware scanner to check your operating system for threats that might be left over. Download Removal Tool100% FREE spyware scan and
    tested removal of Zatrov Ransomware*