Schwerer Ransomware

Schwerer Ransomware is known to be new encryption malware. It has been developed in April, 2017, and it poses a direct threat to users’ personal files. Although it acts just like previously-released ransomware infections, it can be called unique in one sense – it has been developed using a scripting language called Autoit. It, of course, does not mean that it does not perform activities typical for ransomware. Research has revealed that it also enters computers with the intention of encrypting files, so it locks them all right after slithering onto the computer successfully. In addition, it demands money from users too. You will discover a bunch of your files, including pictures, documents, and media files encrypted, but system files will not be touched, meaning that your computer will work normally. We understand that, among these encrypted files, there might be files you need back badly, but we cannot recommend sending money to cyber criminals. Specialists at pcthreat.com are sure that the removal of this ransomware infection is the only thing users should do without consideration.

Hundreds of ransomware infections encrypting files are available, but you can be sure that Schwerer Ransomware is the infection you have encountered if you can find an active process pawje.exe in the Task Manager. What also shows that Schwerer Ransomware is on the system is a new extension .schw appended next to original filename extensions of those files that cannot be accessed. Last but not least, a window on Desktop whose first sentence is “All your computer file were encrypted with AES, only we can restore your files” should be opened if you have really encountered this crypto-threat. This window is opened for users to tell them what they can do to unlock their files. Unfortunately, it seems that they do not have many options. This ransom note tells users that they could decrypt their files only if they purchase the special key. It costs 150 euro, and money has to be paid within 3 days. Before making a payment, users are asked to send an email to 897698@mail2tor.com with a personal identifier (it is placed at the bottom of the opened window) to get the Bitcoin address and payment instructions. The chances are 50-50 that the decryption key will be sent to you after you transfer your money. Our researchers say that there are many cases when users get nothing after sending the required money to creators of ransomware, so they do not recommend doing that. They say that you should delete Schwerer Ransomware as soon as possible and then recover files from a backup. If a backup of files does not exist because you have never backed up your files, do not hurry to delete those locked files from your computer. It is very likely that specialists will release a free decryption tool sooner or later.

We are sure you did not downloaded Schwerer Ransomware willingly on your computer, but it is very likely that you helped this computer infection to sneak onto your PC. Of course, you were not aware of that. Users usually allow ransomware-type infections to enter their systems by opening malicious attachments from spam emails. These spam emails are not always placed in the Spam folder, which suggests that users must be careful with emails sent from unknown senders too. What is more, it is highly recommended not to download software from dubious pages because the malicious file of ransomware might be masqueraded as, for example, an installer of a reputable application. Our security specialists also recommend acquiring security software. If you keep it enabled, malicious software could not enter your computer.

No matter how Schwerer Ransomware has entered your PC, it is a must to erase it as soon as possible because it will keep working actively on your computer and might encrypt new files again. We are sure you will not find its removal easy because you will need to delete its files, registry keys, and kill its process in the Task Manager. If you have never deleted serious malware from your PC before, you should let our manual removal guide help you to take care of this crypto-ransomware. Alternatively, an automatic malware remover, such as SpyHunter, can be used to delete it automatically. Keep in mind that it cannot decrypt those files locked by Schwerer Ransomware, but it will surely fully remove this ransomware-type infection for you.

Delete Schwerer Ransomware manually

1. Launch the Task Manager (press Ctrl+Shift+Esc).
2. Open the Processes tab.
3. Right-click on the process pawje.exe which belongs to ransomware and select End Process.
4. Close the Task Manager.
5. Open the Registry Editor (press Win+R, type regedit in the box, and click OK).
6. Delete these two registry keys one after the other (right-click on the key and then click Delete):

• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\waijo
• HKEY_CURRENT_USER\Software\Other\Schwerer

7. Close the window and tap Win+E.
8. Open %APPDATA%\Other.
9. Delete two files from this directory: awiem.bat and pawje.exe.
10. Go to %WINDIR%\System32\Tasks.
11. Delete the waijo task.
12. Close the window and go to empty the Trash bin.