Click on screenshot to zoom
Danger level 7
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

Amnesia Ransomware

When Amnesia Ransomware slithers into your operating system, it adds the “.amnesia” extension to many of your personal files. The unique extension is added only to help you see which files were corrupted, and so there is no point in deleting it. Needless to say, by eliminating this extension, you will not unlock your files. Unfortunately, the ransomware uses a highly complex algorithm to encrypt your files, and only a special decryption key/private key can crack the code. So, where is this key? Well, it is kept by the cyber criminal who has created the ransomware. This infection was designed in a way so that you would follow all of the demands to get the decryption key, and, unfortunately, they include paying a ransom. Even if money is not an issue for you – and the creator of the threat is likely to request a huge sum – paying the ransom is not a good idea because it is unlikely that a decryption key would be sent to you anyway. Unfortunately, you will not get your files decrypted even if you remove Amnesia Ransomware.

According to the research team working in our internal lab, Amnesia Ransomware was built using the Delphi programming language. Delphi has been used by the developers of RSUTILS Ransomware, Extractor Ransomware, and other similar infections. Just like most other ransomware threats, these ones have been found spreading via misleading spam emails with the installer concealed as a harmless attachment. However, Amnesia Ransomware could also be spread using RDP exploits. Once the installer is executed, a new file is created in the %APPDATA% directory. This file automatically deletes itself once the encryption is completed. This file could be named “guide.exe”. Another file that the ransomware creates is called “HOW TO RECOVER ENCRYPTED FILES.TXT”, and this one is not removed because it represents the ransom demands. According to our analysis, this file should be copied to every folder where encrypted files are found. Because the threat does not lock the screen or change the background, it is most likely that you will recognize its existence only after you find the ransom note or realize that you cannot open your files.

The ransom message represented by Amnesia Ransomware was created only to make you communicate with cyber criminals. The message includes an email address (s1an1er111@protonmail.com) that you allegedly need to write to if you want to have your personal files decrypted. The ransom message also includes a few warnings. The first one warns against deleting Amnesia Ransomware. The second one discourages you from decrypting the files yourself. If you decide that you want to contact cyber criminals – note that you will not be able to have a decent conversation with them – you should create a new email address. That is because you do not want cyber criminals knowing your real email, which they could later flood with all kinds of spam emails. All in all, if you contact the creator of the ransomware, you are most likely to be introduced to a ransom fee demand. Should you pay the ransom? As mentioned previously, that might be a bad idea, and so we do not recommend that. If your files were really important, you probably have them backed up anyway, and you can retrieve them after you remove the ransomware.

Deleting Amnesia Ransomware is very important, but the chances are that this threat has already deleted itself. If you realize that you have downloaded a malicious file right away – and you might realize that if, for example, it did not open when you downloaded it from a spam email – you might be able to remove it before anything bad happens. If your files were already encrypted, we suggest scanning your operating system using a legitimate malware scanner to see if your PC is clear. If any threats are found – no matter how minuscule they might appear to be – you have to remove them immediately. Needless to say, erasing unwanted files and keeping your operating system malware-free are not easy tasks. Due to this, we encourage you to install anti-malware software that is created to keep your operating system clean at all times. If you have questions for our research team, add them to the comments section.

Removal instructions

  1. Right-click and Delete the {unknown name}.exe launcher file.
  2. Right-click and Delete the ransom file called HOW TO RECOVER ENCRYPTED FILES.TXT.
  3. Empty Recycle Bin to get rid of malicious components.
  4. Perform a full system scan using a legitimate malware scanner to check for leftovers.
Download Spyware Removal Tool to Remove* Amnesia Ransomware
  • Quick & tested solution for Amnesia Ransomware removal.
  • 100% Free Scan for Windows
disclaimer
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.