Iwantmyfiles Ransomware

Iwantmyfiles Ransomware belongs to the group of RaaS (Ransomware as a service) ransomware-type infections because it can be purchased and modified by anyone at https://frozrlockqqxz7a2.onion.to/. Although it is not hard to get it, we would lie if we said that it is extremely prevalent threat at the time of writing. Although it is not distributed very actively yet, the situation might change tomorrow, so you are not safe. Most probably, you are reading this article because your files have already been locked by Iwantmyfiles Ransomware. Like all other ransomware infections cyber criminals develop, this threat seeks to obtain money from users, so do not be surprised when you notice a sentence “we just need your contribution and you can have access to all your files today” located on the window opened on Desktop or in the .txt file left by ransomware. It is always a bad idea to support cyber criminals because they will never stop developing malicious software and, on top of that, nobody knows whether they will decrypt personal files for you. To put it differently, you might pay money for nothing, so, in the opinion of specialists working at pcthreat.com, it would be smart to delete Iwantmyfiles Ransomware fully and then think about alternative decryption methods if you have found many files locked.

A bunch of ransomware infections with the same interface exist, but, in this article, we talk about the specific variant Iwantmyfiles Ransomware which provides the website iwantmyfiles.asia/payment.php?{unique ID} in its ransom notes. Although we can call it a new threat, it acts just like other ransomware-type infections, so it is not unique at all. After the successful infiltration, it finds directories where such valuable files as documents, pictures, and media files are located and then encrypts them all. It should be noted that it leaves system files intact. Unlike ransomware infections we analyzed previously, it does not append new extensions to encrypted files – you will simply notice that you can no longer open them if Iwantmyfiles Ransomware ever slithers onto computer. Once all files are encrypted, it is the time for opening a window with a ransom note on Desktop and dropping the .txt file READ_ME.txt. Both the window and the .txt file contain the same text. No matter which one of them a user opens, he/she immediately finds out that “files can be decrypted.” Of course, nobody is going to give their files back for free – both ransom notes let users know that they can decrypt files by transferring a ransom in Bitcoins only. More detailed information about the payment is provided to users on the website whose link can be found at the bottom of the ransom note – you can open it if you consider transferring money in exchange for the decryption key, but do not forget what our specialists told you – supporting cyber criminals is not clever at all.

Unfortunately, there is not much users can do if they have discovered their files encrypted but do not want to spend money on the decryption key. To be frank, their only chance to get files back for free is to recover them from a backup. Also, they can wait till specialists release a free decryptor. It might seem that it is easier to pay money, but, as has already been mentioned in previous paragraphs, there are no guarantees that files will be decrypted after transferring a ransom, so users should keep their money to themselves.

It is not that easy to say how Iwantmyfiles Ransomware is distributed because it is not prevalent at the time of writing; however, specialists believe that it is mainly disseminated via spam email campaigns. Ransomware infections usually pretend to be harmless email attachments, so if you remember opening one recently, Iwantmyfiles Ransomware could have entered your PC without your knowledge at that time. You cannot change anything now, but you should definitely go to install security software on your computer to prevent those file-encrypting threats which will be developed in the future from secretly sneaking onto your computer and encrypting files again.

You cannot decrypt your files easily if you have found them all locked, but, luckily, it should not be very hard to fully erase Iwantmyfiles Ransomware because it does not make any important modifications on the system. All you need to do is to close the window opened on your Desktop, delete suspicious files from your system, and then remove READ_ME.txt. If it happens that you cannot find any suspicious files on your computer, perform a system scan with a legitimate antimalware scanner – it will delete them all for you.

Delete Iwantmyfiles Ransomware

1. Open the Windows Explorer (tap Win+E).
2. Check %USERPROFILE%\Downloads, %USERPROFILE%\Desktop, %APPDATA%, and %TEMP one by one.
3. Delete all suspicious files from these directories.
4. Empty the Recycle bin.