Click on screenshot to zoom
Danger level 7
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Connects to the internet without permission
  • Can't be uninstalled via Control Panel

Reetner Ransomware

The message from Reetner Ransomware may say all your files have been encrypted with a “military-grade encryption algorithm.” However, our research team tested the malicious application themselves and did not notice it would encrypt any data on the infected device. Thus, the malware might be still in the development stage, and the future versions could start enciphering the victim’s data. Consequently, we cannot be sure if it is yet being distributed. Nonetheless, we will discuss the ways it could enter the system and suggest how users may avoid it. If you happen to encounter Reetner Ransomware, we advise you to ignore the ransom note and erase the malicious application as fast as possible. To assist you in the matter we are placing manual deletion instructions at the end of the text.

If Reetner Ransomware is being or is going to be distributed we would guess the malware’s creators may choose to spread it with infected email attachments since it is still the most popular way to distribute threats like ransomware. In such case, the user infects the system himself without realizing it after opening the malicious attachment. To avoid this scenario, we would advise you to be more cautious with data sent through email especially if it was sent by an unknown sender or is classified as Spam. Instead of rushing to open such a file and find out what it contains, it would be wiser to first scan it with a reliable antimalware tool that could detect harmful data.

Furthermore, quite recently we also had quite a few cases when cyber criminals connected to their victims’ computers through insecure RDP connections or other vulnerabilities, then placed and launched malicious installers themselves. Protecting the device from such attacks in not an easy task since any software could have yet undiscovered vulnerabilities. This is why it is vital to update your operating system, antimalware tool, and any other software on the computer whenever it is possible. Plus, it would be wise to change your computer’s password if you believe it might be weak or you have not done it in a long time.

As the sample our research team tested did not encrypt any files, Reetner Ransomware did not do a lot of changes to the computer. Probably, the most visible change was the replaced Desktop picture. The malware’s wallpaper has a picture of a lock, and a couple of text lines, such as “All your files have been encrypted” or “See the file “Unlock_My_Files” located on your Desktop,” and so on. Given there is a translation written in Spanish, it could be that the ransomware’s creators might seek to distribute this malicious application in Spanish-speaking countries in addition to English-speaking ones. What’s more, the mentioned Unlock_My_Files document is mostly written in English, but there is a line written in Spanish too saying the user should use Google Translator if he does not understand the text.

The mentioned file (Unlock_My_Files.html) is Reetner Ransomware’s ransom note as it explains what the victim has to do to decrypt enciphered data. According to it, there is supposed to be another file with further instructions called note.html, but the sample we tested did not drop such a file. As a result, we do not know how much could the ransom be or how it could be asked to be paid, although usually users are demanded to transfer it in Bitcoins. In any case, paying the ransom is unadvisable as you cannot know if the cyber criminals behind the threat will keep up to their promises.

Luckily, with Reetner Ransomware you do not even have to consider whether it is worth to risk paying the ransom as at least for now the malware does not encrypt any data and there is no need for decryption tool. Therefore, we recommend removing the malicious application with no hesitation. To eliminate it manually have a look at the steps placed below the paragraph or install a reliable antimalware tool and let it delete the threat for you.

Erase Reetner Ransomware

  1. Press Win+R to open the RUN.
  2. Type Regedit into the given box and click OK.
  3. Navigate to: HKCU\Control Panel\Desktop
  4. Find a value name called Wallpaper, right-click in and press Delete.
  5. Close the Registry Editor.
  6. Press Win+E to access File Explorer.
  7. Go to: C:\Users\User\AppData\Local\Temp
  8. Find a picture called wallpaper.bmp, right-click it and press Delete.
  9. Check the following paths one by one:
    C:\Users\User\Desktop
    C:\Users\User\Downloads
    C:\Users\User\AppData\Local\Temp
  10. Look for suspicious downloaded file that might have infected the system.
  11. Right-click such a file and select Delete.
  12. Remove all ransom notes (Unlock_My_Files.html).
  13. Close the Explorer.
  14. Empty Recycle Bin.
  15. Restart the computer.
Download Spyware Removal Tool to Remove* Reetner Ransomware
  • Quick & tested solution for Reetner Ransomware removal.
  • 100% Free Scan for Windows
disclaimer
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.