Symbiom Ransomware

Symbiom Ransomware is yet another example of how rookie hackers and cyber criminals can exploit an open-source malware infection like the famous Hidden Tear Ransomware, which was originally designed as an educational project. Somehow more and more infections emerge on the web based on this ransomware, including HUSTONWEHAVEAPROBLEM Ransomware, $ucyLocker Ransomware, and Fabsyscrypto Ransomware. This vicious program is coded in .NET, thus it is easy to decompile it. Yet, it may cause a lot of devastation if it manages to encrypt your personal files. For some unknown reason, in our tests the encryption process failed to work but it does not mean that it cannot fulfill its vicious plan in other cases. We believe that it is best to have a backup of your most important files in cloud storage or on a portable drive to be on the safe side just in case such a dangerous threat finds a way to hit you. We do not encourage anyone to contact these criminals or to pay them any amount of money as it could end with more malware infections or simply losing your money. We recommend that you remove Symbiom Ransomware immediately from your PC.

This dangerous ransomware uses the disguise of being the cracked version of a well-known computer game called Overwatch, which is a multiplayer online first-person shooter video game. This malicious executable, OverWatch_Hack.exe, can be delivered to your system in a number of ways. First, it is possible that you want to download this game from a suspicious file-sharing site (torrent or freeware). You may end up on one by simply running a search in a search engine that can be any one of the most reputable ones too (e.g., Google or Yahoo). These shady sites can promote malicious bundles that may contain several malware threats, including this ransomware, but it may as well be a standalone file that makes you believe that you are actually downloading the cracked game. Keep in mind that running this fake installer could be devastating and even if you delete Symbiom Ransomware, you will not be able to save your files from encryption.

Second, you may also drop this vicious program on your system by clicking on corrupt third-party pop-up ads offering your software update or download. You can be exposed to such ads by visiting suspicious websites or when your system is infected with malware, such as adware programs. You should also be very careful if your browsers and drivers are not updated because cyber criminals can use so-called Exploit Kits (e.g., Angler) and create fake websites with malicious Java or Flash codes that can drop this threat on your computer without your knowledge. All it takes is loading the malicious page and the code is triggered right away. Therefore, apart from being more cautious with your clicks, it is also important that you update your browsers and drivers regularly if you do not want to end up removing Symbiom Ransomware from your PC.

This dangerous threat is activated the moment you run the fake installer. The ransom note is dropped on your desktop before the encryption begins; it is called "README_Ransomware_Symbiom.txt." We have found that this infection does not connect to any C&C (Command and Control) server and it creates the AES key locally. It mainly targets your most important personal files, such as photos, videos, documents, and archives. The encrypted files get a “.symbiom_ransomware_locked” extension. As we have already mentioned, in our case this ransomware failed to encrypt any files even though the source code was prepared for encryption. We have not found the reason yet why, but it does not mean that it cannot accomplish its mission in other cases.

This ransomware does not lock your screen after the encryption or replace your desktop background with a characteristic background image serving as the ransom note. In fact, you need to open the text file on your desktop to understand what has happened. This file contains little information. It simply tells you that your files have been encrypted and that you have to pay 0.1 BTC, which is 345 US dollars right now, in order to save your files. Once you are done with the transfer, you are supposed to contact these criminals by sending an e-mail to “hackerz6924@tutanota.com.” Since there is no guarantee that these crooks will send you the decryption key or decrypt your files remotely, we do not advise you to contact them at all. The only thing you can legally do is remove Symbiom Ransomware as soon as possible and use your backed up clean files to refresh your hard disk.

If you are ready to act after the shock of the thought that you may lose all your precious files, you can use our instructions below this article to delete Symbiom Ransomware. It is possible that this is not the only threat on your system though even if it may be the most dangerous and disastrous. Thus, we recommend that you eliminate all possible threat sources as well. You can try to do so manually but if you are not an expert user, you may want to use a professional anti-malware program like SpyHunter. What could be more efficient than automatic protection?

How to remove Symbiom Ransomware from Windows

1. Press Win+E to open File Explorer.
2. Locate the downloaded malicious .exe file (“OverWatch_Hack.exe”) and delete it.
3. Bin the "README_Ransomware_Symbiom.txt" ransom note from the desktop.
4. Empty your Recycle Bin.
5. Reboot your system.