Fairy Tail Ransomware

Researchers working at pcthreat.com have recently come across a new ransomware infection. It has been named Fairy Tail Ransomware after the filename extension it marks encrypted files with. Specialists say that it might be a new variant of Cryakl Ransomware, so, if it is true, it means that we already know how it is distributed – via malicious emails. Of course, we cannot guarantee that this malicious application cannot be distributed in a different way as well. No matter how it slithers onto users’ computers, it acts the same in all the cases. That is, it copies itself to %TEMP% and creates a Value in the Run registry key before encrypting users’ personal files. Yes, it is one of those ransomware infections that mercilessly lock files on affected computers. Ransomware infections are developed by cyber criminals so that they could obtain more money from users, so it is very likely that you will be asked to send a ransom to crooks behind Fairy Tail Ransomware as well. Without a doubt, you should not do that. Yes, it might be the only way to unlock files, but you cannot be so sure that cyber criminals will give you the tool for unlocking encrypted data, so transferring money to them is not smart at all. What you should focus on instead is the complete ransomware removal. Its removal will not be a piece of cake, but we are sure that you will remove it manually yourself if you read this entire report and then use instructions provided below the article.

Once Fairy Tail Ransomware infiltrates computers, it locks almost all files on them. Luckily, it leaves the Windows OS folder %WINDIR% untouched, so your computer will continue working normally after its entrance. Unfortunately, you could no longer open a bunch of personal files, including documents, pictures, music, etc. The ransomware infection also opens a small window and drops README.txt in all affected folders – they both contain the same text: “to decrypt file komar@tuta.io.” We are sure you will be asked to transfer money to cyber criminals to get your files decrypted, so we see no reason why you should send an email to the provided email address. Yes, we do not recommend transferring money to crooks. You will not only encourage them to continue developing new malicious software, but it is also very likely that you will not even get the decryption tool from them. Cyber criminals might simply not give it to you or they might not have it. At the time of research, free decryption software was not available either, which means that users can only restore their files for free from a backup. Of course, the ransomware infection must be deleted fully first so that it could not encrypt restored files again.

Not much is known about the distribution of Fairy Tail Ransomware because it has not infiltrated many computers yet. Researchers say that the chances are high that it will never become a prevalent threat because its quality is terrible. As mentioned at the beginning of this article, like Cryakl Ransomware, it should be mainly spread via malicious emails. The ransomware infection should travel as an ordinary email attachment and then immediately infiltrate the computer if the malicious attachment is opened by the user. As mentioned at the beginning, Fairy Tail Ransomware immediately makes a copy of itself and places it in %TEMP%. On top of that, it creates an entry in HKCU\Software\Microsoft\Windows\CurrentVersion\Run so that it could continue working after the system restart. You might encounter much more sophisticated ransomware infections in the future if you keep your system unprotected. We are sure you do not want this to happen to you, so we have a piece of advice – keep your antimalware tool enabled 24/7. Most likely, you do not have antimalware software if you have ended up with this threat, so you will need to acquire it first.

The manual Fairy Tail Ransomware removal will not be very quick and easy, but you should be able to get rid of this threat yourself if you use our manual removal guide (see below). As you can see, you need to delete the malicious file from %TEMP% and the ransomware Value from the Run registry key to disable it. If the manual method turns out to be too complicated for you, you can clean your system in an automated way, i.e. perform a system scan with an antimalware scanner instead. Unfortunately, you will not unlock your files by erasing the ransomware infection from your computer.

Remove Fairy Tail Ransomware manually

1. Press Win+R.
2. Type regedit and tap Enter.
3. Move to HKCU\Software\Microsoft\Windows\CurrentVersion\Run.
4. Locate the Value consisting of 10 random digits (it points to the malicious file in %TEMP%).
5. Right-click it and select Delete.
6. Close Registry Editor and open Explorer (press Win+E).
7. Open %TEMP% (type the directory in the URL bar and tap Enter to open it).
8. Delete the copy of the ransomware infection.
9. Remove README.txt from all affected directories.
10. Empty Trash.