Arrow Ransomware

Arrow Ransomware is a new version of Dharma Ransomware. Unlike the previous threat it might be less distributed since so far our researchers could not find any samples of it, and so there is very little information about it. However, some findings show the malicious application could be somewhat similar to its previous variant. Therefore, further in the article, we will present the details we managed to discover up until now and also, explain how the malware might work based on the behavior of its previous version. Moreover, users who need any help with the threats removal can find instructions located at the end of this text. The given steps will explain how Arrow Ransomware could be deleted manually, just keep it in mind we cannot guarantee it will work for everyone, which is why additionally it would be advisable to scan the infected computer with a reliable antimalware tool too.

The Dharma Ransomware we mentioned at the beginning of this text was distributed through Spam emails, and so its victims would infect the system after launching a malicious email attachment. In this case, our researchers believe Arrow Ransomware might be spread via unprotected Remote Desktop Protocol (RDP) connections. Nonetheless, just to be on the safe side, we recommend taking all extra precautions to guard the system against such malware. For starters, it would be smart to update older applications, computer’s operating system, or other software that could be already out-dated. Next, we advise staying away from unreliable file-sharing web pages or other potentially malicious sites. Besides, the computer would be less vulnerable if you acquire a reliable antimalware tool, just do not forget it to keep it up to date as well or it might be unable to protect your system form newer threats.

The other difference we noticed between Arrow Ransomware and its earlier version is the way these threats mark their affected files. Both of the malicious application encrypt user’s personal data with a strong cryptosystem, but while Dharma Ransomware was programmed to mark encrypted files with .[bitcoin143@india.com].dharma or similar extensions, the new variant is supposed to place .id-{*random 8 digits}.[braln@protonmail.com].arrow at the end of each locked file, for example flowers.jpg.id-{58763259}.[braln@protonmail.com].arrow. What’s more, the previous version encrypted not just user’s personal files, but also program data with the exception of files belonging to the operating system or tools created by Microsoft. Consequently, it is quite possible Arrow Ransomware could act this way too, although at the moment of writing we cannot confirm it.

After the malware encrypts its targeted data and marks it with a specific additional extension, it is possible it might place a ransom note or even scatter its copies among folders containing encrypted files. Such a document should provide instructions on how to pay a ransom or a message asking to contact the hackers behind Arrow Ransomware. On the other hand, since the malicious application’s additional extension (.id-{*random 8 digits}.[braln@protonmail.com].arrow) mentions a particular email address, the threat might not drop any ransom notes as the user could contact the hackers and ask about decryption while using the given email address. Of course, we would not recommend doing so because dealing with these people might be dangerous. They and promise you anything to convince you to pay, but when you transfer the money, they may not bother to hold on to their word.

For those who encounter Arrow Ransomware and do not want to risk their savings, we recommend erasing the malware with no hesitation. For instance, users could try to locate the malicious application’s launcher that might have been dropped on the system by the hackers or downloaded unknowingly by the user himself. The instructions located below will show you how you could search for it and how to erase it you find it. Then it would be advisable to scan the system with a reliable antimalware tool just to make sure the threat is gone. Acquiring such a tool could help you keep the computer safe in the future as well, which is why we highly recommend considering this option.

Erase Arrow Ransomware

1. Press Ctrl+Alt+Delete.
2. Go to the Task Manager.
3. Find the malware’s process.
4. Mark this process and click End Task.
5. Exit Task Manager.
6. Tap Win+E.
7. Navigate to:
   %TEMP%
   %USERPROFILE%\desktop
   %USERPROFILE%\downloads
8. Check if you can find the malicious file downloaded before the computer got infected.
9. Right-click the suspicious file and press Delete.
10. If the infection drops ransom notes delete them too.
11. Close File Explorer.
12. Empty your Recycle bin.
13. Reboot the system.