Click on screenshot to zoom
Danger level 7
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Connects to the internet without permission
  • Can't be uninstalled via Control Panel Ransomware is a file-encrypting ransomware that uses the email address in its ransom note. Users have to contact cyber criminals by writing an email to or, depending on the version of the ransomware they encounter, if they wish to unlock their files. Yes, this threat also locks files like similar computer infections. Unfortunately, the encryption key it uses is RSA-2048, which means that it might be impossible to unlock files without the special key that only cyber criminals have. Of course, you should not hurry to pay the money this infection demands because a) cyber criminals might take your money but all your personal files and applications will stay locked and b) it might be possible to decrypt files free of charge. You need to delete Ransomware no matter you are planning on sending money to cyber criminals or not because new files you create in the future, e.g. an important presentation or a document might be locked again. Researchers at have found that this computer infection can launch again and encrypt files after the system restart because it has the Value in the Run registry key (HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). You will find out quickly that it is rather hard to get rid of the ransomware, especially if you wish to do that manually; however, we are sure that it will be easier for you to erase it if you read this article and only then go for its removal.

Cyber criminals give users a reason to pay money by encrypting all the personal files and favorite applications. It is not that hard to say which of the files have been encrypted and which are left untouched because those locked by Ransomware will have a new filename extension added next to the original extension, e.g. ID.{}.xtbl. As you probably see now, the majority of files stored on the computer are encrypted. Fortunately, the ransomware infection does not encrypt system files, so it will not ruin your Windows OS. The price of the decryptor that can help to unlock files will neither appear in the wallpaper that will be set nor you will find it in the How to decrypt your files.txt file that will be put on Desktop. In fact, users are not told that they will have to pay the ransom. They only find out that after they write an email to cyber criminals. As we have already told you in the first paragraph, you risk losing all your money and not getting anything in exchange by making a payment. Therefore, you should first try to use a free decryptor. If it does not work and you decide not to pay the ransom, keep those encrypted files – one day you might be able to unlock them (a free decryptor might be released).

Specialists at have identified two different versions of Ransomware. Even though they set slightly different wallpapers, they act exactly the same. We are sure that they are distributed using the same methods too. Our specialists have found that there are two ways this computer infection is spread. First of all, it might have entered your computer if you have recently opened an email attachment that you have found in the spam email. Such attachments are made to look harmless, which explains why so many users open them without fear. What is more, researchers say that ransomware might have been dropped by the Trojan, the so-called Trojan Dropper. Believe us; malicious software is very sneaky and it might find different ways to enter computers. Therefore, ensuring the system’s safety should be your top priority now.

Your files will not be unlocked, but it is still necessary to erase Ransomware from the system. If you are going to delete it yourself manually, you should use our removal instructions because ransomware infections are stubborn threats that are not easy to erase by hand. If our manual removal instructions do not help you either, use an automatic malware remover. You can even download the reputable scanner SpyHunter by clicking on the download button you can find below this article. Your system will become immediately clean after you perform the scan with it. Ransomware manual removal guide

  1. Launch RUN (Win+R).
  2. Type regedit in the box and click OK to open the Registry Editor.
  3. Move to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.
  4. Locate the random name Value with the Data %WINDIR%\Syswow64 (if you use 64-bit Windows) or %WINDIR%\System32 (if you have 32-bit Windows).
  5. Delete it.
  6. Open HKCU\Control Panel\Desktop and locate the Wallpaper value.
  7. Right-click on it and select Modify.
  8. Delete the Value data and click OK.
  9. Repeat the same with the Value BackgroundHistoryPath0 which can be found by following this path HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Wallpapers.
  10. Check all the below listed directories and remove the .exe file that belongs to the ransomware infection:
  • %ALLUSERSPROFILE%\Start Menu\Programs\Startup\
  • %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\
  • %USERPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup\
  • %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup\
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\Startup\
  • %WINDIR%\Syswow64\
  • %WINDIR%\System32\
Download Spyware Removal Tool to Remove* Ransomware
  • Quick & tested solution for Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.