Ceri133@india.com Ransomware

Ceri133@india.com Ransomware is another infection based on the CrySIS Ransomware engine. It acts like Redshitline Ransomware, Saraswati Ransomware, and Alex.vlasov@aol.com Ransomware, which are also based on the same engine, so it did not take long for specialists working at pcthreat.com to find out how Ceri133@india.com Ransomware works too, and what it wants from users. First of all, we have to tell you that Ceri133@india.com Ransomware is another file-encrypting ransomware infection, so you can consider your personal files lost if it ever finds a way to enter your computer. Secondly, it is clear that cyber criminals use it to obtain money from users easily. You should definitely not give cyber criminals what they wish because they will get better and better and create other similar software for stealing money from users. Also, nobody knows whether you will get the key for unlocking these personal files after making the payment. Users who decide not to give a cent to cyber criminals need to delete Ceri133@india.com Ransomware from their computers as soon as possible because this infection might strike again. It has been found that it can start automatically because it makes particular modifications in the system registry.

To inform users about the condition of their personal files, Ceri133@india.com Ransomware creates two files. One is an image that will be set as the Desktop wallpaper and the other (How to decrypt your files.txt) will be created on your Desktop. To be frank, neither the .txt file nor the scary picture set as Desktop wallpaper explains much to users. They both contain such a short message:

Hi

All your data is encrypted,

to get the data back to write Ceri133@india.com

If we do not respond in a record day write lilu010@aol.com

You can write an email to cyber criminals if you wish but be ready to get instructions on how to make a payment because cyber criminals responsible for the presence of Ceri133@india.com Ransomware on your computer seek to obtain money from you. We do not have any information about the price of the decryptor right now but we know that this software will not be cheap. As our experience shows, the ransom such threats ask might even reach a few thousand dollars. We do not think that it is clever to transfer money even if you notice that the majority of personal files, e.g. pictures and documents have the new .id-(unique ID).{ceri133@india.com}.xtbl extension and are encrypted. It might be impossible to decrypt these files without the private key; however, you should not delete them even though you are not going to pay the ransom because the useful tool might be released in the future.

It seems that the source code of the ransomware infection is available on the web and can be accessed by anybody because researchers have recently come across a bunch of new ransomware infections. According to researchers, these threats are usually distributed through spam emails, i.e. they come as attachments and enter computers the second users open them. Surely, they can find other ways to enter systems too, for example, another malicious application could drop ransomware on your computer. It is unlikely that you will protect your computer from dangers, so we recommend installing security software on the computer. Not all of them are capable of preventing ransomware from slithering onto the computer too, so we suggest using SpyHunter.

In fact, if you fail to protect your system from ransomware, you will quickly find out that it is inside your system because it will not only encrypt your files and change the wallpaper, but also because it will make various changes on the computer. In the case of Ceri133@india.com Ransomware, this infection will create the Value in the Run registry key (HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). Secondly, it will modify the data of the Wallpaper value in HKCU\Control Panel\Desktop. Finally, the BackgroundHistoryPath0 Value which can be found in HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Wallpapers will be modified too. Other infections based on the same template as Ceri133@india.com Ransomware makes these modifications too, so you could find out quickly about the presence of the ransomware.

To delete the ransomware infection from your computer, you need to find and delete the executable file of the ransomware and then undo all the changes it has made in the system registry. If you find this process too difficult, you are welcome to use the guide you can find below. You still need to scan your computer with an automatic malware remover after the deletion of this infection because you might have other threats on your PC even though you do not know about them. We recommend using SpyHunter for the discovery of undesirable software.

The Ceri133@india.com Ransomware removal guide

1. Open the Registry Editor (press two buttons one after the other: Win + R).
2. Type regedit.exe in the box and click OK.
3. Go to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.
4. Find the Value that belongs to the ransomware infection (it might have the Data %WINDIR%\Syswow64\*.exe or %WINDIR%\System32\*.exe).
5. Move to HKCU\Control Panel\Desktop.
6. Right-click on the Wallpaper value and select Modify.
7. Clear the Data field. Click OK.
8. Go to HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Wallpapers.
9. Right-click on the BackgroundHistoryPath0 value.
10. Delete all the data from the Value data field. Click OK.
11. Check the following directories, find the {randomname}.exe file, and remove it:

• %ALLUSERSPROFILE%\Start Menu\Programs\Startup\
• %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\
• %USERPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup\
• %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup\
• %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\Startup\
• %WINDIR%\Syswow64\
• %WINDIR%\System32\