Click on screenshot to zoom
Danger level 7
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

DevNightmare Ransomware

DevNightmare Ransomware is a malicious application recently detected by experts. Even though it is a new member of a large family of ransomware infections, we cannot say that it is unique in any sense. In other words, it does not differ from other ransomware infections created by cyber criminals. Researchers working at have noticed that DevNightmare Ransomware also encrypts files. In addition, it creates a new file on Desktop after it finishes doing that. Like other threats that fall into the category of ransomware, cyber criminals have created it to reach more people in order to obtain money from them. We understand users who need their files back, but we do not think that it is a good idea to pay money for the private decryption key too because cyber criminals who have created this infection might not send it to you after they receive the money they wanted. It might be extremely hard, or even impossible, to decrypt files without the private key because this ransomware infection uses the AES-256 encryption algorithm; however, there might be other ways to recover files, so do not worry and continue reading this article.

Research carried out by our specialists has also shown that DevNightmare Ransomware is based on the Hidden-Tear, which is known to be open-source ransomware. Its code has been made public due to educational purposes; however, cyber criminals have decided to create their own ransomware to extort money from people. In order to do that, DevNightmare Ransomware encrypts the most valuable files it finds on the computer, e.g. music, pictures, and documents by adding the extension .2xx9. Then, it places the READ_ME.TXT file on Desktop. It does not contain much information, but it becomes immediately clear after reading it that cyber criminals want money from users:


Your System is inficated with Dev-Nightmare 2xx9 Ransomware

Your All Files and database are encrypted.

If you want your files back contact me at

Send me some money or bitcoins

And I hate fake peoples.

Even though the message in the READ_ME.TXT file contains mistakes, it is clear that users have to write an email to and then transfer the required money. If you are not planning on transferring money to cyber criminals, you should not even write an email to them. Instead, you should try to find a free tool for recovering your files on the web. Also, you can recover your files without the private key if you have a backup of your files stored on a USB flash drive or another external device. Before you try to get your files back, remove DevNightmare Ransomware fully.

You cannot keep DevNightmare Ransomware on your computer because it will hit again and you will find your files locked. In addition, it has been found that it connects to the Internet from time to time. According to our researchers, DevNightmare Ransomware uses SMTP (Simple Mail Transfer Protocol) to send the information about the computer, e.g. computer name, username, MAC address, and the encryption key used to its email Of course, it might use your Internet connection for other purposes too unless you erase it from the system fully.

You need to find out how ransomware infections are distributed in order not to encounter any of them again before the removal of DevNightmare Ransomware. As our experience shows, ransomware infections are mainly spread via spam emails. They travel as harmless-looking attachments, so users open them bravely. DevNightmare Ransomware sneaks onto the computer the second they do that. Of course, it is not the only way ransomware infections are distributed. Specialists say that they might be dropped by Trojans too. It is, surely, not easy to prevent ransomware from entering the computer, so we suggest installing and keeping a reliable automatic tool enabled on the system as well.

It is a must to delete DevNightmare Ransomware from the system if you do not wish your personal files to be encrypted again. Fortunately, it will not be hard to erase it because it does not create a POE (point of execution), and it does not create copies of its executable file in different directories. No matter which method (manual or automatic) you decide use to erase this infection, make sure that you delete it fully. You can do that by following our step-by-step manual removal guide or scanning the computer with an automatic malware remover, such as SpyHunter.

How to delete DevNightmare Ransomware

  1. Find the malicious file you have launched before the encryption of files.
  2. Delete it.
  3. Remove the READ_ME.TXT file from Desktop.
  4. Scan the system with an automatic scanner to check whether you have deleted this infection fully.
Download Spyware Removal Tool to Remove* DevNightmare Ransomware
  • Quick & tested solution for DevNightmare Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.