Click on screenshot to zoom
Danger level 7
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Connects to the internet without permission
  • Installs itself without permissions
  • Hijacks homepage
  • Can't be uninstalled via Control Panel Ransomware Ransomware is a dangerous threat that can infiltrate your system without your knowledge. This ransomware infection can encrypt your major files, which simply means that if you do not have a recent backup of your files on a removable drive, you may have no real chance to recover your files. Once the damage is done, this malware threat changes your desktop background image with its ransom note. The only good news is that this infection does not lock your screen even if it fills it full-screen. Although the criminals behind this vicious attack may offer you a way out of this nightmarish situation once you contact them via e-mail, we do not believe that paying a ransom fee to crooks would really restore your files. There is always a risk that cyber criminals will not deliver as promised or technical issue may also emerge. Therefore, we suggest that you remove Ransomware immediately.

In order for you to be able to protect your system from similar attacks it is essential to know how this ransomware infection managed to slither onto your computer in the first place. This vicious program is most likely to attack you through spam e-mails disguised as an important-looking file attachment, such as an image or a document with macro code. However, this file is indeed a malicious executable program that can download Ransomware in the background and initiate this attack in no time.

You may think that you would never open such a mail and download its attachment. But we must tell you that it is still possible to be fooled by a sophisticated spam even for experienced computer users. The trick behind this is that these criminals may succeed in appealing to your curiosity. This simply means that such a spam mail could appear to come from an institution or government office that you could not say “no” to. Also, the subject matter of this mail can be anything that would draw your attention right away even if you see it only peripherally while scanning through your spam or inbox folder.

For example, this mail could be about a speeding ticket you have not settled, an overdue invoice of some sort, or any booking you allegedly made with the wrong credit card details. Do you think you could really resist this kind of temptation even when you believe that “this must be a mistake”? If you are under attack by this ransomware, you most probably failed to do so. Unfortunately, the moment you run this downloaded file to view it, is the moment that you activate this malware. This is why prevention is so important when it comes to such malicious attacks. Because even if you delete Ransomware from your system, this will not recover your files and you will have to say goodbye to them for good.

We have found that this ransomware infection uses the same e-mail server as other recent threats, including Ransomware and Ransomware. However, we do not claim that there is any connection between these malware infections. Ransomware, once activated, targets your important media files and third-party program files, and encrypts them with the AES-256 algorithm, which is in fact a Windows function. This means that the whole encryption process can be over within a minute depending on the number of files targeted and the parameters of your PC.

All affected files get a new extension that makes it clear that you are dealing with this particular threat: “.{}.” A picture file is also dropped onto your system called "decryption instructions.jpg," which is the ransom note itself. This image will replace your desktop background, once the attack is over. We have found that this threat does not lock your screen or block your executable system files, such as Task Manager, Explorer, and RegEdit, which are usually targeted by other ransomware programs to make it more difficult to delete them.

This ransom note is hard to miss because it paints your screen with a hard-to-miss red color. This is probably the most short-spoken note we have ever seen. “ Text me” is all you can see in the middle of your screen. Well, that is not too wordy to say the least. Practically, you cannot find out anything about this attack and the solution until you send an e-mail to this address. You will most likely get a reply message with the instructions as to how to transfer the ransom fee in Bitcoins to a wallet address in order to get the decryption key or software. The usual fee can be anything from 0.1 BTC up to 2 BTC or even more. This means around $75 up to $1,500. The problem is that criminals very rarely keep their word. Therefore, we advise you to remove Ransomware right away instead of wasting your money. But, obviously, this is your call how you decide in the end.

The sad news is that there is no free tool yet on the web available that could help you recover your files. Therefore, the only possible way for you to do so is to transfer a clean backup copy back to your hard disk, if you have any. Such attacks certainly teach us a good lesson with regard to making regular backups of our most important files. But even if you are that lucky to have a backup, the first thing you should do before rushing to transfer your clean files is to delete Ransomware and all its mess from your system, including the encrypted files as well. Please follow our detailed guide below if you are ready to stop this beast manually. If this could be too challenging for you, we advise you to install a reliable anti-malware application to automatically do this for you and even more. With proper security software you can provide your PC the best protection from all existing malware infections.

How to remove Ransomware from Windows

  1. Press Win+Q and type in regedit. Hit the Enter key.
  2. Delete the following registry keys that may have random names (“*”):
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\* (value data: “%WINDIR%\Syswow64\*.exe”) (64-bit)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\* (value data: “%WINDIR%\System32\*.exe”)
  3. Exit the Registry Editor.
  4. Press Win+E to launch File Explorer.
  5. Locate and delete the random-name .exe file (“*”) from these potential locations:
    %ALLUSERSPROFILE%\Start Menu\Programs\Startup\*.exe
    %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe
    %USERPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe
    %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe
    %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\Startup\*.exe
    %WINDIR%\Syswow64\*.exe (64-bit)
  6. Locate and delete "decryption instructions.jpg", the ransom note image.
  7. Empty your Recycle Bin and reboot your system.
Download Spyware Removal Tool to Remove* Ransomware
  • Quick & tested solution for Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.