Click on screenshot to zoom
Danger level 7
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel Ransomware Ransomware is a malicious application that has been recently detected by specialists at Since it belongs to the family using “” emails, specialists have managed to quickly find out how it acts and what to expect from it. According to researchers, this infection acts exactly like other ransomware infections belonging to the same family. Only one small detail differs – it drops a ransom note containing a completely different picture. Just like these older threats, it seeks to extort money from users even though there is no information about the ransom provided in the ransom note. To make users pay money, cyber criminals have programmed Ransomware to encrypt users’ files. This infection will do that right after the successful infiltration. Even though it uses the strong AES-256 encryption algorithm, it does not mean that purchasing the key from the author is the only way to get files back. Read this article to find out what else you can do to unlock the encrypted pictures, documents, slides, music, and other valuable files. Ransomware starts encrypting users’ files shortly after it enters the system. In most cases, it enters the computer when users click to open the attachment they find in a spam email. There is no doubt that spam emails might contain malicious links or installers of serious computer infections. A new extension appended to all files stored on the computer, except those that belong to the Windows OS, means that the ransomware infection has infiltrated the computer successfully and has already done its job. Our specialists are not surprised at all why so many people are searching for the information about Ransomware on the web because this infection, even though it places the ransom note decryption instructions.jpg on the system and opens it automatically, does not tell users much. They are only explained that their files have been encrypted and are told to write an email to (or for further instructions. We do not say that you cannot write an email by any means, but we suggest that you do not waste your time. It is because the instructions received will only tell you how to make a payment for the decryption key, and we do not think that it is a good idea to purchase it since cyber criminals might take money from you but do not send the decryptor.

It might be possible to decrypt those files having the .{} extension without the tool cyber criminals claim to have. The easiest way to recover data is for those users who have created a backup of their valuable files before entering this malicious application. If you do not have such a backup of files, you should go to download free data recovery tools from the web. Try all these tools that are reputable. It might be true that they will recover a handful of files for you because Ransomware, unlike other similar infections, does not delete Shadow Copies of files, so it might be possible to restore them. Of course, we cannot promise you anything. If none of the tools you try work and a backup of files does not exist, you should still not go to send money to cyber criminals. Instead, you should wait for a decryptor to be developed by researchers. Keep in mind that it does not mean that you can keep Ransomware installed on the system and do nothing.

Users can delete Ransomware from their computers either manually or automatically. The first removal method, i.e. the manual one is quite complicated because users have to find the executable file belonging to the ransomware infection themselves. There are seven different directories it might be located in, so it is a time-consuming job to find it. Do not worry if you do not have time for erasing this infection manually or simply do not consider yourself an advanced user yet because ransomware can be deleted from computers using automatic tools too, for instance, SpyHunter. If you choose this method, your job is to acquire the scanner, install it, and then launch it to scan the computer. Keep in mind that an antimalware tool that can decrypt files for you too does not exist yet.

Delete Ransomware

  1. Open the Windows Explorer.
  2. Go to these directories to find the executable file of the ransomware:
  • %ALLUSERSPROFILE%\Start Menu\Programs\Startup
  • %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
  • %USERPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup
  • %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\Startup
  • %WINDIR%\Syswow64
  • %WINDIR%\System32
  1. Delete it.
  2. Close the Windows Explorer and go to launch the Registry Editor (press Win+R and type regedit.exe in the box).
  3. Open HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.
  4. Delete the random name Value having the Value data %WINDIR%\Syswow64\{randomname}.exe or %WINDIR%\System32\{randomname}.exe.
  5. Remove the ransom note left by the ransomware infection on Desktop.
Download Spyware Removal Tool to Remove* Ransomware
  • Quick & tested solution for Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.