Aes256 Ransomware

Aes256 Ransomware was first seen on 16 December 2016. It is yet another ransomware-type malware that was designed to encrypt your personal files and demand that you pay a ransom to get them back because you cannot use them otherwise. However, removing it is a more pragmatic solution because there is no telling whether the cyber criminals will keep their end of the bargain and decrypt your files.

We have yet to test this ransomware because it is rather elusive and samples are hard to come by. The reason we have not tested it yet is attributed to the distribution method of this ransomware. Unlike most ransomware that is disseminated via email spam, infected websites, and pirated software, it is known to be distributed through Remote Desktop Protocol (RDP) that provides a user with a graphical interface to connect to another computer over a network connection. As a result, this particular ransomware is not very popular. Thus, its developers have to infect targeted computers manually.

If Aes256 Ransomware were to infect your computer, then we want to inform you that it will target nearly all possible file formats that include most image, video, audio, and document files. Our research has revealed that this ransomware uses the AES-256 encryption algorithm to encrypt files and the RSA-2048 encryption algorithm to encrypt the public encryption key. It generates a private decryption key that is sent to the command and control server of this ransomware. In other words, the key is in the hands of the cyber criminals. While encrypting your files, this ransomware will add the “.aes256” file extension replacing the original extension. Changing the extension will not decrypt your files, although it can work on some low-grade ransomware.

If you want to decrypt your files you need to get your hands on the private RSA decryption key, but the problem is that it is in the hands of cyber criminals. You can buy it from them, but you need to contact the criminals first via the provided email addresses (aes-ni@protonmail.com or aes-ni@tuta.io) or via the BitMsg messaging system (address: BM-2cVgoJS8HPMkjzgDMVNAGg5TG3bb1TcfhN). You will receive the instructions on what to do next, but it is evident that they will demand that you send them Bitcoins so that the money trail would not lead back to them.

We recommend that you refrain from attempting to pay the ransom because you might not receive the promised decryption key. Cyber criminals are not to be trusted because all they care about it getting your money. We have no information on how much money the criminals demand that their victims to pay, but it can be anywhere from a hundred to a thousand or even several thousand dollars. So you should take into account the importance of your files and act accordingly.

Clearly, having your computer infected with Aes256 Ransomware is no laughing matter. It is a highly malicious application that can render your files inaccessible. Therefore, we recommend that you remove it from your PC as soon as possible. We suggest using SpyHunter to detect and delete it because this ransomware can be dropped anywhere on your computer making manual detection difficult. Please follow the instructions featured below.

How to delete Aes256 Ransomware

1. Go to http://www.pcthreat.com/download-sph
2. Download SpyHunter-Installer.exe and run it.
3. Once installed, launch the app and select Scan Computer Now!
4. Then, hold down Windows+E keys.
5. Enter the file path of the malicious file in the File Explorer’s address box and press Enter.
6. Right-click the malicious file and click Delete.
7. Empty the Recycle Bin.