1 of 2
Danger level 7
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Normal system programs crash immediatelly
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

Extractor Ransomware

Extractor Ransomware is a dangerous malware infection that was most likely authored by Russian cyber criminals. Once this vicious program manages to sneak onto your system, it encrypts all your important personal files so that it can ask for a certain amount of ransom fee for sending you the decryption key. No matter how small or large this amount may be, we do not recommend that you transfer this money. Contacting and paying criminals are always risky. There is a good chance that you will never hear about them again, which would mean losing your money after possibly losing all your encrypted files, too. Prevention is very important when it comes to ransomware attacks. So if you have a recent backup copy of your most important files, you are in the luck because you can easily transfer your clean files back to your PC after you remove Extractor Ransomware. But even if you do not have a backup, since there is little chance you would get the decryption key from these criminals, we recommend that you delete this dangerous threat and the related files in order to be able to restore your system. Please read our article to learn more about this infection and possible ways to avoid similar attacks.

The most likely way for you to infect your computer with this severe threat is to open a spam e-mail and download its attachment. To be more precise, you also need to run this attached file to initiate this malicious attack. Even though we have spam filters to protect our e-mail accounts, there are always some mails that can slip through. This is why you need to be more cautious around your mails if you do not want to let such a devastating infection onto your system. These criminals may send you a spam e-mail that seems to be authentic and serious as it may appear to have come from the authorities, the police, a bank, an Internet provider, or any other well-known company you would consider legitimate. But the sender of such a spam is not all that can deceive you. The subject also pretends to be regarding an urgent matter, such as an unsettled invoice, wrong details given while booking a flight, an undelivered parcel, and so on. If your computer has been infected with this ransomware, it is quite likely that you fell for this trick and clicked to view the attached file to learn what this alleged urgent matter is really about.

However, instead of answers, such as an image or a text document of the supposed unsettled invoice or the problematic booking, you simply activate this malicious threat and in a short time you would realize that your files have just become unavailable, inaccessible, and unusable. If you do not believe you can spot a questionable mail, you should consider installing a professional anti-malware program to safeguard your system whenever you are online or your PC is switched on. What could be worse than possibly losing all your personal files? As you can see, it is quite easy for such a devastating program to sneak onto your system. It is also important to make frequent backups onto a portable drive to be on the safe side, but you can use a cloud storage place, too. Remember that when you reach the point to delete Extractor Ransomware, your files will already be encrypted and rendered useless.

After you run the malicious file you downloaded from the spam, it targets the usual personal files whose loss would really matter to you, including your photos, videos, and documents. The affected files change their names by adding a ".xxx" extension. This ransomware also drops a ransom note text file called "ReadMe_XXX.txt" in your C:\ root directory as well as on your desktop. This note reminds us of rookie hackers who want to make easy money. The information in this ransom note is rather limited. You are simply told that your files have been encrypted and that you can only decrypt them by sending an e-mail to "serverrecovery@mail.ru." In your mail, you need to send your computer ID, which is a number code shown in the ransom note. Since this ID seems to be very basic, in our case it was 3 digits only, it confirms our assumption that the attacker or attackers could be beginners. Therefore, the ransom fee might be very low, too, like $10 worth of Bitcoins. The more serious threats may ask from $100 up to $2,000 or more. We cannot confirm the amount in this case, but we can tell you that it is risky to transfer any money to these crooks. We suggest that you remove Extractor Ransomware immediately.

Fortunately, you do not need to be an IT expert to be able to eliminate Extractor Ransomware from your system. It is enough if you use our instructions below. Once you are done and restart your machine, you can start copying your backed up files if you have any. If you do not have a backup, this could be the time to make a decision about protecting yourself and your stored data. Apart from saving regular backups, we also recommend that you defend your PC with a professional anti-malware program, such as SpyHunter. For best results, it is worth keeping all programs and drivers up-to-date, too, so that cyber criminals cannot easily exploit security holes of earlier versions.

How to remove Extractor Ransomware from Windows

  1. Press Win+E to open File Explorer.
  2. Delete the ransom note text file ("ReadMe_XXX.txt") from "C:\" and from your desktop.
  3. Locate and bin the malicious executable file you saved from the spam mail.
  4. Empty your Recycle Bin.
  5. Restart your PC.
Download Spyware Removal Tool to Remove* Extractor Ransomware
  • Quick & tested solution for Extractor Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.