Explorer Ransomware

Explorer Ransomware is a threat that comes from a huge family known by the name “Hidden Tear.” Other infections that belong to it include HUSTONWEHAVEAPROBLEM Ransomware, Oxar Ransomware, and BrainLag Ransomware. These threats are usually spread via spam emails, but other security backdoors can be used to help them invade your operating system. When that happens, the operating system is scanned to find personal files that the ransomware encrypts using complex ciphers. A unique encryption key is used for the corruption of files, but a decryption key should be created at the same time to make the decryption possible. That is the “unique key” that the infection mentions in the ransom notes that it displays after the encryption is complete. Do you need to pay attention to the demands represented via these noted or should you just go ahead and remove Explorer Ransomware? You can find answers to this and many other questions in our report. If you are curious, keep reading.

The first thing that Explorer Ransomware does after encrypting your files is it changes your Desktop background image. This image represents a message that informs about the encryption and your need for the “unique key.” According to the message, you need to email decrypter.files@mail.ru to get this key. It is also suggested that if you do this within 24 hours, the price would be reduced by 50%. What is this price? That is what we call a ransom, and the creator of the ransomware expects you to pay it in order to obtain the decryption key. The same message is also represented via a file named “READ_IT.txt”, and you should find its copies everywhere. The only unique thing about this version of the message is that it includes an ID, and cyber criminals might request it to be able to identify you. Are you thinking about communicating with the creator of Explorer Ransomware? If you are, move very carefully. First and foremost, do NOT use your regular email address. Instead, create a new one just for the purpose of contacting cyber criminals. Second, be careful about the information you share. If you believe you have shared too much, think about the potential consequences.

When ransomware strikes, the first thing our research team recommends doing is checking your personal files. Although the ransom note suggests that they were corrupted, you need to see it for yourself. That is recommended because there are many threats nowadays that create misleading ransom notes and that cannot encrypt files at all. Unfortunately, if Explorer Ransomware has slithered in, you will find that the “.explorer” extension has been appended to their names, and opening these files is impossible. Are these files important to you? If they are not, most likely, they are not worth the ransom fee that is asked in return of a decryptor. Maybe the files that got encrypted have backup copies? In this case, you definitely do not need to postpone the removal of Explorer Ransomware. And what if you cannot avoid the ransom payment? If you are choosing to pay it, note that the chances of you getting the so-called “unique key” for decryption are very low. Cyber criminals do not care about your files, and they are unlikely to care about you at all once they get what they want.

Deleting Explorer Ransomware manually is not that difficult, but you need to find the launcher. Is that difficult? If you have downloaded it yourself, finding it should not be hard, but if it was dropped without your permission, you might have a hard time identifying it. Of course, manual removal is not the only option you have. In fact, the better option is to install anti-malware software that could inspect your operating system and eliminate the malicious components automatically. This software is also irreplaceable when it comes to keeping your operating system malware-free. Without a doubt, our research team favors this option over manual removal, but, of course, you have to make the decision that you are comfortable with. If you have questions for our research team regarding the threat or its elimination, or you want to discuss virtual security-related issues, we welcome all questions and discussions in the comments section.

Explorer Ransomware Removal

1. Identify and Delete the launcher of the ransomware. It’s name is random.
2. Delete the ransom note file named READ_IT.txt (the original should be found on the Desktop, but copies of the file might have been created as well).
3. Empty Recycle Bin to eliminate the threat and then perform a full system scan.