Click on screenshot to zoom
Danger level 8
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

The Magic Ransomware

The Magic Ransomware is a malicious threat created for money extortion. Since the ransom note it displays shows a text written in the Italian language, we believe the malware is targeted only at users who speak Italian. As usual with ransomware, the message it leaves says the user has to pay to get the decryption tools needed to decrypt the data damaged by The Magic Ransomware. Unfortunately, without the necessary means, there might be no other way to get the ruined data back, unless you have backup copies. Further, in the article, we will explain more about how the malicious application could affect the system and files located on it. Besides by reading the text you could learn how the threat might be distributed and what to do to get rid of it. To make the deletion task easier, there will be adding detailed step by step instructions just a bit below the text as well.

According to our researchers, The Magic Ransomware might be spread through unsafe RDP connections, Spam emails, malicious installers, and so on. Thus, to keep your system protected from such threats you should make sure the operating system and other software on it is up to date. It is also important to use unique strong passwords instead of using one password for logging on to your devices, various accounts, etc. Lastly, we would advise being extra cautious when it comes to email attachments, setup files, or any other data received through the Internet. If you are not sure whether the file you wish to open is safe or not, it would be best to employ a reliable antimalware tool and scan the questionable data with it first.

Many users do not realize the computer has been infected until it is too late. Probably, the same would happen for The Magic Ransomware victims since the malicious application hides in the background till the moment it finishes the encryption process. As you see once it enters the system, it might remove its installer and place a copy of it in the %HOMEDRIVE%\user directory. Then it should locate all targeted data, for example, pictures, photos, videos, archives, various documents, etc., and start encrypting each of it with a strong cryptosystem. You can see these changes because each file is marked by adding a .locked extension at the end of its title, for example, picture.jpg.locked, and so on. When this process ends, the malware may change user’s Desktop image and drop a ransom note called READ_IT.txt.

Just as mentioned earlier the ransom note is there to convince the victim he has nothing else to do but to pay the ransom to get the needed decryption tools. It looks like the payment is €100, but it has to be paid in Bitcoins. The malware’s creators even placed a few links to web pages or YouTube videos explaining what it is or showing how to purchase this digital currency. There is also a special condition; the victims are given 48 hours before the encrypted files will be deleted permanently, although we doubt The Magic Ransomware can erase the data. It is probably just a way of convincing you to pay the money. Moreover, we suspect the promised decryption tools may not be delivered either.

Usually, victims are given unique identification numbers and are asked to send them to hackers via email. In this case, there are no ID numbers or email addresses to contact the malicious application's creators, so we do not see how they could deliver decryption tools. In any case, it is always risky to deal with these peoples as you never know if you might end up being scammed. Therefore, we recommend not to put up with the described demands and remove The Magic Ransomware instead. Those who prefer erasing it with automatic features should download a trustworthy antimalware tool. As for users who would like to delete the malware manually, we would suggest following the instructions located below this text.

Eliminate The Magic Ransomware

  1. Press Win+E.
  2. Go to your Desktop, Temporary Files, and Downloads folders.
  3. Look for any suspicious and recently downloaded data that could be related to the threat.
  4. Right-click such data and press Delete.
  5. Find the following path: %HOMEDRIVE%\user
  6. Look for a folder called rand123; it should contain a malicious executable file named local.exe.
  7. Right-click the folder and press Delete to erase it together with the mentioned file.
  8. Go to %HOMEDRIVE%\user and remove a file called ransom.jpg.
  9. Then navigate to Desktop and get rid of READ_IT.txt.
  10. Empty Recycle Bin.
  11. Restart the device.
Download Spyware Removal Tool to Remove* The Magic Ransomware
  • Quick & tested solution for The Magic Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.