1 of 2
Danger level 7
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

Strawhat Ransomware

Strawhat Ransomware is one of the newest ransomware infections you might encounter if you are not cautious. These infections are bad news, so you should do all it takes to prevent them from entering your computer. If it is already too late for prevention, i.e., the ransomware infection has already infiltrated your computer, make sure you delete it from your system as soon as possible because it only encrypts one folder which you might not have on your computer right now and this might change soon. To put it differently, it is very likely that it has not encrypted your files yet, but it does not mean that it cannot lock them in the future after getting an update, so you are not allowed to keep this malicious application active on your computer. If you have encountered the version of Strawhat Ransomware analyzed by specialists at pcthreat.com, it will not be hard at all to remove it from your system because this version does not lock the screen or make other modifications on affected computers. Of course, we cannot promise that it will act the same when cyber criminals finish developing it.

The initial version of Strawhat Ransomware does not work on Windows 7; however, it will slither onto your computer successfully and start working right away if another version of the Windows OS is running on your computer. As mentioned in the first paragraph, it has been set to encrypt files in C:\test only, which proves again that it is still in development, so if you do not have this folder in this directory, you will find all your files intact after its entrance. Keep in mind that its new version might act completely differently, i.e., it might mercilessly encrypt files in other directories as well. Specialists have carefully analyzed the source code of this threat to find out what files it can encrypt. They have observed that Strawhat Ransomware has been programmed to lock those files users consider the most valuable, e.g. pictures, .zip archives, movies, videos, documents, and more. Because of this, we are sure this ransomware infection will sooner or later be used to obtain money from users. Its ransom note (YOUR_FILES_ARE_ENCRYPTED.txt) confirms that cyber criminals are developing Strawhat Ransomware because they want users’ money: “You have to pay for decryption in Bitcoins. The price depends on how fast you write to us”. The chances are high that your files have not been encrypted and, consequently, you do not need to send money to cyber criminals. Actually, it is not the best idea to pay the ransom even if files have really been locked because this might not help you to get the decryption tool from cyber criminals. We know plenty of cases when users cannot decrypt their files even after they transfer the amount of money indicated in the ransom note to crooks.

There are not many users who have already encountered Strawhat Ransomware because it is still in the development phase, but the chances are high that cyber criminals will start distributing it with the intention of getting easy money soon. Therefore, we want to provide more information about its distribution before we talk about the Strawhat Ransomware removal. Even though it is still hard to talk about the distribution of this ransomware infection, specialists at pcthreat.com suspect that this threat is primarily distributed via spam emails. It is, of course, not the only infection distributed via spam emails as an attachment, so it would be very smart if you ignore all emails in the Spam folder. Keep in mind that some spam emails might appear in the main folder by mistake, so do not open emails sent to you by unknown senders as well. We also recommend that you install an automatic security tool to protect your computer from harmful malicious applications.

You have two removal methods to choose from. You can delete Strawhat Ransomware either manually or automatically. It should not be very hard to remove this threat manually because it can be erased by performing two simple removal steps. First, you need to kill its process via Task Manager. Second, you need to delete files that belong to this ransomware infection one by one. If you are not a very experienced user, it will be easier for you to use an automated malware remover.

How to remove Strawhat Ransomware

  1. Open Task Manager (press Ctrl+Shift+Esc).
  2. Click Processes.
  3. Find the svchost process on the list and kill it.
  4. Close Task Manager.
  5. Open Explorer by pressing Win+E simultaneously.
  6. Remove ransom notes dropped: YOUR_FILES_ARE_ENCRYPTED.txt and YOUR_FILES_ARE_ENCRYPTED.html.
  7. Delete suspicious files from these directories:
  • %USERPROFILE%\Desktop
  • %USERPROFILE%\Downloads
  • %TEMP%
Download Spyware Removal Tool to Remove* Strawhat Ransomware
  • Quick & tested solution for Strawhat Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.