Igotyou Ransomware

If you have found a window on your Desktop with the first sentence “If you are reading this, that means your files are now ENCRYPTED by me,” Igotyou Ransomware must have affected your computer. Even though the message left for you by the ransomware infection tells you that your files have already been encrypted, it is not necessarily true because this infection targets files located in C:\Test only, so if you do not have such a folder in this particular location, the chances are high that none of your personal files have been encrypted. Unfortunately, we cannot guarantee that this ransomware infection will not be updated one day, so there is a small possibility that users who encounter Igotyou Ransomware in the future will find some of their pictures, documents, videos, and other files locked. Never send money to malicious software developers even if they threaten you to delete those encrypted files permanently because the chances are high that it will still be impossible to unlock those files after you make a payment. Igotyou Ransomware is no exception, i.e. it also asks money, but you should definitely not spend your money on the decryption tool which you might not need at all.

As mentioned at the beginning of the previous paragraph, Igotyou Ransomware encrypts files in only one, Test, folder, which suggests that it is still in development. If you do not have this folder, there is nothing to worry about – your files are fine. Unfortunately, we cannot say the same about your files if you have this folder located in this particular directly. The chances are high that they have all been encrypted. Names of these encrypted files are not changed by Igotyou Ransomware, but they get a new extension .iGotYou appended, for example, picture.jpg becomes picture.jpg.iGotYou. Of course, users do not see these new extensions appended until they close the window opened by the ransomware infection on their screens. This opened window contains a ransom note. Users are informed that they cannot open their files because they have been encrypted. Also, they find out that they need the private key to decrypt them. It can be purchased from cyber criminals for 10 000 INR (~ $155). Needless to say, you do not need to buy it if your files have not been encrypted (you can check them after closing the window of the ransomware infection opened on your Desktop). Actually, you should not hurry to pay money to cyber criminals even if you have discovered your files encrypted because a free decryptor is available. You can easily find it on the web using your search tool. Alternatively, these encrypted files can be restored from a backup.

We do not have much information about the distribution of Igotyou Ransomware yet because cyber criminals have not started spreading it actively and, as a consequence, it has not affected many computers yet. Of course, since this infection belongs to bad people seeking to obtain money from users, it is only a question of time when they start distributing it, so you should be cautious 24/7 in order not to encounter it. Our security specialists have a piece of advice for you – you should follow it in order not to find new malware on your computer. Experts say that users should never open spam email attachments because various infections are often spread via spam emails. Also, they need to be very careful with software they download from the web, specialists say, because malware might pretend to be useful software. We cannot promise that you could prevent all untrustworthy applications from entering your PC all alone because there is a bunch of sneaky infections out there. Of course, there is still one thing you can do to avoid harmful threats – you just need to enable reputable security software on your computer.

You need to delete Igotyou Ransomware from your computer so that it could not lock more files. No, it cannot start working automatically on system startup like some similar infections, but you might launch it again incidentally and then find more files encrypted. To delete this threat from your system, you first need to close the window opened on your Desktop by killing the malicious process (it has the EncryptingRansomware description). Then, the executable file associated with Igotyou Ransomware must be eliminated. Follow our step-by-step removal instructions if you decide to delete this threat manually.

Delete Igotyou Ransomware

1. Open Task Manager (press Ctrl+Shift+Esc simultaneously).
2. Open the Processes tab.
3. Find the process with the EncryptingRansomware description.
4. Right-click on it and select Open File Location.
5. Kill the malicious process and then delete the malicious file.
6. Empty Recycle bin.