Executionerplus Ransomware

Executionerplus Ransomware is a new ransomware infection based on the CryptoJoker Ransomware source code. It has been classified as ransomware because it locks files on victims’ computers right away following the successful entrance. Most probably, it does that to make it possible for cyber criminals to obtain money from users. The version of Executionerplus Ransomware analyzed by researchers at pcthreat.com did not demand a ransom, which suggests that it is still in development because ransomware infections are such threats that always try to extract money from users. It also means that it is impossible to purchase the decryption tool from cyber criminals. Of course, paying money to crooks for decryption software they might not even have is never a good idea, so you should not send a cent to them even if you have encountered the updated Executionerplus Ransomware version that demands money after encrypting personal files. There is only one thing we expect you to do if you ever discover this malicious program on your computer – you need to eliminate it from your system as soon as possible. Luckily, this ransomware infection is not one of those sophisticated threats. It creates only one additional file on compromised machines – a ransom note Readme.html. Unlike a bunch of other sophisticated ransomware infections, it does not make any modifications in the system registry as well. This is good news because it means that the Executionerplus Ransomware removal will not be complicated at all.

If you have encountered Executionerplus Ransomware, it is very likely that you have opened an attachment from a malicious email. In most cases, such emails end up in the Spam folder. Needless to say, users do not know in advance that the attachment found in an email received contains malicious software. The majority of users find out about the successful entrance of this malicious application only after they discover a bunch of encrypted personal files on their computers. According to our experienced researchers, it is only one of several tactics often used to distribute crypto-malware. They say that this malicious application might also manage to enter users’ PCs illegally if they use unsecured RDPs. Last but not least, you should always double-check software you are about to download from the Internet so that you would not download some kind of malicious application masqueraded as decent software. Finally, it would be perfect to have security software enabled on the system so that even the sneakiest infections could not find a way to infiltrate your computer unnoticed.

It is hard not to notice the entrance of Executionerplus Ransomware because it mercilessly encrypts files when it enters users’ computers. It uses the .destroy.executioner extension to mark those files. Also, it appends pluss.executioner to all .txt files. You will also find a new file – Readme.html – on your computer. This file is the so-called ransom note, but, surprisingly, it does not demand money from users. Since free decryption software that could be easily downloaded from the web does not exist, and, on top of that, it is impossible to purchase the decryption tool from crooks (of course, we do not recommend doing this), the quickest way to fix those encrypted files is to replace them with their copies. That is, to restore them from a backup. Unfortunately, there are no other ways to unlock those affected files because the ransomware infection also deletes Shadow Copies of files with the command cmd.exe /c vssadmin delete shadows /all /quiet to make it extremely hard for users to fix their files.

Even though Executionerplus Ransomware does not make any major modifications to be able to work on victims’ computers, it does not mean that you will not need to do anything to disable this threat if you ever encounter it. You will, first, need to go find the malicious file launched and delete it from your system. Second, you will need to remove Readme.html dropped by this infection from your Desktop. If you do not have time to erase malware from your computer manually, you can scan your system with an automated malware remover instead. It will not unlock your files, but it will erase the ransomware infection fully together with other untrustworthy programs/malicious components from your computer.

How to remove Executionerplus Ransomware

1. Open Windows Explorer (Win+E).
2. Check all these directories and remove suspicious files from them: %USERPROFILE%\Desktop, %USERPROFILE%\Downloads, %TEMP%, and %APPDATA%.
3. Remove Readme.html from %USERPROFILE%\Desktop.
4. Empty Trash.