Click on screenshot to zoom
Danger level 7
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

Styx Ransomware

Styx Ransomware appears to be a vicious threat as it can encipher files not just on your computer, but also on USB flash drives or other media devices attached to it. The malware marks its locked records with a second extension called .styx, which is why it was named this way. After it locks user’s data the malicious program is supposed to drop a ransom note in which its creators ask to pay 300 US dollars. For paying the requested amount the hackers promise to send a “decryption program and key in 1 hour.” However, we do not think it would be wise to trust these people because even if you follow their instructions, there is a possibility they may not hold on to their end of the deal. This is why our specialists recommend ignoring the ransom note. Instead, we think it might be best to concentrate on Styx Ransomware’s removal. Users who continue reading the article can learn more about the threat and those who decide to eliminate it can follow the manual deletion instructions available below the text.

The research showed the malware could be spread via malicious Spam emails that could carry infected text documents, pictures, executable files, and so on. It means the malicious program should settle in after the computer’s user unknowingly downloads and opens Styx Ransomware’s launcher. It might be impossible to guess the file will be infected, but still, there are some things you can do to keep the computer safe. First of all, it would be advisable not to open any attachments received from people the user does not know or sent for an unknown reason. Moreover, whenever in doubt the user should just scan the file he suspects with a reliable antimalware tool; if it carries any malicious components, the tool should detect them and alarm the user about possible risks. In general, we could advise being more cautious, and when it comes to data from untrustworthy sources, it would be best not to rush into opening it.

Next, we would like to talk about what happens if Styx Ransomware infects the system. Our researchers who tested the threat themselves say it does not create an additional data before it finishes encrypting user’s data. It means the malware does not need to place more files to work; it starts running the moment you open its launcher. At first, it should collect information about the victim’s hardware, e.g., graphics card, hard drive, motherboard, and so on. Once it is done with this task, the threat is supposed to connect to one of its C&C (Command and Control) servers, and when the connection is established, it should start encrypting your files and marking them with .styx extension. Another thing we learned is that the malicious program targets all data except the one located in %WINDIR%, %PROGRAMFILES%, or %PROGRAMFILES(x86)% directories. Plus, once it finishes with files on the computer it might start looking for data it could encrypt on removable media devices connected to your PC.

After locking targeted data, Styx Ransomware should create a couple of files called 0_HELP_DECRYPT_FILES.txt and 0_HELP_DECRYPT_FILES.html in the %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup directory. Later on, copies of the two mentioned files should also appear on folders called Desktop, documents, Pictures, Music, Videos, and %APPDATA%. Both of the files should display the same ransom note asking to make a payment of 300 US dollars. Keep it in mind you do not have to pay if you do not want to risk losing your money in vain. In which case, we recommend erasing the malware at once. The moment it is gone you could replace encrypted files with backup copies if there are any.

Those who wish to get rid of Styx Ransomware can try deleting it manually while following the instructions we placed at the end of this text. They will explain how to locate and remove the malware’s launcher. Another option we could offer would be to download a reliable antimalware tool, start a system scan, and wait till the process is finished. Then you should be able to erase all identified threats, including this malicious program with just one mouse click.

Eliminate Styx Ransomware

  1. Press Ctrl+Alt+Delete.
  2. Go to the Task Manager.
  3. Find the malware’s process.
  4. Mark this process and click End Task.
  5. Exit Task Manager.
  6. Tap Win+E.
  7. Navigate to:
  8. See if you can find the malicious program’s launcher.
  9. Right-click the suspicious file and press Delete.
  10. Then find and erase files titled 0_HELP_DECRYPT_FILES.txt and 0_HELP_DECRYPT_FILES.html.
  11. Close File Explorer.
  12. Empty your Recycle bin.
  13. Reboot the system.
Download Spyware Removal Tool to Remove* Styx Ransomware
  • Quick & tested solution for Styx Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.