Click on screenshot to zoom
Danger level 6
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

Skyfile Ransomware

Skyfile Ransomware is a ransomware infection that already mercilessly encrypts files even though research conducted by specialists working at pcthreat.com has clearly shown that this malicious application has not been finished yet. It does not demand money from users after locking their pictures, documents, videos, and other files, but users are told that they have to write an email to getsend@tutanota.com, which suggests that cyber criminals behind this ransomware infection might ask money from users later, i.e. when they contact them. Many ransomware victims are ready to send money to the author of the ransomware infection to get their important files back, but if you ask us, we do not think that sending money to crooks is such a good idea. No matter what your final decision is, do not forget to remove the ransomware infection from your system. No, it will not be deleted from your computer even if you send money to cyber criminals, so if you do not take any action, it might ruin even more files on your computer. As research has shown, Skyfile Ransomware creates an entry in the Run registry key allowing it to start working on system startup. It means that it will look for new files to encrypt each time you turn on your computer and your Windows loads up. The only way to put an end to this is to remove Skyfile Ransomware fully.

Once Skyfile Ransomware is executed, it immediately creates several files on the affected machine. Also, it deletes the system restore backup and kills Task Manager. Of course, the main activity it performs is encrypting victims’ personal files. It locks almost all files it manages to find – you will recognize them easily because they will all get the .sky extension appended. To inform victims why they can no longer open the majority of their files, the ransomware infections opens a window with a short message: “Oops, your files has been encrypted. Such as: photos, videos, documents, etc. To decrypt your files, read HOW TO DECRYPT .txt”. Yes, it also drops a file HOW TO DECRYPT.txt after locking users’ personal data. This file contains an email address users have to write to if they want to unlock affected files. The ransomware infection does not demand money from victims, but these infections are developed seeking to obtain money from users, so it is very likely that cyber criminals will tell users that they can unlock these encrypted files only by paying a ransom when they contact them. Researchers have observed that Skyfile Ransomware deletes the so-called Shadow Copies of files and, on top of that, removes the system restore backup, so it might be impossible to decrypt files without the special decryptor. We do not try to say here that you should go to pay the ransom. We are, actually, strictly against sending money to crooks because there are no guarantees that they will give you the decryptor and you could unlock files with it. In such a case, your money will not be returned to you.

Skyfile Ransomware is not distributed very actively yet since it is a brand new infection, but you might still encounter it if you surf dubious websites and download software from them, open spam emails and their attachments, and click on all links and advertisements you find while surfing the Internet. Unfortunately, we cannot promise that it will be enough to change your bad habits to prevent all infections from entering the system. Therefore, we also want to encourage you to install a powerful security application on your computer. As long as you keep it active on your system, it will not allow new malicious software to enter your system illegally.

You must delete Skyfile Ransomware fully because this infection makes changes in the system registry and, because of this, can continue working even after the computer is restarted. Its removal will not be a piece of cake because it not only creates several files and an entry in the system registry, but also disables Task Manager. Our instructions will help you to delete this nasty infection manually, but if you want to do that quicker, you should use an antimalware scanner to clean your system. Unfortunately, even an automated malware remover could not unlock files encrypted by this ransomware infection.

Delete Skyfile Ransomware manually

Remove ransomware components

  1. Close the opened ransomware window and press Ctrl+Shift+Esc.
  2. Under Processes, check all processes and kill suspicious ones that might be associated with Skyfile Ransomware.
  3. Press Win+R and type regedit in the box. Click OK.
  4. Open HKCU\Software\Microsoft\Windows\CurrentVersion\Run.
  5. Locate the Value named Java Platform Auto Updater.
  6. Right-click it and select Delete.
  7. Close Registry Editor and open Explorer by pressing Win+E.
  8. Type C:\Windows\system32 in the URL bar and press Enter to access this directory.
  9. Delete SkyFile Decryptor.exe and SkyFile Decryptor.lnk.
  10. Open C:\Windows.
  11. Delete the following files: debuglog.dll, lan.dll, 0F8BFBFF000506E3, {random numbers}ID, and 0F8BFBFF000506E3files.
  12. Remove recently downloaded files from %USERPROFILE%\Desktop, %USERPROFILE%\Downloads, and %TEMP% directories.
  13. Remove the ransom note (HOW TO DECRYPT.txt).
  14. Empty Recycle bin.

Enable Task Manager

  1. Tap Win+R.
  2. Type regedit and click OK.
  3. Open HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System.
  4. Locate the DisableTaskMgr Value.
  5. Right-click it and select Modify.
  6. Delete 1 from the Value data field and type 0.
  7. Click OK.
  8. Close Registry Editor.
Download Spyware Removal Tool to Remove* Skyfile Ransomware
  • Quick & tested solution for Skyfile Ransomware removal.
  • 100% Free Scan for Windows
disclaimer
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.