RansomAES Ransomware

If you use a Korean IP address and keep your system unprotected, there is a possibility to encounter a nasty malicious application called RansomAES Ransomware. It is a newly-discovered ransomware infection that has been developed for one purpose – to receive money from users who encounter it. Without a doubt, users do not give their money to cyber criminals easily. Therefore, RansomAES Ransomware has been programmed to encrypt personal files on users’ computers. It encrypts documents, videos, music, and many other files having .pdf, .ppt, .png, .csv, .sql, .aspx, .html, .psd, .rar, .zip, .mp3, .exe, .jpeg, .dbf, .cd, .cdr, .bmp, .cmd, .gif, .flv, .vb, and many other extensions. Then, users are told that they can only save their files by transferring money to malicious software developers. We know you need your files back badly, but we still cannot let you send money to the author of RansomAES Ransomware. First, the developer might change his/her mind and thus do not give you anything after receiving money from you. Second, by sending money to people who develop malicious applications, you will encourage them to develop more infections. You might encounter them all yourself in the future.

RansomAES Ransomware slithers onto computers to lock users’ files, as you already know. As a consequence, users usually find out about its successful entrance when they discover their files encrypted. If RansomAES Ransomware is the one that has locked their personal files, they should also find a window opened on their screens. Luckily, it can be easily closed by pressing Alt+F4 simultaneously. Research conducted by specialists working at pcthreat.com has shown that RansomAES Ransomware locks files in C:\ too, but the majority of files this infection targets are located in %USERPROFILE%. Once these files are encrypted, the ransomware infection drops READ ME.txt on Desktop. Also, it places it in all affected directories on the victim’s computer. The ransom note dropped contains two email addresses. Additionally, users find out that they have to send Bitcoins to cyber criminals behind RansomAES Ransomware if they want to decrypt their files. We are not going to change our opinion – there is nothing smart about transferring money to the author of the ransomware infection. Of course, you must make the final decision yourself. It does not mean that users who decide not to pay money to crooks are doomed, i.e. it will be impossible for them to get their files back. There is a possibility that free decryption software will be released soon. It is also possible to restore encrypted data from a backup.

We do not have much information about the distribution of RansomAES Ransomware, but there is basically no doubt that it is spread via spam emails too. To be more specific, it is distributed as an email attachment, or it might affect users’ computers after they click on links found in received emails. Without a doubt, other distribution methods might be adopted to spread this malicious application too. Our specialists say that users might download harmful malware from the web incidentally too. One click on a malicious link or a fake Download button might result in the illegal entrance of malicious software. Because of this, they highly recommend installing an automated security application for the maximum system’s protection against malware. Not all programs presented as “security software” are beneficial and can help to prevent malware from infiltrating computers, so you should not install the first application found on the web. Also, do not forget that you still cannot act carelessly after the installation of a security application.

If RansomAES Ransomware is the one that has locked files on your computer, you must delete it from your system right away because its presence might result in more problems and more encrypted files. Luckily, it does not seem to be one of those sophisticated malicious applications, so its removal should not be very complicated too. First, you need to close the window opened by the ransomware infection by pressing Alt+F4. Then, you will have to delete all recently downloaded files. Third, remove the ransom note from all affected folders and Desktop. Finally, it is advisable to scan the system with a reliable diagnostic scanner to check whether there are really no other malicious components left.

How to delete RansomAES Ransomware

1. Press Alt+F4 to close the opened window.
2. Press Win+E to open Explorer.
3. Type %USERPROFILE%\Downloads in the Explorer’s bar and press Enter.
4. Delete all suspicious files.
5. Remove READ ME.txt from your Desktop and all affected directories.
6. Empty Trash.