Click on screenshot to zoom
Danger level 7
Type: Trojans
Common infection symptoms:
  • Can't be uninstalled via Control Panel
  • Installs itself without permissions
  • Connects to the internet without permission
  • System crashes
  • Slow Computer

RansomWarrior 1.0 Ransomware

The malicious program’s ransom note says “with the love from India,” which suggests RansomWarrior 1.0 Ransomware might have been developed by hackers from the mentioned country. As usual for such malware, the message states the user can decrypt files locked by the threat by paying a ransom. Needless to say, we would not recommend doing so as no matter what the cybercriminals promise in reality there are no reassurances they will hold on to their words. Therefore, instead of risking your savings we recommend erasing RansomWarrior 1.0 Ransomware with the instructions available at the end of this article. Users who continue reading the text and learn more about the malicious application. It is something we would recommend if you have no made up your mind on what to do yet or if you are simply interested in finding out more details about this malware.

Our researchers suspect, RansomWarrior 1.0 Ransomware could be spread via usual channels for such threats, for example, Spam emails or unreliable software installers. Knowing these are one of the two most popular ways to distribute infections alike we always recommend staying away from torrent or other untrustworthy file-sharing web pages and email attachments received for unknown purpose or from people you are not familiar with. As an extra precaution, we could suggest employing a reliable antimalware tool. Just keep it in mind it needs to be updated as soon as there is such a possibility; otherwise, the tool might be unable to detect newer threats. Also, if you have extremely important files and wish to be extra careful, you could scan suspicious data obtained from the Internet first instead of launching it and waiting to see if anything goes wrong. Not to mention, it would be a good idea to back up necessary files regularly just in case.

Testing the malware revealed it does not place any additional data on the computer it infects. In other words, the only data belonging to RansomWarrior 1.0 Ransomware should be its launcher (the suspicious file downloaded and launched by the user). This means the encryption process might start right away and its duration depends on the number of targeted files located on the computer. Our researchers say the threat can encipher a wide range of different file types. For instance, it can affect files with .ai, .avi, .bat, .bmp, .class, .cmp, .doc, .docx, .exe, .fm3, .gif, .html, .ico, .java, .jpg, .jpeg, .mov, .pdf, .png, .ppt, .pptx, .zip, and many other extensions. Once the file gets encrypted, it should get a new title consisting of the ID number given to the infected computer by the malicious program and .THBEC extension, e.g., 2536984.THBEC. The final RansomWarrior 1.0 Ransomware task is to display a ransom note.

The message from the malware’s developers should start with “Oops!!! Your Files Has Been Encrypted By RansomWarrior 1.0.” Then bit by bit it should explain how to purchase Bitcoins and how to transfer Bitcoins worth of around 350 US dollars into the hackers’ account. Another thing mentioned in the note is the so-called free decryption as a guarantee. Users should realize the while the cybercriminals may show they can decrypt their files there is nothing they can do to prove they will decrypt data as promised. It would be impossible to get your money back so no one could stop the cybercriminals from taking your money and still ignoring you.

If you do not think RansomWarrior 1.0 Ransomware’s creators can be trusted either we recommend erasing the infection instead of paying the ransom and putting your savings at risk. Those who would like to remove RansomWarrior 1.0 Ransomware manually could follow the instructions located at the end of this paragraph since they will explain the whole process step by step. Another way to eliminate the malicious program once and for all is to employ a reliable antimalware tool and then perform a full system scan.

Remove RansomWarrior 1.0 Ransomware

  1. Press Ctrl+Alt+Delete.
  2. Go to the Task Manager.
  3. Find the malware’s process.
  4. Mark this process and click End Task.
  5. Exit Task Manager.
  6. Tap Win+E.
  7. Navigate to:
  8. Check if you can locate the malicious file downloaded before the computer got infected.
  9. Right-click the suspicious file and press Delete.
  10. Close File Explorer.
  11. Empty Recycle bin.
  12. Reboot the system.
Download Spyware Removal Tool to Remove* RansomWarrior 1.0 Ransomware
  • Quick & tested solution for RansomWarrior 1.0 Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.