Click on screenshot to zoom
Danger level 8
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel Ransomware

Our researchers believe Ransomware comes from the hackers who created CryptConsole v3 Ransomware as both threats are almost identical. In fact, it is possible there might be more versions of it that could be associated with different emails, for example, If you think you came across this malware and wanted to find out more details about it we encourage you to keep reading this text because later on, we will tell you how the malicious application could be spread, how it might work, and what to do to erase it manually. Moreover, to make the task easier, our researchers have prepared removal instructions too, and we will add them at the end of this page. As for paying the ransom, the Ransomware’s developers may demand we would advise against it since there is a chance they might not deliver the promised decryptor.

Let us start with Ransomware’s distribution. We cannot be entirely sure as there is still not much information about this malicious program, but it looks like it is most likely spread through suspicious Spam emails or unreliable software installers downloaded from torrent or other file-sharing web pages. This is why we always remind our readers how important it is to be cautious with files downloaded from the Internet even if they look harmless. The malware’s installers can be disguised as text documents, pictures, software installers, and so on. Therefore, it is crucial to check whether the file you wish to download or open comes from a trustworthy source. In other words, if you are downloading data from some website you should make sure it is legitimate and does not distribute potentially malicious content, for example, pirated software installers, unknown freeware, etc. As for email attachments, we would advise checking who the sender is first and not to open files that come from people you are not familiar with.

We believe Ransomware should work more or less the same as CryptConsole v3 Ransomware. In which case it should open a specific window upon its launch and start encrypting various data located on the computer. Apparently, if the user closes this window the process should be stopped; otherwise, the malware is supposed to keep encrypting data until it affects all targeted files. Once it is over the user should notice a text message claiming user’s data was encrypted because the system “Discovered a serious vulnerability in your network security.” It looks as if the hackers behind Ransomware wrote the text with the intention to trick less experienced users into thinking the files were encrypted by the system or for their protection. Accordingly, the message does not say anything about ransom but mentions the decryption would cost the user. Even the email address given to send one file for free decryption has a name that some users might relate to a particular antivirus product (

Needless to say, we would advise not to believe any word the Ransomware message may have. It is nothing more than a ransom note, and the files this malware encrypts are locked not for their safety, but for money extortion. Moreover, even though the cybercriminals might promise you will get your data back, in reality, there is a possibility you could lose your money for nothing because no one can guarantee the hackers will hold on to their words. Provided, you do not wish to risk being scammed we advise deleting the malware and restoring your files from backup later on if you have such an option.

Those who would like to erase Ransomware manually should take a look at the instructions we added at the end of this text. They will guide you through the process bit by bit. However, if removing the malicious application still looks too tricky you could acquire a reliable antimalware tool instead. Install your chosen tool and then set it to scan the system. Then wait till the scanning is over and click the deletion button to get rid of all identified threats.

Eliminate Ransomware

  1. Press Ctrl+Alt+Delete.
  2. Go to the Task Manager.
  3. Find the malware’s process.
  4. Mark this process and click End Task.
  5. Exit Task Manager.
  6. Tap Win+E.
  7. Navigate to:
  8. See if you can find the malicious file downloaded before the computer got infected.
  9. Right-click the suspicious file and press Delete.
  10. Look for the malicious application’s ransom notes, right-click them too and select Delete.
  11. Close File Explorer.
  12. Empty Recycle bin.
  13. Reboot the system.
Download Spyware Removal Tool to Remove* Ransomware
  • Quick & tested solution for Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.