No_More_Ransom Ransomware

It might be naïve to expect you would not have to pay for decryption even if the malicious application that locked your files is called No_More_Ransom Ransomware. Such infections are created for money extortion, and cybercriminals behind them can say anything to convince the user to pay a ransom, for example, some of them show messages claiming files were encrypted for their safety. Thus, in their words, you would be paying nothing more than a service fee. The problem is there are no guarantees the hackers will send the decryption tools they may promise to deliver after the payment is received. Meaning, you could lose your money for nothing and if you would rather avoid it we advise erasing No_More_Ransom Ransomware and restoring data from backup copies you could have on removable media devices or other storage. To learn more about the malware, including how to erase it, you should continue read our full article.

This malicious threat could be distributed via email attachments or unsecured RDP connections, so it could be either you received No_More_Ransom Ransomware because your computer might have weaknesses or you may have been too careless when launching data downloaded from the Internet. Either way, we recommend updating out-dated programs, changing weak or compromised passwords, and staying away from emails sent by someone you do not know. Additionally, it would be advisable to employ a reliable antimalware tool of your choice so it could warn you about potential threats in case you encounter them without realizing it. Besides, instead of launching email attachments that might be dangerous you could scan them first and see if the tool detects any malicious components.

If the malware is launched, it should drop a copy of itself in the %APPDATA% directory. The launcher’s copy might have a random name or a title that would not raise suspicion, for example, info.exe. Another thing No_More_Ransom Ransomware should create is a task to make the system launch the infection after each restart in the %Windir%\System32\Tasks location. The next task is to lock user’s files with a secure encryption algorithm. The targeted data could be anything that is not related to the operating system or other software installed on the system, for example, user’s photos, archives, documents, videos, etc. Each encrypted file is supposed to be marked with the .no_more_ransom extension, so it should be easy to recognize them. Afterward, users should notice the malware’s created text notes (How Recovery Files.txt) scattered among all directories containing locked data.

After opening How Recovery Files.txt, the user should see a message saying “Hello, dear friend! All your files have been ENCRYPTED.” The following sentence should ask if you wish to restore them and then suggest emailing the malicious application’s creators. According to our researchers, the ransom note may show many different email addresses as there might be a lot of slightly different No_More_Ransom Ransomware’s versions. In any case, we would advise against paying the ransom as it could be extremely risky. Like we mentioned earlier there are no guarantees the hackers will hold on to their end of the bargain, which means they might not deliver needed decryption tools even if you pay what they ask. It is the truth, the ransom note does not mention any payment at all, but based on our experience with threats like No_More_Ransom Ransomware, we have no doubt the infection’s creators would demand a ransom later on.

If you do not want to risk your money or fund the hackers behind No_More_Ransom Ransomware, you should erase it. Our researchers say the malicious application can be removed manually if the user locates and deletes all of its created files one by one. The process is explained in the instructions located below this text, so if you need any help, you should not hesitate to use them. On the other hand, there is a simpler way to get rid of the malware if you are willing to acquire a reliable antimalware tool. If so you should install it on the infected computer and perform a full system scan. Then click the given removal button, and the malicious application should be erased.

Eliminate No_More_Ransom Ransomware

1. Tap Ctrl+Alt+Delete.
2. Launch Task Manager.
3. Look for the infection’s process.
4. Select the malicious process and press End Task.
5. Leave the Task Manager.
6. Click Win+E.
7. Find these locations:
   %TEMP%
   %USERPROFILE%\desktop
   %USERPROFILE%\downloads
8. Look for the malware’s installer, then right-click it and press Delete.
9. Search for this path: %APPDATA%
10. Find malicious executable files created by the malware, for example, info.exe.
11. Right-click the suspicious executable file and press Delete.
12. Then go to %Windir%\System32\Tasks
13. Locate a task named similarly: Ecrypter[random_symbol], right-click it and select Delete.
14. Find documents called How Recovery Files.txt, right-click them and press Delete.
15. Exit File Explorer.
16. Empty Recycle bin.
17. Restart the system.