EbolaRnsmwr Ransomware

EbolaRnsmwr Ransomware is most likely still in the development stage as the malicious application is designed to encrypt files located in a test folder. However, our researchers who tested it says it has rather nasty qualities that could make it a somewhat troublesome infection. For example, the threat disables the computer’s Task Manager to prevent the user from killing its process with the help of this tool. Therefore, if the malware ever gets finished, it would be useful to know about its effective manner, which is why we will discuss it in this article. Also, we will explain how to erase EbolaRnsmwr Ransomware manually, although users should keep it in mind the given instructions may not be accurate if the malware gets updated. Consequently, it might be best to remove it with a reliable antimalware tool.

First things first, we should talk about how you could encounter a threat like EbolaRnsmwr Ransomware as we doubt the malware itself is being distributed as it might be still in the development stage. Such malicious applications usually reach victims via Spam emails, unreliable installers, and other doubtful data received from the Internet. Thus, if you want to keep your computer safe, you should be extra cautious when downloading or receiving files. It is best to avoid attachments coming from unknown senders, especially if you do not understand why they were sent to you or they raise suspicion. Also, if you do not want to ruin the fun of getting new software and tools, you should always obtain them only from legitimate web pages. Besides, it is crucial to check who developed the program and whether it does not have any negative reviews from experts/users. As an extra precaution, it is advisable to place a reliable antimalware tool that could help you identify potential threats and protect the computer from them.

As we mentioned in the beginning, our tested version of EbolaRnsmwr Ransomware did not encrypt any files. Apparently, it is programmed to lock data located only in the %USERPROFILE%\Desktop\Test folder. After creating such a directory on our test computer and infecting it again, we noticed the malicious application enciphered files and added .101 extension at the end of their titles. For instance, a picture named sunflowers.jpg turned into sunflowers.jpg.101. Another change we noticed was the new wallpaper picture containing a message claiming the files on the device were encrypted and can no longer be opened. Moreover, the same message stated the victim has to pay with Amazon gift card to decrypt his files. Asking for payment in gift cards is nothing new as we have encountered such threats in the past. Still, we see such conditions less often as usually, hackers ask to pay in Bitcoins.

Furthermore, it looks like the malicious application cannot encrypt a lot of different file types, although it is capable of locking al the main picture (e.g., .jpg and .png) and document (e.g., .doc, docx, .xls, etc.) formats. Another version of ransom note should be displayed on top of the victim’s screen as EbolaRnsmwr Ransomware opens a window with text in the form of questions and answers. Plus, there should be a timer to let the user know how much time he has to pay the ransom. Additionally, there are Payment and Decrypt Files button. What we should say is we would not recommend paying the ransom because even if the ransom note promises you will get your data back in reality there are no guarantees. The hackers can always change their mind, not to mention they may not have the tools needed to decrypt data as they claim or such tools could be lost (e.g., automatically deleted from the server).

It seems to us the best option is to delete EbolaRnsmwr Ransomware and restore any files it could have encrypted while using backup copies you might keep on cloud storage or removable media devices. To clean the computer manually, you could try to complete the instructions located below this article. Nevertheless, as we aid earlier if the malicious application gets updated we cannot guarantee the instructors will still help you get rid of it because the new version could drop new data that is not listed in our steps. This is why it might be best to use a reliable antimalware tool.

Eliminate EbolaRnsmwr Ransomware

1. Press Win+R.
2. Type Regedit and select OK.
3. Go to this path: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
4. Search for a value name called DisableTaskMgr.
5. Right-click it and select Modify.
6. The value data should show 1; replace it with 0 to enable Task Manager.
7. Close Registry Editor.
8. Tap Ctrl+Alt+Delete.
9. Launch Task Manager.
10. Look for the malware’s process; it should be described as EbolaRnsmwe.
11. Select the process and press End Task.
12. Check if there is a process named 000payload.exe and kill it too.
13. Leave the Task Manager.
14. Click Win+E.
15. Find these locations:
    %TEMP%
    %USERPROFILE%\desktop
    %USERPROFILE%\downloads
16. Look for the threat’s installer, then right-click it and press Delete.
17. Check this location: %APPDATA%
18. Find a file named 000payload.exe, right-click it and press Delete.
19. Then go to: %USERPROFILE%\Desktop
20. Erase a document called READ_ME.txt.
21. Find this location: %USERPROFILE%\Documents
22. Right-click a file titled pass.decrypt and choose Delete.
23. Exit File Explorer.
24. Empty Recycle bin.
25. Restart the system.