Click on screenshot to zoom
Danger level 7
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Normal system programs crash immediatelly
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel Ransomware

In this report, we will talk about Ransomware that can encrypt user’s files to make them unusable. According to our researchers, the malicious application should show a ransom note claiming users can get automatic decryptor if they pay for it. While the process might not look any different from shopping online, it is much riskier. Complying with the demands could encourage the hackers to extort more money from you. Not to mention, there are no reassurances they will deliver the described automatic decryptor even if they have it. Unfortunately, they ask for a payment first, which means keeping to their end of the deal is up to them, and there is nothing you can do if they decide not to bother helping you as promised. For those who do not want to take any chances, we would recommend erasing Ransomware. The files will not get encrypted on their own, but if you have any backup copies, you could use them to replace your damaged files. The instructions below will explain how to remove the malware manually, but if you want to learn more about the threat, we advise reading the rest of the article first.

The research shows the malware could be a new version of a malicious program called CryptConsole Ransomware and might have been developed by the same cybercriminals. Therefore, we would not be surprised if Ransomware was distributed through same channels: Spam emails and unsecured Remote Desktop Protocol (RDP) connections. Our researchers say knowing this is how the threat may enter the computer users should avoid doubtful email attachments and make sure there are no unsecured RDP connections. Talking about suspicious email attachments, you may get with Spam, and from unknown senders, you should scan them with a reputable antimalware tool or just delete them if it the file do not appear to be anything of high importance to you. Another thing we would recommend is strengthening the computer’s security by removing possible vulnerabilities, e.g., weak passwords, outdated software, and so on. Also, users could install a reliable security tool that could warn about potentially dangerous content and guard the system against various threats you could encounter in the future.

The malware was programmed to encrypt data valuable to the user, e.g., photos, documents, or other personal files. After the files are affected, Ransomware should change their titles. Our researchers say the new names might consist of the malicious application’s email address and a unique ID number given to each victim. For example, a picture called polar_bear.jpg could become xzet@tutanota.com_74436c752e7a8078. Nonetheless, if you recall what was placed in each affected location, you should be able to estimate the damage done to your data. Of course, after the files are encrypted, and retitled users may notice a ransom note called HOW DECRIPT FILES.hta on the computer’s Desktop. Opening it reveals a ransom note in which cybercriminals demand to be paid in Bitcoins. In exchange for the victim’s cooperation, the hackers offer an automatic decryptor for restoring Ransomware’s damaged files. As we already said at the beginning of the article, there are no guarantees you would get such a tool.

Under such circumstances, we would not recommend dealing with the malware’s developers. For users who think it might be too risky to pay the ransom too, we would advise deleting Ransomware. If you think you can handle the task, you could complete the steps located below to get rid of the malicious application manually. Users who find this process a bit too challenging could install a reliable antimalware tool instead. Afterward, you should start a full system scan to allow the chosen tool to detect the malware and other possible threats. Soon after the scan, you should see a list of detections and a removal button that ought to erase all of them at once.

Remove Ransomware

  1. Tap Ctrl+Alt+Delete.
  2. Launch Task Manager.
  3. Look for the malware’s process.
  4. Select the process and press End Task.
  5. Leave the Task Manager.
  6. Click Win+E.
  7. Find these locations:
  8. Look for the threat’s installer, then right-click it and press Delete.
  9. Locate files called HOW DECRIPT FILES.hta, right-click them and press Delete.
  10. Exit File Explorer.
  11. Empty Recycle bin.
  12. Restart the system.
Download Spyware Removal Tool to Remove* Ransomware
  • Quick & tested solution for Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.