Click on screenshot to zoom
Danger level 7
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Normal system programs crash immediatelly
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

Ransom102 Ransomware

Ransom102 Ransomware encrypts user’s files and displays a message asking to email the malware’s creators, for information about how to restore locked files. According to the malicious application’s warning, the victim needs a unique recovery code or in other words a decryption key. It does not say how much it is, but even if the price is small, we recommend considering the option carefully. You cannot know if the hackers will not trick you. Also, our researchers say they have found the recovery password in the malware’s code, and it unlocked all the threat’s affected files. We cannot guarantee it will work for everyone, but it is entirely possible and worth a try if you have no other means to restore your data. We will mention the recovery code further in the article along with more details about Ransom102 Ransomware itself. Plus, at the end of the text, we are adding deletion instructions showing how to erase the threat manually, once you decrypt your data.

Ransom102 Ransomware is like most of our other encountered ransomware applications. One of the most popular ways to spread such threats is to deliver targeted victims infected email attachments. We believe the malware’s creators could be using this method too. Therefore, we recommend being extra careful with all files received via email. Especially, if they are sent by someone you do not know or if they come with Spam. Besides, users should pay close attention to the message sent along with the attachment. It is often hackers pretend to be representatives of some company and come up with fake reasons why the user should open the malicious attachment immediately. Unfortunately, once it is launched, the computer might get infected right away.

This malicious application does not need to create more files on the computer. Meaning, it starts working from the moment the user opens Ransom102 Ransomware’s launcher. Accordingly, the encryption process should begin at once. Our researchers say, during it, the threat should encrypt files in the following directories: %USERPROFILE%\Documents, %USERPROFILE%\Pictures, %USERPROFILE%\Videos, and %USERPROFILE%\Music. If you have precious photos, videos, or other private files, on these locations, they should become unusable after being encrypted. Malicious applications like Ransom102 Ransomware encipher user data to take it as a hostage and convince the user to pay a ransom. It would seem this malware is not an exception as it displays a ransom note saying the victim needs to buy a recovery code.

At first, the threat is supposed to show a short message called "You are ransomwared!” Afterward, it should open the ransom note displayed on another pop-up window. The warning ought to be called Recovery, and it should encourage the user to email Ransom102 Ransomware’s developers and buy the recovery key. The price is unmentioned, but from our experience with such malicious applications, we can guess it could be some amount of Bitcoins. No matter what the price is, dealing with the hackers could be extremely dangerous, as there is a risk they might scam users. Most importantly, it could be completely unnecessary, as our researchers found the recovery code phrase, which is Kevi379K.

After inserting the recovery code, we received another pop-up message saying “Thanks for your payment.” Also, the files affected by Ransom102 Ransomware were decrypted. If you have no other means (e.g., backup copies) to restore your data, we advise trying the mentioned code. Next, we recommend erasing the malicious application, as there is no point in keeping it on the system. Removing the threat manually is not particularly complicated, and if you need any help with the task, you could follow the instructions placed at the end of this paragraph. On the other hand, if you do not think you can deal with the malware on your own, you could install a reliable antimalware tool and let it deal with the threat for you. All you have to do is pick a security tool that is reliable.

Erase Ransom102 Ransomware

  1. Tap Ctrl+Alt+Delete.
  2. Launch Task Manager.
  3. Look for the malware’s process.
  4. Select the process and press End Task.
  5. Leave the Task Manager.
  6. Click Win+E.
  7. Find these locations:
  8. Look for the threat’s installer, then right-click it and press Delete.
  9. Exit File Explorer.
  10. Empty Recycle bin.
  11. Restart the system.
Download Spyware Removal Tool to Remove* Ransom102 Ransomware
  • Quick & tested solution for Ransom102 Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.