Click on screenshot to zoom
Danger level 7
Type: Trojans
Common infection symptoms:
  • Can't be uninstalled via Control Panel
  • Installs itself without permissions
  • Connects to the internet without permission
  • Normal system programs crash immediatelly
  • System crashes
  • Slow Computer Ransomware

You do not need to be a malware researcher to understand that Ransomware got into your Windows operating system and encrypted your personal files. Once they are encrypted, the “.id-[code].[].BSC” extension is attached to their names. The email address embedded in the infection’s name is also represented as a title of the window that delivers the message from cyber attackers. The reality is that the creator of this malicious infection does not need to hide it once the encryption is complete. In fact, they need the victims to understand what has happened, and they need the victims to think that they are the only ones who can help them out. Although a free decryptor does not exist, and the attackers offer a “secret key” that, allegedly, would restore files, you do not want to jump to conclusions just yet. First, read this report, and you will know what to do next. Of course, you need to remove Ransomware regardless of what you do about the files. Ransomware belongs to the Crysis/Dharma Ransomware family, and we are quite familiar with it because we have reviewed 0day Ransomware, Ransomware, Ransomware, and many other malicious infections that come from it. In most cases, misleading spam emails are used to introduce careless and unsuspecting victims to the installers of these dangerous infections. If the victims are tricked into opening the malicious files, the infections are executed, and the encryption starts. It appears that the attackers use RSA-1024 encryption key to corrupt files, and you cannot simply guess the decryption key that matches it. That, in part, is why a free decryptor has not been created either. On rare occasions, malware experts are able to create such tools, but that has not happened in this case. After the encryption, Ransomware immediately launches the “” window to introduce you to a message. The point of it is to convince you to send a message to It is stated that a “secret key” will be stored on the attackers’ server for 7 days, and then it will be lost.

The Ransomware message informs that you would have to “transfer money to [their] bitcoin wallet,” but there is no information as to how much money you would have to pay. Basically, if you emailed the attackers, they would tell you how to pay the ransom, and then you would be convinced that a “decryption program” would be sent to you with a “detailed instruction.” First of all, you cannot expect cyber criminals to say anything less because it is their prerogative to convince you that you need to follow their command. We, of course, do not recommend doing that. In fact, even emailing cyber criminals is dangerous because they could send you malicious files or links now and in the future. To reassure you that you need to communicate with the attackers, a file named “RETURN FILES.txt” is created on the on Desktop and in the C disk. It simply informs that you need to email the same address to have your files “returned” to you. Instead of doing what crooks tell you to do, we suggest planning the removal of the infection. Even though your files will not be restored, your system will become much more secure once you delete Ransomware.

Since decryption of the files is not possible at this time, chances are that the corrupted files are lost. If you have copies backed up, replace the encrypted files only after you delete Ransomware from your operating system. How will you do it? Of course, you can try to remove this malicious infection manually, but you would have to overcome a huge hurdle if you decided to follow this path. That hurdle is finding the .exe file that launched the infection. It could have been dropped anywhere, and we cannot tell you its name because it should be random. However, there are other components that must be erased, and we can tell you exactly where to look for them. This is not your only option. You also can employ anti-malware software. This is the path we recommend taking. The software will automatically eliminate all threats to clean your entire operating system, and it will also reinstate complete protection, so that you would not have to face ransomware again. Ransomware Removal

  1. Locate and Delete the infection’s [unique name].exe file (location unknown).
  2. Delete the file named RETURN FILES.txt from the Desktop and the C disk.
  3. Tap Win+E keys to access Windows Explorer and find the quick access field.
  4. Enter the following paths into the field and Delete the folder named Info.hta:
    • %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\Startup\
    • %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup\
    • %APPDATA%\
    • %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\
    • %WINDIR%\System32\
  5. Enter the following paths into the field and Delete the malicious [unique name].exe file:
    • %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\Startup\
    • %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup\
    • %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\
    • %WINDIR%\System32\
  6. Exit Explorer and then launch Registry Editor (tap Win+R to access Run and enter regedit into the box).
  7. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run and Delete three malicious [unique name] values that belong to the ransomware.
  8. Exit Registry Editor and then Empty Recycle Bin.
  9. Perform a complete system scan using a trustworthy malware scanner. Delete all leftovers.
Download Spyware Removal Tool to Remove* Ransomware
  • Quick & tested solution for Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.