- Slow Computer
- System crashes
- Normal system programs crash immediatelly
- Connects to the internet without permission
- Installs itself without permissions
- Can't be uninstalled via Control Panel
REvil Ransomware is a truly evil infection that some researchers have dubbed Sodinokibi Ransomware or Sodin Ransomware. The real name, however, appears to be REvil. This infection has been active for several months now, but it is believed that it could be much older than that. These discussions have emerged once malware experts determined that the new infection is quite similar to the infamous GandCrab Ransomware. The codes of these threats are comparable, and the new one has emerged just as the old one was dismantled by its creators. Some believe that this is just a ploy for the attackers to regroup and stay under the radar, which became increasingly difficult with everyone’s eyes on GandCrab. While we wait for the confirmation and more information, we need to shows Windows users how to remove REvil Ransomware. Hopefully, you can protect your system against this malware, but if you need to delete it, we can help you. If you are interested, please continue reading.
It has been discovered that the malicious REvil Ransomware can be spread using known vulnerabilities, which include CVE-2019-2725 (within Oracle WebLogic Server) and CVE-2018-8453 (within win32k.sys) vulnerabilities. Both have been patched, and if Windows users do not skip updates, the patches should have been applied successfully. Unprotected RDP backdoors could be exploited by this malware as well. It was also found that misleading spam email messages could be employed to trick unsuspecting victims into executing malware too. Once the infection slithers in silently, it initiates malicious processes instantly. First, it deletes shadow volume copies, which ensures that users cannot recover files from internal backup. There are many other infections capable of doing that, and so it is advisable that you backup your files using external services. Once internal backup is corrupted, REvil Ransomware encrypts files. When testing this malware, it only encrypted files in the following directories: %HOMEDRIVE%\Users\Default, %USERPROFILE%\Desktop, %USERPROFILE%\Downloads, and %USERPROFILE%\Favorites. It also encrypted everything in the %HOMEDRIVE% directory, excluding .sys and .bat files. Obviously, if sensitive files are stored in the mentioned directories, the malicious infection can be extremely destructive.
Once files are encrypted, a unique extension is added to their names. According to our malware research team, a combination of 6 to 10 unique symbols could be appended. This REvil Ransomware extension is also included in the name of the file representing the ransom note. This file (“[random]-readme.txt”), should be dropped everywhere where the encrypted files are, and you will need to remove every copy, but, of course, deleting REvil Ransomware launcher should be your priority. But we are ahead of ourselves here. The ransom note file informs that files were encrypted and also suggests that it is possible to restore them. You are instructed to download the Tor Browser, visit a special website, and then follow additional instructions. Most likely, these would include paying a ransom. Should you do that if you fall victim to the malicious threat? That is your decision to make but remember that cyber criminals care about nothing but profit, and they are likely to disappear the moment you give away your money. Therefore, we discuss removal, not ransom payments.
REvil Ransomware is still relatively fresh, and we are sure that we will see this malicious threat expanding and growing in the near future; especially if it actually came from the masterminds behind GandCrab Ransomware. In the meantime, you need to secure your operating system and your personal files against this malicious threat. First and foremost, employ a security tool that will help you protect your system, as well as remove already-existing threats. A reliable anti-malware program can certainly do the job, and if you install it right away, you will not need to worry about deleting REvil Ransomware manually. It is also important to backup all personal files that cannot be replaced because you need insurance in case malware breaks through security safeguards. If you are not planning on install anti-malware software, you will need to eliminate the infection manually, and doing that is not easy. You need to find the infection yourself, and since it could be dropped to any folder under any name, we cannot help you locate it on your computer. Hopefully, you know what to do, but if you need our help with the removal, please leave a comment below.
REvil Ransomware Removal