Click on screenshot to zoom
Danger level 6
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Normal system programs crash immediatelly
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

Vesrato Ransomware

You do not want Vesrato Ransomware to invade your operating system and encrypt your personal files because this particular infection was not “decryptable” at the time of research. Basically, that means that once the files are encrypted, legitimate file decryptors cannot do anything to restore them. That leaves you with the decryptor offered by the attackers, and that is not a good option. According to our research team, this particular infection belongs to the STOP Ransomware family, and while a lot of threats from this family are decryptable, that does not appear to be the case with the latest threat. Of course, by the time you are reading this report, things could have changed, and so it is worth taking a second to check things out. Obviously, if you decide to employ a third-party tool to restore your files, you have to make sure that this tool is legitimate and effective. If you download something malicious, you will need to delete it. Of course, in this report, we focus on the removal of Vesrato Ransomware.

The name of Vesrato Ransomware comes from the “.versato” extension that gets added to the corrupted files. This extension does not have a hidden meaning, and removing it is unnecessary. In fact, by removing the extension, you will be only wasting your time. In the %HOMEDRIVE% directory, a ransom note file named “_readme.txt” should be created, but it is possible that copies of it could be created along with the encrypted files also. It is safe to open this file, but be careful. According to the message delivered, you need to spend your money on “decrypt tool and unique key” that, allegedly, would help you restore your personal photos, videos, and all other private files that Vesrato Ransomware can corrupt. The cost for the software and the key is $490 within the first 72 hours, and then $980 after that. To receive information that would make the payment possible, you are supposed to email the included ID to or These email addresses have been linked to Cetori Ransomware, Masodas Ransomware, Mogranos Ransomware, and many other infections from the STOP family. Clearly, the same party is responsible for all of them.

The ID that Vesrato Ransomware assigns to every victim can be found in the ransom note, but it is also represented in the file named “PersonalID.txt,” which is created in %HOMEDRIVE%\SystemID\. This file is not malicious, but, of course, you want to delete it because it was created by the infection. It is most important, however, that you delete all files from the %LOCALAPPDATA%\[random name] folder. This is where the malicious files of the infection should be created. The original file that launches the threat could be placed somewhere else, but that depends on how the infection entered your operating system. For example, if it was executed after you downloaded and opened a strange spam email attachment, you must know where this file is. It must be removed as well. Unfortunately, even if you delete Vesrato Ransomware files successfully, your personal files will not be restored. Unfortunately, it does not look like you can restore them using third-party tools either. So, should you pay the ransom? Since the attackers are likely to leave you hanging dry after you pay the ransom, we do not recommend it.

You should have no trouble deleting Vesrato Ransomware manually, especially if you are at least a little bit experienced. That being said, restoring personal files that were encrypted appears to be impossible. You are unlikely to have your files decrypted even if you do what the attackers tell you to do. This is why we really hope that you have backups. You can create backups using online cloud services, or you can do it yourself by creating copies of your files on external drives. It does not need to cost you much or anything at all, but it can save you in many different ways. After all, files get deleted by accident, they get corrupted by malware, and they might even get stolen along with your laptop, for example. If you have backups, remove Vesrato Ransomware and then use them to replace the lost files. If you do not have backups, take a mental note to start creating them for all personal files in the future.

Vesrato Ransomware Removal

  1. Delete the malicious file that was used to launch the infection (could be anywhere).
  2. Tap Win+E keys on the keyboard to access Windows Explorer.
  3. Enter %LOCALAPPDATA% into the quick access field.
  4. Delete the [random name] folder that contains malicious ransomware files.
  5. Enter %HOMEDRIVE% into the quick access field.
  6. Delete the file named _readme.txt and the folder named SystemID.
  7. Empty Recycle Bin and then quickly install a trusted malware scanner.
  8. Perform a full system scan and erase any leftovers that could be found.
Download Spyware Removal Tool to Remove* Vesrato Ransomware
  • Quick & tested solution for Vesrato Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.