Sherminator Ransomware

Sherminator Ransomware is a dangerous infection that will turn your entire day upside down. Needless to say, it is a ransomware infection, and as such, it encrypts your personal files. It means that it blocks you from opening your documents by scrambling the information sequences within the files. Although there is no public decryption tool at the moment, you can still restore your files if you have a system backup. You should also remove Sherminator Ransomware from your computer as soon as possible. The manual removal process is quite cumbersome, but you should not give up.

Research suggests that Sherminator Ransomware is a new version of the previously released Mr. Dec Ransomware. Therefore, this program has some history it can learn from. At the same time, it also means that the program will employ the common ransomware distribution tactics. Our research team says that Sherminator Ransomware probably spreads through spam email campaigns and unsecured RDP connections.

It is actually quite frustrating that ransomware still manages to affect so many users worldwide using the same old methods. If only we learned more about ransomware distribution, we would be able to recognize potential ransomware delivery tactics before the malicious files reach our computers. What’s more, users tend to download and launch the malicious ransomware installer files willingly.

How does that ever happen? Users are tricked into thinking that the files they receive through spam emails are legitimate and important. Also, the messages that these files come with usually employ really urgent tone, telling users to open and check the files immediately. If you fall for this trick, Sherminator Ransomware enters your system.

How can we stop ransomware from entering our computers? Well, if you really don’t know whether the file you are about to open is safe or not, you can scan it with a security tool of your choice. In fact, that would be a good habit to acquire. Checking the files with a security tool before opening would save you a lot of trouble. However, if Sherminator Ransomware still manages to reach your system, then you will go through the full ransomware experience.

First, this program will scan the entire system looking for the files it can encrypt. These programs can affect most of the personal files. Once the encryption is complete, you will also see that the files get an appendix to their filenames. The appendix is a random string of letters and numbers. This string is your infection ID, which means that every affected computer will have a unique appendix used for the encrypted files.

But you probably do not need any additional mark-up to see that this infection messed up your files. The file icon changes when the encryption is complete, and it clearly means that you cannot open them anymore. The system simply cannot read the file information.

If that weren’t enough, the infection also drops the Decoder.hta ransom note in every folder that contains encrypted files. Sherminator Ransomware also kills the Windows Explorer process, which makes it almost impossible to navigate to your computer. Instead, the ransomware displays the ransom note wide across your screen:

You are unlucky! The terrible virus has captured your files! For decoding please contact by email you.help5@protonmail.com or sherminator.help@tutanota.com
<…>
Hurry up! Time is limited!
Do not contact third parties for help, this may lead to the fact that you will be deceived and you will not receive your decoder.

REMEMBER – only we have a tool to get your files back!

Although Sherminator Ransomware keeps on killing the Windows Explorer process, you can close the ransom note by pressing Alf+F4 keys simultaneously. After that, you need to remove Sherminator Ransomware from your computer.

Since the infection kills Windows Explorer, you will have to load your computer in Safe Mode to remove the infection. You can find the guidelines for that below. However, please note that even if you decide to remove Sherminator Ransomware automatically, you might still have to do it via Safe Mode with Networking because the infection might not allow you to reach the program you want before it kills Windows Explorer again. It is a very frustrating experience, but you need to stay strong and terminate Sherminator Ransomware once and for all.

How to Remove Sherminator Ransomware

Safe Mode with Networking on Windows 8 & Windows 10

1. Press Win+I and click the Power button.
2. Press and hold the Shift key, select Restart.
3. On the Advanced Options menu, choose Troubleshoot.
4. Go to Startup Settings and click Restart.
5. Press the F5 and reboot the computer.

Safe Mode with Networking on Windows Vista & Windows 7

1. Select Start and go to Shutdown options.
2. Choose Restart.
3. Press the F8 key when your system starts loading.
4. Select Safe Mode with Networking on the BIOS menu.
5. Press Enter and load the system.

Remove Sherminator Ransomware

1. In Safe Mode with Networking, press Win+R.
2. Type regedit into the Open box and click OK.
3. Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.
4. On the right side, select and delete the Autorun.SQL value.
5. Exit Registry Editor and press Win+R again.
6. Type %APPDATA% into the Open box and click OK.
7. Go to Microsoft\Windows\Start Menu\Programs\Startup.
8. If the Decoder.hta file is present, remove it.
9. Scan your system with SpyHunter.