Dever Ransomware

Can you decrypt the files corrupted by Dever Ransomware? The attacker behind this malicious threat wants you to believe that you can do that using their assistance; however, our researchers do not recommend interacting with cybercriminals at any point. If you get involved, you could be exposed to new scams, and you might also be pushed into paying quite a lot of money for nothing in return. The attacker informs victims that they can pay a ransom to get their files restored, but it is not likely that they would be interested in the restoration part after obtaining the money. The good news is that Crysis or Dharma decryption tools exist, and you might be able to use them to restore your files for free. Crysis and Dharma are the names of a family of ransomware that Dever belongs to along with Phobos Ransomware, Caleb Ransomware, Bitx Ransomware, and many other infections. All of them must be deleted, but in this report, we discuss the removal of Dever Ransomware.

You might have opened a misleading spam email attachment or downloaded malware disguised as something harmless if Dever Ransomware has managed to slither in. Regardless of how this threat got in, there is no doubt that your operating system is vulnerable, and that needs to change. First, you need to delete the infection, of course. When it slithers in, it corrupts files immediately, and then the “.id[unique code].[lizethroyal@aol.com].Dever” extension is added to all of their names. This extension might seem mysterious at first, but Dever Ransomware uses Info.hta and info.txt files to make this clearer. The .hta file launches a window entitled “encrypted” right after encryption, and the message inside explains what happened to files and also presents instructions. If you follow them, you are supposed to email the unique ID code and five encrypted files to lizethroyal@aol.com or maitlandtiffaney@aol.com. After this, you are supposed to receive additional instructions explaining how to pay a ransom in Bitcoin, and once you do that, a tool capable of decrypting files should be sent to you. That is what cybercriminals promise, and, as you should know already, trusting their promises is extremely risky.

The .txt file dropped by Dever Ransomware is much shorter, and it simply instructs to send a message to one of the two email addresses. Hopefully, you do not need to worry about taking such a risk because you can decrypt your personal files using a free decryptor. If that is not an option for you, perhaps you can replace the corrupted files using backup copies? In today’s world, you must have all of your personal files backed up because there are literally thousands of infections created for the sole purpose of corrupting files. Unfortunately, in most cases, victims of such infections are helpless because free decryptors rarely exist, and, therefore, backups are the only things that can save the day. Even if you successfully restore the files corrupted by Dever Ransomware, it is crucial that you set up a backup immediately after the removal of the infection. You can use cloud storage or external drives, but we recommend using both options to ensure that your personal files are never lost. If you have backups right now, we recommend that you remove the infection before using them to replace the encrypted files.

As you can see, quite a few steps need to be performed to ensure that Dever Ransomware is fully deleted. The infection creates files and registries that cannot be left behind. If you cannot remove the infection manually, you are not in trouble at all because you have the option of installing anti-malware software. Install a trustworthy and legitimate tool, and you will have every malicious piece erased. Furthermore, after you have Dever Ransomware deleted, your operating system’s protection will be taken care of as well. As we mentioned earlier, your system must be vulnerable if ransomware got in, and if you do not want new threats attacking you and your files, you need to fix the security issue. If you do not want to install anti-malware software, you will need to take care of Windows security yourself, and that is much easier said than done. If you have questions about anything, add them to the comments area.

Dever Ransomware Removal

1. Delete all copies of the ransom note file, info.txt (dropped next to encrypted files).
2. Move to the Desktop and then Delete a file named Info.hta.
3. Launch Windows Explorer by tapping Win+E keys at the same time.
4. Enter %HOMEDRIVE% into the field at the top and then Delete the file named Info.hta.
5. Enter %LOCALAPPDATA% into the field at the top and Delete a malicious [unknown].exe file.
6. Enter %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ into the field at the top and Delete a malicious [unknown].exe file.
7. Enter %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup\ into the field at the top and Delete a malicious [unknown].exe file.
8. Enter %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\Startup\ into the field at the top and Delete a malicious [unknown].exe file.
9. Launch Run by tapping Win+R keys at the same time and enter regedit to launch Registry Editor.
10. Move to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.
11. Delete the [unknown] value associated with the [unknown].exe file.
12. Move to HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.
13. Delete the [unknown] value associated with the [unknown].exe file.
14. Exit Registry Editor and then Empty Recycle Bin.
15. Install a malware scanner you can trust and use it to scan the operating system for leftovers.