ROGER Ransomware

If you do not want to lose your files, ROGER Ransomware is an infection you need to watch out for. It is crucial to secure your operating system, and we recommend doing that with the help of legitimate anti-malware software. If your system is secured, malware will have a much harder time attacking successfully because even if it slithers in, it should be deleted instantly. It is also important to install all updates so as not to leave any unpatched vulnerabilities for cybercriminals to exploit. Finally, you yourself need to be careful. Do not open spam emails, do not click on suspicious links (even when they are sent by someone you know), and do not download files from unreliable sources. If it is a little too late for you to keep this threat away, your personal files must be encrypted now. Unfortunately, you cannot restore them by removing ROGER Ransomware. That, of course, does not mean that you should postpone the elimination of this threat. The quicker you act, the better the outcome might be.

You might have heard of Crysis/Dharma Ransomware before. This is a family name of many file-encrypting threats, including Devil Ransomware, Dever Ransomware, Bitx Ransomware, and also ROGER Ransomware. They usually spread using spam emails, social engineering scams, and bundled downloaders, which is why we have already warned you not to interact with spam/links/suspicious files to keep yourself safe. After infiltration, these threats remain silent, unless security software is there to protect you and delete malware. If such software does not exist, ransomware encrypts files. When ROGER Ransomware encrypts your personal files, it attaches the “.id-{*}.[admin@datastex.club].ROGER” extension to their names. Every single victim will see a unique ID number included in the extension. Before you might even get the chance to notice that your files were encrypted, the threat launches a window with a strange name (e.g., 6aWH6i3Gxp3cXPpqzl). The window delivers a message, and it informs that victims of the infection need to download the Tor browser and follow the included link to get information on how to restore the files. The message also includes an email address (admin@datastex.club) that can be used to contact the attackers.

Even if you close the window launched by ROGER Ransomware, you should face the message again and again as you look through your personal files because a file named “FILES ENCRYPTED.txt” should be dropped next to them. The message delivered via this file is much shorter, and it simply instructs to email admin@datastex.club if you want to restore your personal files. So, should you contact the attackers via email or follow the link introduced by them? We do not recommend it because if you contact them, you could be exposed to malware and scams, and if you follow the link, you will only be pushed to pay a ransom in return for a decryptor that you are unlikely to receive anyway. The attackers behind ROGER Ransomware are ready to promise you just about anything to make you give up money, and if you are smart, you will hold on to it. Note that free Crysis and Dharma decryptors exist, and while we cannot guarantee that they will work for you, it is worth trying them out. You also want to look at your backups to see if you have copies of the most important files and, therefore, do not need to have the corrupted files decrypted.

We strongly recommend installing anti-malware software. First and foremost, you need the protection that this software can provide you with. Second, this software can delete ROGER Ransomware automatically. Unfortunately, eliminating this threat manually is not that easy, and you can see by looking at the manual removal guide below that there are quite a few steps and that some files have unique names or even unique locations. Since we cannot point you to these files exactly, we cannot guarantee that you will be able to remove ROGER Ransomware fully. Hopefully, you manage to get rid of this dangerous infection soon, and then you can replace the encrypted files with backups stored someplace safe. Remember to always backup important files outside the computer to ensure that they are safe.

ROGER Ransomware Removal

1. Delete the launcher of the infection (unknown name/location).
2. Tap Win+E keys on the keyboard to launch Windows Explorer.
3. Enter the following paths into the field at the tip to access Info.hta and Delete this file:
   • %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\Startup\
   • %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup\
   • %APPDATA%
   • %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\
   • %WINDIR%\System32\
4. Go to these folders to find and Delete a malicious {unknown name}.exe file:
   • %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\Startup\
   • %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup\
   • %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\
   • %WINDIR%\System32\
5. Tap Win+R keys on the keyboard to launch the Run dialog box.
6. Enter regedit into the box and click OK to access Registry Editor.
7. Move to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.
8. Delete the two values associated with Info.hta and one value associated with {unknown name}.exe.
9. Empty Recycle Bin to erase the deleted components.
10. Employ a legitimate malware scanner to check if there is anything else for you to remove.