1 of 2
Danger level 6
Type: Trojans

Somik1 Ransomware

Somik1 Ransomware is an infection that might be in development stages still, and so it is possible that the attackers behind it will add functionality or adjust certain elements. That being said, the sample tested in our internal lab is already powerful, and so the threat has a great potential to do some damage. Windows users who are cautious and whose operating system are protected reliably might not need to worry about this infection; however, those who do not stay on top of all updates and who are careless when interacting with files, downloaders, and links online could be exposed to it without even realizing it. The threat is clandestine, and if it manages to slither in, it does not reveal itself right away. If it did that, there is a possibility that victims could remove Somik1 Ransomware before their personal files were affected. Were your files affected? If that is the case, you might think that you will restore them only if you delete the infection. Unfortunately, that is not how file-encryptors work.

If Somik1 Ransomware invaded your operating system, your personal files must be corrupted, and the .arnoldmichel2@tutanota.com extension must be added to their names. According to our research team, the infection does not touch folders that have words AMD, Intel, Internet Explorer, ProgramData, or Windows in their names. That is how the infection might prevent itself from attacking system files. It was also found that Somik1 Ransomware specifically evades files with names HELLO.txt, somik1.exe, and xxx_media_player.exe. The last name suggests that the threat could be introduced to unsuspecting Windows users in the disguise of a media player. Even though the ransomware has some restrictions, it encrypts all personal files, including those with .doc, .jpg, .pdf, .png, .txt, and .ppt extensions. If the threat is not deleted right away, it can successfully encrypt your documents, photos, PowerPoint presentations, and other types of files. Once that is done, it can freely drop WARNING2.txt, WARNING3.txt, WARNING4.txt, WARNING5.txt, and WARNING6.txt files onto the Desktop. You can delete these files, but opening them and reading the messages inside will not harm you.

When Somik1 Ransomware drops the ransom notes, it also launches a window entitled Attention. Both the text files and the window carry the same message. According to it, your files were encrypted, and if you want to restore them, you need to email ARNOLDMICHEL2@TUTANOTA.COM. As you might have noticed already, this is the email address that is attached to the corrupted files as well. The note instructs to send 1-2 files to have decrypted for free, after which, you would then be expected to pay a ransom in Bitcoins. How much is the ransom? We cannot tell, but even if it is small enough for you to pay, you need to think about what you would be getting yourself into by fulfilling the attackers’ demands. If you email the attackers, they could send you malware and introduce you to scams. If you pay the ransom, you could end up empty-handed. Who would force cybercriminals to give you a decryptor that, allegedly, can restore files? The sad truth is that they are pretty much untouchable. It is even sadder that free decryptors for Somik1 Ransomware do not exist, and that means that you are unlikely to be able to restore files. Perhaps you can replace them using backup copies?

Deleting Somik1 Ransomware is both easy and extremely difficult. According to our research team, the launcher file and the ransom notes on the Desktop are the only components that need to be removed. So, the removal part is not difficult. However, the launcher’s location and even name are unknown. If you think you can identify the malicious file, delete it right away, and then employ a legitimate malware scanner to help you figure out if you have managed to clear your system from threats. If you are not able to remove Somik1 Ransomware yourself, think about employing anti-malware software. We strongly recommend this because you will never be safe without this software. Hopefully, once you have the dangerous infection fully removed, you can replace the encrypted files with backups that you might have stored online or on external drives.

Somik1 Ransomware Removal

  1. Remove recently downloaded suspicious files.
  2. Go to the Desktop and Delete these files:
    • WARNING2.txt
    • WARNING3.txt
    • WARNING4.txt
    • WARNING5.txt
    • WARNING6.txt
  3. Empty Recycle Bin to complete removal.
  4. Install and run a legitimate malware scanner.
  5. If leftovers are detected, erase them ASAP.
Download Spyware Removal Tool to Remove* Somik1 Ransomware
  • Quick & tested solution for Somik1 Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.