1 of 2
Danger level 6
Type: Trojans
Common infection symptoms:
  • System crashes
  • Slow Computer
  • Connects to the internet without permission
  • Can't be uninstalled via Control Panel

Smpl Ransomware

Smpl Ransomware is a dangerous threat from the Crysis/Dharma Ransomware family. It can encrypt pictures, various documents, and other files that might be very valuable to victims. After the encryption process is done, the files affected by it should be unreadable and unusable. Encrypted files can still be restored if you only have the right decryption tools. Unfortunately, it might be impossible to obtain them. Hackers behind the malware could be the only ones who could provide decryption tools and they demand to pay ransom before delivering them. Thus, there are no guarantees that victims will receive the promised tools as agreed. If you are still considering this option, we recommend thinking carefully if you really want to risk losing your money in vain. Before making the final decision, we invite you to read our full article so you could learn more about Smpl Ransomware.

We wish to begin with talking about the malicious application’s distribution. Researchers say that the malware might be spread through unsecured Remote Desktop Protocol (RDP) connections, spam emails, and malicious file-sharing websites. Since we cannot know what method the hackers behind Smpl Ransomware are using precisely, we recommend taking a few extra precautions to guard the system against it. First thing we advise is stay away from emails with links and attachments if you are not expecting to receive them or if they come from unknown senders. Plus, if you are suspicious about a file, do not forget that you can always scan it with an antimalware tool first. Secondly, we recommend making sure that you are using secured RDP connections. Meaning, you should set up a strong password, enable Two-Factor authentication, and take any other safety measure that might be available to you. Lastly, we ought to stress that it is always a bad idea to obtain data from torrent and other file-sharing websites or sites that you do not know to be legit and reliable for sure.

Smpl Ransomware should start encrypting targeted files bit by bit if it gets launched. The data that the malware should not touch would be the one belonging to Windows and other software. As for the rest of the files, the malicious application should encipher them and mark them with a rather long extension that consist of three parts: a unique user ID, hackers’ email address, and .smpl. For example, a file called polar_bear.jpg could become polar_bear.jpg.id-B9800941.[crimecrypt@aol.com].smpl if it gets encrypted by this threat. You should be unable to open any files affected in the described manner. They are not damaged but locked and to unlock them you need a unique decryption key and decryption software. As said earlier, it is unfortunate that only the malware’s creators could provide them. The unique decryption key gets generated during the encryption process and hackers’ usually obtain it by making their threats store it on a remote server. Needless to say, no one else besides Smpl Ransomware’s developers would be able to access their server.

Therefore, the cybercriminals also programmed the malware to display ransom notes, which recommend contacting them and suggest that users who want to restore their files would have to pay ransom. It is unknown how much the victim’s Smpl Ransomware might ask to pay. Sometimes it depends on who is the victim or rather on how sensitive are the encrypted files. However, we do not recommend paying ransom no matter how much it could be. There are no guarantees that the malware’s creators will deliver the promised decryption tools or will still have them when the time to send them comes. Thus, if risking your money for something you might never get does not sound like a good idea to you, we advise concentrating on the malicious application’s deletion. According to our researchers, there are a couple of ways to erase Smpl Ransomware.

Experienced users who have deleted similar threats manually in the past, could try to remove Smpl Ransomware by erasing files that could belong to it. We cannot guarantee that the instructions available below will work for everyone, but they can be of use if you need any guidance while removing the threat manually. The other way to delete Smpl Ransomware is to scan the infected device with a reputable antimalware tool of your choice. After your computer is scanned, your security tool should show a list of detected items and it ought to let you eliminate them by pressing its displayed removal button.

Restart the computer in Safe Mode

Windows 8/Windows 10

  1. Press Win+I for Windows 8 or open Start menu for Windows 10.
  2. Click the Power button.
  3. Tap and hold Shift, then click Restart.
  4. Pick Troubleshoot and choose Advanced Options.
  5. Go to Startup Settings and click Restart.
  6. Click F5 to restart the PC.

Windows XP/Windows Vista/Windows 7

  1. Go to Start, select Shutdown options, and pick Restart.
  2. Click and hold F8 when the PC starts restarting.
  3. Select Safe Mode with Networking.
  4. Press Enter and log on.

Erase Smpl Ransomware

  1. Click Win+E.
  2. Find these paths:
    %TEMP%
    %USERPROFILE%\Downloads
    %USERPROFILE%\Desktop
  3. Locate the malicious application’s launcher (some suspicious file downloaded before the infection appeared).
  4. Right-click it and select Delete.
  5. Find these locations:
    %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
    %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup
    %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\StartMenu\Programs\Startup
    %WINDIR%\System32
    %APPDATA%
  6. Locate files called Info.hta, right-click them and select Delete.
  7. Find these specific Startup directories:
    %WINDIR%\System32
    %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
    %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup
    %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\StartMenu\Programs\Startup
  8. Find suspicious executable files, for example, file.exe; right-click them and choose Delete.
  9. Exit File Explorer.
  10. Press Win+R.
  11. Insert Regedit and click Enter.
  12. Find the given directory:
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
  13. Search for value names dropped by the threat, e.g., {random title}.exe, right-click them, and select Delete.
  14. Exit Registry Editor.
  15. Empty Recycle Bin.
  16. Restart the computer.
Download Spyware Removal Tool to Remove* Smpl Ransomware
  • Quick & tested solution for Smpl Ransomware removal.
  • 100% Free Scan for Windows
disclaimer
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.