Home / Parasites / Trojans / Decme Ransomware
Click on screenshot to zoom
Danger level 7
Type: Trojans
Common infection symptoms:
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

Decme Ransomware

Decme Ransomware might seem to come out of nowhere, but, in reality, the attackers behind this malware plan their attacks very meticulously. If ransomware is set to invade systems that belong to large companies or even governmental agencies, attacks are more intricate. If this malware is targeted at individual Windows systems, cybercriminals usually rely on bait. For example, they can send out the same email to thousands of email addresses. The message should contain a link or a file attachment, and if some of the recipients click on it, the attack could be successful. Other methods of invasion are used as well, and that is why it is not enough to patch one backdoor here and another one there. The entire operating system requires full protection. Perhaps that is not something on your mind at the moment, because you need to remove Decme Ransomware. If that is the case, your personal files, most likely, have been encrypted also. Unfortunately, neither decrypting the files nor deleting the infection are simple tasks.

Although Decme Ransomware does not stay hidden for long, when it slithers in initially, it has to remain quiet so that your personal files could be encrypted. A special encryption key is used to change the data of your files, which renders them unreadable. The “.[Files2021@tutanota.com][*].decme” extension is pinned to the original names of the files to mark them, and the * sign in the extension represents a unique ID that is given to every victim. So, what should you do with this extension? Well, there is nothing to do. You cannot decrypt files by changing the extension or replacing it with something else. In fact, decrypting files manually does not seem to be possible at all. At the time of research, our team could not find a free decryptor that could work. If you have found a tool that claims to restore the files corrupted by Decme Ransomware, make sure you research it first. The last thing you need is to execute another malicious infection. Of course, we do not recommend trusting the decryption tool offered by the creator of the threat.

Wherever Decme Ransomware encrypts files, it also drops a file named “!INFO.HTA.” This file opens the “lock” window, and it displays a message. It declares that files were encrypted with the “highest secure cryptography algorithm,” and that “there is no way to decrypt your files without paying and buying Decryption tool.” So, how would you pay for this tool? The attackers suggest that you must send your unique ID code to Files2021@tutanota.com or Files2020@mailfence.com. Once you do that, they should reveal the ransom sum and also provide you with payment instructions. Well, you are unlikely to get the decryptor by paying the ransom, and so we do not recommend emailing with the attackers behind Decme Ransomware either. In fact, if you do this, you have to prepare yourself for the avalanche of intimidating, aggressive, and annoying emails that should take over your inbox. If you do not want to put yourself in harm’s way, you will avoid communicating with cybercriminals. Unfortunately, you might have to accept the loss of files.

How many of your personal files have copies stored online or on external drives? If you realize that you have copies of the most important files, the attack of Decme Ransomware might not seem so devastating. Once you remove this infection, you can replace the corrupted files with backup copies and go back to normal. Of course, you must not forget about Windows security. Remember that if one infection has managed to slither in, the next one could be just around the corner. Therefore, it might be time to implement anti-malware software. It is especially helpful in this situation because it can delete Decme Ransomware automatically. Eliminating this threat manually is not an easy task, and we cannot provide you with a very detailed guide because the location of this threat could be completely random in every case. Regardless of how you choose to remove malware in the end, do not forget to pay attention to the security of your system and your files. If you want them safe, make sure you create copies.

Decme Ransomware Removal

  1. Delete all recently downloaded suspicious files. You can check these locations:
    • %USERPROFILE%\Desktop
    • %USERPROFILE%\Downloads
    • %TEMP%
  2. Delete all copies of the file called !INFO.HTA.
  3. Empty Recycle Bin and then find a reliable malware scanner.
  4. Run a system scan to check if you have removed everything.
Download Spyware Removal Tool to Remove* Decme Ransomware
  • Quick & tested solution for Decme Ransomware removal.
  • 100% Free Scan for Windows
disclaimer
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
 This is a captcha-picture. It is used to prevent mass-access by robots.

 
© 2006-2024 pcthreat.com  |  Terms of use |  Privacy policy |  About us |  Link to US