Click on screenshot to zoom
Danger level 6
Type: Trojans

CLUB Ransomware

Have your personal files become unreadable, and has the “.id-{ID}.[admin@stelsdatas.com].club” extension been added to them? CLUB Ransomware is the culprit of this mess. Unfortunately, it uses a strong and complicated encryptor to lock your files up, and because the data gets scrambled during encryption, normal tools/programs cannot read your files anymore. A decryptor should read them easily, but you cannot just use any decryptor. Should you purchase the one offered by the creator of the infection? Of course, we do not recommend doing that! Perhaps you can use the free Rakhni Decryptor that was built to decrypt all files corrupted by Crysis/Dharma Ransomware? Unfortunately, we cannot promise that you will have all files decrypted using this tool. There is more that we want to share, and we also want to discuss the removal of CLUB Ransomware. If you are interested, continue reading.

Are you familiar with the Crysis/Dharma Ransomware? It is an infection whose code has been recycled hundreds of times to build new file-encrypting infections. CLUB Ransomware is only the latest addition to the family, and other clones that have been linked to it include LCK Ransomware, 8800 Ransomware, ROGER Ransomware, and BOMBO Ransomware. It is likely that different parties stand behind these threats, but they are likely to stick to the same distribution methods. Some might create spam emails that entice you to click a link or open an attached file. Actions like that might seem harmless, but if cybercriminals are behind the email, you can be tricked into executing malware. The same goes for bundled downloaders or freeware offers. If you are not cautious about where you download files/software from, you might end up executing CLUB Ransomware without meaning to. Obviously, if your operating system is guarded, the threat should have no chance of executing fully. It should be removed before any damage is done. However, if you are lacking in virtual security, the ransomware can encrypt your files silently.

As we have discussed already, once files are encrypted, they cannot be read normally, and a unique extension is added to their names. Before you discover your files, you are likely to be introduced to a file named “FILES ENCRYPTED.txt” or a window entitled “admin@stelsdatas.com.” In both cases, you are shown a message, according to which you need to email admin@stelsdatas.com or admin@stelsdatas.club if you want to get your files back. So, what would you achieve by establishing communication with cybercriminals? Nothing. They would send you instructions to pay a ransom, and if you do it, you are unlikely to get anything in return. If you do not pay the ransom, you are likely to be flooded with extortion emails, and you could be involved in new scams in the future. Overall, emailing cybercriminals behind CLUB Ransomware is a terrible idea. Hopefully, you can use the free decryptor, and you do not need to even consider taking such a risky action. Note that if the decryptor does not work for you, a great solution is to replace the corrupted files, which you should be able to do if you have copies of your files stored safely.

Whether you are trying to use a free decryptor or your own backups to recover/replace the corrupted files, you ought to delete CLUB Ransomware first. This malware does not have many components, but the most important one is concealed in a way. Its location could be random, and we do not know what kind of name it could have either. If you know exactly where to find the file, remove it instantly. If you have no idea, employ a legitimate anti-malware tool that will remove CLUB Ransomware automatically. Since other threats might exist on your system without your knowledge, and your system also requires full-time protection, we strongly recommend installing a trusted anti-malware tool. It will solve the removal and security issues at once. If you want to take extra security steps, store copies of your most important files online or on an external drive. Also, do not forget that malware can hide within spam and downloaders.

CLUB Ransomware Removal

  1. Delete all recently downloaded suspicious files. Check these locations:
    • %USERPROFILE%\Desktop
    • %USERPROFILE%\Downloads
    • %TEMP%
  2. Delete the ransom note file named FILES ENCRYPTED.txt.
  3. Once you Empty Recycle Bin, quickly install a trustworthy malware scanner.
  4. Run a system scan to check if you need to delete anything else.
Download Spyware Removal Tool to Remove* CLUB Ransomware
  • Quick & tested solution for CLUB Ransomware removal.
  • 100% Free Scan for Windows
disclaimer
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.