Some of the nastiest computer attacks worldwide are caused by a type of malware known as Ransomware. The representatives of this harmful software category are extremely malicious programs which can leave the infected computer with fully encrypted files or inaccessible screen. The main idea behind these actions is to blackmail the targeted victims. The Ransomware viruses operate with the help of a secret encryption algorithm and place ransom-demanding messages on the screen of their victims in order to extort money from them. A new virus of this kind is the recently reported [email protected] cryptovirus. If you have had the misfortune of getting infected with it, in the paragraphs below, we are going to review its specifics and will try to offer you some alternative solutions for its removal and file-decryption.
Getting to know the threat
Ransomware, as we said above, is an extremely dreadful malware type. Without wanting to get you scared, we need to tell you that dealing with such a malware piece can be rather tricky and full recovery might not always be possible. Basically, what the Ransomware seeks is to lock some components of your device and prevent you from using and accessing them until you pay a certain amount of money as a ransom. The security experts recognize several different subcategories of Ransomware which mainly differ in the way the viruses operate and the components that they target:
- There are Ransomware-based programs which specialize in blocking smart devices such as smartphones, tablets, phablets, smart TV’s, etc. These threats tend to place full-screen ransom-demanding notifications on the infected devices’ screens and this way prevent the users from using thed device until they pay the required ransom amount.
- Other Ransomware versions typically target the user’s PC and laptop. They either block the screen in a similar manner with an on-screen banner or use a very complex file-encryption to prevent you from accessing your data. Again, to make your screen or files available, the hackers behind the malware request that a ransom is paid, typically, within a short deadline.
Remove [email protected] Ransomware
Note: Before you go any further, we advise you to bookmark this page or have it open on a separate device such as your smartphone or another PC. Some of the steps might require you to exit your browser on this PC.
2: Task Manager
Press Ctrl + Shift + Esc to enter the Task Manager. Go to the Tab labeled Processes (Details for Win 8/10). Carefully look through the list of processes that are currently active on you PC.
If any of them seems shady, consumes too much RAM/CPU or has some strange description or no description at all, right-click on it, select Open File Location and delete everything there.
Also, even if you do not delete the files, be sure to stop the process by right-clicking on it and selecting End Process.
3: The Hosts file
Go to c:\windows\system32\drivers\etc\hosts. Open the hosts file with notepad.
Find where it says Localhost and take a look below that.
If you see any IP addresses there (below Localhost) send them to us here, in the comments since they might be coming from the virus.
4: Disable Startup programs
Re-open the Start Menu and type msconfig.
Click on the first search result. In the next window, go to the Startup tab. If you are on Win 10, it will send you to the Startup part of the task manager instead, as in the picture:
If you see any sketchy/shady looking entries in the list with an unknown manufacturer or a manufacturer name that looks suspicious , disable those programs and select OK.
5: Registry Editor
Press Windows key + R and in the resulting window type regedit.
Now, press Ctrl + F and type the name of the virus.
Delete everything that gets found. If you are not sure about whether to delete something, do not hesitate to ask us in the comments. Keep in mind that if you delete the wrong thing, you might cause all sorts of issues to your PC.
6: Deleting potentially malicious data
Type each of the following locations in the Windows search box and hit enter to open the locations:
Delete everything you see in Temp linked to [email protected] Ransomware. About the other folders, sort their contents by date and delete only the most recent entries. As always, if you are not sure about something, write to us in the comment section.
The previous steps were all aimed at removing the [email protected] Ransomware from your PC. However, in order to regain access to your files, you will also need to decrypt them or restore them. For that, we have a separate article with detailed instructions on what you have to do in order to unlock your data. Here is a link to that guide.
[email protected] is a threat from the file-encrypting type!
Among all the Ransomware subgroups, the most malicious and difficult to handle are the file-encrypting viruses. The viruses of this type are capable of causing a lot of harm which, unfortunately, may not always be counteracted successfully. [email protected] is a new addition to the file-encrypting Ransomware category and as such, it usually targets your personal files, work-related data, archives, images, videos, audios and maybe even certain system files. It encrypts them all with a very complex encryption algorithm which is possible to reverse only with a unique decryption key. That key is what you are later asked to pay for if you want to regain the access to the affected data. The criminals behind [email protected] normally place a ransom-demanding note on the screen of their victims and threaten them that if they don’t pay, the decryption key for their files will be destroyed and they will lose their data forever.
The specific thing about this malware is that the infection as well as the encryption process are so stealthy that in most of the cases the users are not able to detect and stop the virus on time. Normally, the contamination happens thanks to a careless click on an infected transmitter such as a fake ad, a misleading link, an infected webpage or with the help of a Trojan horse backdoor that’s already present inside the targeted system which inserts the Ransomware in the system through a security weakness. Few antivirus programs can provide reliable protection against this type of malware and its sneaky infection tactics. That’s why, investing in advanced security software is a good move towards reliable protection.
Can [email protected] be removed? Is there a solution for the files?
[email protected] is a threat which is extremely hard to deal with. Still, with some detailed instructions or a professional malware removal tool, such as the ones on this page, the removal of the infection is not impossible. Its complex encryption, however, poses a challenge to the security professionals as it can be quite difficult or, in some cases, even impossible to reverse. Still, system file backups or external copies may help you recover some of the data. That’s why, trying to extract whatever is possible can perhaps minimize the data loss. As far as paying the ransom is considered as an option, you should know that such course of action is very risky and also does not guarantee the successful liberation of your files. It’s just better to find an alternative solution as paying the ransom could simply turn out to be a needless and pointless waste of money for a key that the hackers never really intended to send you in the first place.
|Danger Level||High (Ransomware is by far the worst threat you can encounter)|
|Symptoms||Very few and unnoticeable ones before the ransom notification comes up.|
|Distribution Method||From fake ads and fake system requests to spam emails and contagious web pages.|
Daniel Sadakov has a degree in Information Technology and specializes in web and mobile cyber security. He harbors a strong detestation for anything and everything malicious and has committed his resources and time to battling all manners of web and mobile threats. He has founded MobileSecurityZone.com, a website dedicated to covering the top tech stories and providing useful tips for the everyday user, in an effort to reach and help more people.