Your computer is infected with malicious software? Do you have pop-ups on your PC?
If so, search this blog for removal instructions or browse computer threats by category.

Monday, March 16, 2015

Remove Ransom Virus and Restore Encrypted Files

Tell your friends:
There are a number of different ransomware strains doing the rounds at any given time - you may well have heard of the vicious or just megacode ransom virus one in particular - however most types of this thoroughly unpleasant malware work in the same way. Most people these days have heard of many of the different types of malware, including Trojan Horses, Spyware, Adware and Potentially Unwanted Programs but one form of malicious software that only seems to get flagged up on our radars every so often, and therefore doesn't get quite the same amount of publicity is ransomware. But that is not to say that you should not be fully aware of the risks or the dangers associated with this particularly vicious attacker.

Ransomware can also be known as cryptoware, a cryptovirus, a cryptoworm or a cryprotrojan - all of which sound equally menacing and unpleasant, we are sure you will agree! So what is ransomware, how does it disseminate itself, what effect can it have on your computer - and quite possibly your sanity - and how do you avoid being infected by it for a start?

How does ransom virus infect your PC?

It is spread via attachments in emails, by programs that have been infected by it, and also by websites that have been compromised. What this means for you is that being very careful about what messages you open, what programs you download and what websites you visit is now more crucial than ever before.

What is the point of ransomware?

Ransomware, as the name suggests, has one main reason for being - and that is to extort money from you, using one of a number of different tactics, namely being by holding your files to ransom. In this case, cyber criminals simply leave a text note saying that your need to contact them via email It might not be the same for everyone. I'm pretty sure cyber criminals have more than one email address but for now let's say it's a megacode virus. By the way, it's not so well coded as for example CryptoWall 3.0 or CryptoLocker but ir does encrypt your files and it's not a joke. Actually, it reminds me of the ransomware.

How does it operate?

If you've been attacked by virus you will soon realize that you are unable to access any, or even all, of your files or documents. You will attempt to do so only to receive a ransom letter in the form of an text file that is asking for (or demanding, to be more accurate) a sum of money. In return for this ransom, the cyber criminal tells you that they will send you a key that will enable you to unlock your file.

They will normally also try and scare you into paying quickly by telling you that if you don't submit to their demands by a specified deadline that they will destroy the key - therefore eliminating any chance of you from ever being able to open your file and access its data again.

And that's not all because to dial the fear factor up to eleven, your file's 'kidnapper' may even try and convince you that you are about to become a person of interest in a police or federal inquiry. You will be told that, after investigation, you have been found either visiting websites or downloading programs of an illegal nature. And, what do you know, you will of course be given the chance to escape legal action by paying another fine!

As mentioned above, be careful what you download and which sites you visit - and backup your data on a regular basis. That way, if you do fall victim to you can ignore their demands, wipe your disk drive and start over. Or you can remove this ransom virus from your computer and restore at least some of your files using Shadow Explorer. To do so, please follow the steps in the removal guide below. If you have any questions, please leave a comment down below. Good luck and be safe online!

Written by Michael Kaur,

Step 1: Removing virus and related malware:

Before restoring your files from shadow copies, make sure ransomware is not running. You have to remove this malware permanently. Thankfully, there are a couple of anti-malware programs that will effectively detect and remove this malware from your computer.

1. First of all, download and install recommended anti-malware scanner. Run a full system scan and remove detected malware.

Important! If you can't download or run it, please restart your computer in Safe Mode with Networking or Safe Mode and try again.

2. Then, download ESET Online Scanner and run a second scan to make sure there are no other malware running on your computer.

That's it! Your computer should be clean now and you can safely restore your files. Proceed to Step 2.

Step 2: Restoring files encrypted by virus:

Method 1: The first and best method is to restore your files from a recent backup. If you have been regularly performing backups, then you should use your backups to restore your files.

Method 2: Try to restore previous versions of files using Windows folder tools. To learn more, please read Previous versions of files.

Method 3: Using the Shadow Volume Copies:

1. Download and install Shadow Explorer. Note, this tool is available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8.

2. Open Shadow Explorer. From the drop down list you can select from one of the available point-in-time Shadow Copies. Select drive and the latest date that you wish to restore from.

3. Righ-click any encrypted file or entire folder and Export it. You will then be prompted as to where you would like to restore the contents of the folder to.

Hopefully, this will help you to restore all encrypted files or at least some of them.