How to remove Ransomware | Decrypt Guide


Ransomware is a type of malware encrypts victims files and demand a ransom to decrypt them, it adds a new extension to mark the encrypted files.


This type of attack hits files. Then files' name will have a second extension.

What ransomware do?

It marks the encrypted files By high level of encryption then adds an extension to them, each file name will be ended with two extensions, victims will not be able to access them.

For example: "video.mp4” will be named as “video.mp4.xxxx”, and also it will put text document (_readme.txt) inside each encrypted folder.

A unique decryption key and it is different for each infected computer system.

This needed decryption key is hosted on a server under the criminals full control, who have actually loaded the ransomware into the internet each victim will have unique id, the victim told to contact the attackers to pay the ransom.

There is no warranty that these online Cyber-criminals will keep their promises, so you may lose your money for nothing.

How ransomware attacks files?

They use many tricks to phish their victim: By spam e-mails, Some Fake Ads on free hosting websites, Some unsafe torrent software, or Opening these types or clicking on the harmful links might harm the system.

Follow Mango School Blog

How To protect from the virus Cyber-attack?

You'll be safe if you: Do not open any e-mail attachments, specifically from unknown sender, Do not install unsafe freeware, Install an antivirus with last update, to check each file before opening it.

How to remove ransomware?

  • Our full guide to remove ransomware from windows is available now.


you have to change all your passwords used on the infected device because the ransomware may steal the passwords stored in your browser and send them to the gangs.

How to decrypt encrypted files ?

for big size files: remove the newly added extension. this method depends on virus ability of reading and encrypting the file, so it will not add the file marker. incase each file is larger than 2GB. Please, leave a comment if that will work for you.

Download Emsisoft decrypt tool for STOP/Djvu for free

  1. Make sure to launch the decryption tool as an administrator. then agree with the license terms by clicking on "yes" button.
  2. The decryptor will automatically find the available drives, including any connected drives, and for more locations can be selected with the “Add” button.
  3. After adding the needed locations for decryption into the list, click on the “Decrypt” button to start the decryption procedure.
  4. The main screen may turn you to a status view, letting you know of the active process and the decryption statistics of your data.
  5. The decryptor will notify you at the end of the decryption process.

The Emsisoft decryptor might display different messages while decrypting files:

No key for New Variant online ID | so, the decryption is impossible.

Your original files were encrypted with an online key you run the virus while you are connected to the internet. So no one has the same encryption/decryption key pair.

No key for new variant offline ID | so, Decryption may be possible in the future. Receiving this message is good news for you, because it might be possible to restore your files in the future, follow updates regarding the decryptable DJVU versions.


Remote name could not be resolved | It refers to DNS problem on your PC, so reset your HOSTS file back to default.


More solutions| backup/save your encrypted files and wait for a possible future solution.

No person can change the encryption from online to offline.

References:

What is Ransomware?