[email protected] is a type of ransomware virus that is essentially a modified strain of the BandarChoir. It should not come as a surprise that both of these ransomware viruses are direct descendants of the Cryptolocker ransomware – one of the most dangerous and successful viruses from the past. [email protected] is not an innovative ransomware virus by any means – it uses the popular AES-256 encryption algorithm. It targets pictures, documents, videos, mp3 files, pdfs and basically any other widely used programs to store data. So far, nobody has figured out how to decrypt files encrypted by the ransomware, but there are alternative methods to fight this threats and we’ll outline them below.
Methods of distribution
So far security experts have identified two ways in which the [email protected] ransomware virus is distributed – either directly in the form of a self-extracting ZIP archive or via the help of a Trojan horse such as Alureon or Nail.
You may have been infected by the ransomware if you downloaded and ran an infected ZIP on your machine. These are usually spread around by email bombs – emails that may appear legitimate and containing offers with business propositions and requested data. Alternatively, the ZIP archive may have been downloaded from a torrent or an online storage server.
- IMPORTANT! Never download and open unfamiliar files before scanning them for viruses first. Dangerous emails can even be sent unknowingly by people you know – if their PC had been infected a virus can email itself to all known contacts of the victim!
If you haven’t downloaded any archive files lately it is likely that your computer has already been breached by a Trojan Horse virus that let the door open for [email protected] There is a whole family of Trojans, which specializes in the distribution of ransomware viruses. Trojan viruses are usually hidden in the background and you will have to remove them alongside the ransomware – otherwise you risk having another ransomware injected into your system. Unfortunately finding these types of viruses manually is very hard. You’ll have to rely on an anti-malware program to locate it for you and you can find our recommendation.
How to recover files encrypted by [email protected]
When this ransomware is done encrypting your files it will make its presence known to you by demanding a ransom in bitcoins – the virus claims that you will never be able to recover your files unless you pay the ransom, it may also threaten with the same if you try to unlock the files yourself.
We are not going to lie – in many cases people can actually recover their files by paying – at least if the system is set up properly. However, paying the ransom should only ever be your last resort. After all you are dealing with cyber criminals with no shred of morality – this is extortion after all and there will be no punishment for them if they don’t uphold their part of the bargain. Exhaust all of your other options first – as long as you do not delete the encrypted files you can always rely the payment as a failsafe.
The most successful method of restoring your encrypted files actually revolves around the recovering the originals. The ransomware did not actually transform the original files – when it created the encrypted copies it deleted the originals. These deleted files can be recovered with a varying degree of success – if you reacted swiftly to the ransomware threat to seek our help you may even be able to recover all of your files in this manner.
|Danger Level||High (your PC could hardly have a bigger problem right now)|
|Symptoms||A complete encryption of your personal files and documents coming together with a demand for a ransom.|
|Distribution Method||Software bundles, macro viruses and especially – Trojans. Scan your system! There is likely something else besides [email protected]|
|Detection Tool||Malware and Adware are notoriously difficult to track down, since they actively try to deceive you. Use this professional parasite scanner to make sure you find all files related to the infection.Sponsored|
Remove [email protected]
Readers are interested in:
Reboot in Safe Mode (use this guide if you don’t know how to do it).
This is the first preparation.
To remove parasite on your own, you may have to meddle with system files and registries. If you were to do this, you need to be extremely careful, because you may damage your system.
If you want to avoid the risk, we recommend downloading SpyHunter - a professional malware removal tool - to see whether it will find malicious programs on your PC.
The first thing you must do is Reveal All Hidden Files and Folders.
- Do not skip this. [email protected] may have hidden some of its files.
Hold the Start Key and R – copy + paste the following and click OK:
A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:
If there are suspicious IPs below “Localhost” – write to us in the comments.
Type msconfig in the search field and hit enter. A window will pop-up:
Go in Startup —> Uncheck entries that have “Unknown” as Manufacturer.
Press CTRL + SHIFT + ESC simultaneously. Go to the Processes Tab. Try to determine which ones are a virus. Google them or ask us in the comments.
WARNING! READ CAREFULLY BEFORE PROCEEDING!
Right click on each of the virus processes separately and select Open File Location. End the process after you open the folder, then delete the directories you were sent to.
Type Regedit in the windows search field and press Enter. Once inside, press CTRL and F together and type the virus’s Name.
Search for the ransomware in your registries and delete the entries. Be extremely careful – you can damage your system if you make a big mistake.
Type each of the following in the Windows Search Field:
Delete everything in Temp. The rest just check our for anything recently added. Remember to leave us a comment if you run into any trouble!
How to Decrypt files infected with [email protected]
There is only one known way to remove this virus successfully – reversing your files to a time when they were not infected. There are two options you have for this:
The first is a full system restore. To do this type System Restore in the windows search field and choose a restore point. Click Next until done.
Your second option is a program called Shadow Volume Copies.
Open the Shadow Explorer part of the package and choose the Drive (C or D usually) you want to restore information from. Right click on any file you want to restore and click Export on it.