Ranscam Ransomware Removal

The encrypted files may not be the only damage done to you. parasite may still be hiding on your PC. To determine whether you've been infected with ransomware, we recommend downloading SpyHunter.

Download SpyHunter Anti-Malware

More information on SpyHunter, steps to uninstallEULAThreat Assessment Criteria, and Privacy Policy.

This page aims to help you remove Ranscam Ransomware. These Ranscam removal instructions work for all versions of Windows.

In case you are reading these lines, you have probably fallen victim to a ransomware infection, known as Ranscam . If this is the case, then you are probably looking for a way to recover from the strong encryption that was applied to the data on your hard drive. Here we may come to help you. In the guide below you will learn how to clean the infection and hopefully, restore some of your files. Our “How to remove” team has prepared for you some detailed instructions that will lead you through the exact steps you need to take in order to safely remove Ranscam from your system. But don’t proceed directly to the removal guide before you read some more details about the ransomware threats. The brief information below will give you a better understanding of the threat you are dealing with, as well as some very useful tips to prevent future infections.

Ranscam – one bad guy

Recently, many users have reported Ranscam infections and this malware seems to be quickly becoming a popular malware threat that is robbing unsuspecting users. As a typical representative of the ransomware family, this virus has been developed by a group of cybercriminals with the sole aim to make them lots of money. What is the scheme you may ask? The moment it finds its way into the system, Ranscam applies a strong encryption algorithm to all the data available on the victim’s computer. It usually changes the encrypted files extension and makes them impossible to open.

Unlike other viruses that hide deep in the system and keep performing their malicious activities stealthily, once the whole encryption process is over, the ransomware reveals itself with a ransom note on the screen. There victims can see information about the files that were encrypted and detailed instructions on how to get them decrypted. Here comes the real “quick-money” scheme – the cybercriminals ask for a certain amount of money (ransom) in exchange for a decryption key, with the help of which they promise you to restore your files to their previous state. This is just like the old and well-known scheme of holding someone hostage in exchange for a ransom, but in the modernized version, the valuable users’ data is the hostage.

The malicious hackers are real crooks and they don’t play nice. A short period of time is given to the victims to make a payment. To add more pressure, the crooks threaten to double the ransom or even delete the decryption key and this way leave the victim’s data encrypted forever. Nasty, isn’t it?

How did you get infected?

An Ranscam infection is really hard to detect without good anti-malware software. It uses very sophisticated methods to hide like a seemingly harmless file or application, this way increasing its chances to infect more people. This ransomware is commonly spread through spam email campaigns that appear absolutely realistic. The hackers are constantly developing even more credible-looking ways to spread the cryptovirus. Trojan horse infections are their favorite method when it comes to ransomware distribution. Ranscam effectively uses the vulnerabilities a Trojan infection creates and sneaks inside the system unnoticed. Once it gets through, the script immediately starts to infiltrate the files and apply its encryption. Unfortunately, the whole process does not have any visible symptoms unless the encryption is over and the ransom note appears on the screen.

Would you give your money to the hackers?

When dealing with ransomware, one always has a dilemma – to pay or not to pay. While the decision is all yours, there are a few things we would like to point out about the risks. It may look like a very easy deal, however, you should know that many users have burned their hard earned money by paying it to the crooks and not getting their files restored. Very often the decryption key the hackers send doesn’t work or they “forget” to send a key at all. After all, nobody gives you a guarantee that you would really get something out of that unfair deal. Moreover, with the infection still on your machine, your system is vulnerable to all sorts of malware. What if the crooks encrypt your files again the moment you decrypt them? Yes, this also happens and many victims fall into that “pay-decrypt-encrypt” trap. The risk is all yours to take, however, most security experts including our team would tell you that paying ransom to the cybercriminals is a bad idea.

The best prevention methods?

There are many tips online on how to stay safe and keep ransomware infections away. The best protection, of course, remains the good regular backup. Do invest in an external drive or a cloud and make it a habit to keep an updated copy of all your valuable data there. In order to avoid infections, however, you would need to stay away from sketchy content, keep your system updated and protect your PC with good antivirus software. Now, to fully clean the Ranscam infection from your PC, please follow the steps in the guide below. Should you need any help, don’t hesitate to leave us a comment.


Name Ranscam
Type Ransomware
Danger Level High (Applies a strong encryption to all your files and asks for ransom)
Symptoms Ransom note appears on the screen after the encryption process is over.
Distribution Method Trojan horse infections, spam email campaigns, torrents, seemingly harmless files, etc.
Detection Tool Ransomware may be difficult to track down. Use SpyHunter – a professional parasite scanner – to make sure you find all files related to the infection.

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you’ll need to purchase the full version.
More information about SpyHunter and steps to uninstall.

Ranscam Ransomware Removal

Readers are interested in:


Reboot in Safe Mode (use this guide if you don’t know how to do it).

This is the first preparation.


To remove parasite on your own, you may have to meddle with system files and registries. If you were to do this, you need to be extremely careful, because you may damage your system.

If you want to avoid the risk, we recommend downloading SpyHunter
a professional malware removal tool.

More information on SpyHunter, steps to uninstallEULAThreat Assessment Criteria, and Privacy Policy.

The first thing you must do is Reveal All Hidden Files and Folders.

  • Do not skip this. Ranscam may have hidden some of its files.

Hold the Start Key and R copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

hosts_opt (1)

If there are suspicious IPs below “Localhost” – write to us in the comments.


Type msconfig in the search field and hit enter. A window will pop-up:


Go in Startup —> Uncheck entries that have “Unknown” as Manufacturer.


Press CTRL + SHIFT + ESC simultaneously. Go to the Processes Tab. Try to determine which ones are a virus. Google them or ask us in the comments.


We get asked this a lot, so we are putting it here: Removing parasite manually may take hours and damage your system in the process. We recommend downloading SpyHunter to see if it can detect parasite files for you.

Right click on each of the virus processes separately and select Open File Location. End the process after you open the folder, then delete the directories you were sent to.



Type Regedit in the windows search field and press Enter. Once inside, press CTRL and F together and type the virus’s Name.

Search for the ransomware in your registries and delete the entries. Be extremely careful – you can damage your system if you make a big mistake.

Type each of the following in the Windows Search Field:

  1. %AppData%
  2. %LocalAppData%
  3. %ProgramData%
  4. %WinDir%
  5. %Temp%

Delete everything in Temp. The rest just check our for anything recently added. Remember to leave us a comment if you run into any trouble!


How to Decrypt files infected with Ranscam

There is only one known way to remove the virus’ encryption that MAY work (no guarantees) – reversing your files to a previous state. There are two options you have for this:

The first is using a system backup. Search for Backup and Restore in the windows search field —–> “Select another backup to restore files from”


If you have no backups, your option is Recuva

Go to the official site for Recuva and download its free version. When you start the program, select the file types you want to recover. You probably want all files. Next select the location. You probably want Recuva to scan all locations.

Click on the box to enable Deep Scan. The program will now start working and it may take a really long time to finish, so be patient and take a break if necessary.

You will now get a big list of files to pick from. Select all relevant files you need and click Recover.

Did we help? Share your feedback with us so we can help other people in need!

Leave a Comment