Ribd Virus


Ribd is a malware infection recognized as Ransomware that will block the most important files in your system to harass you for a ransom payment. Ribd is capable of sneaking inside the computer without symptoms and quickly encrypting the user’s most valuable data.


Once the Ribd virus has encrypted all of your files it will leave this message in a .txt file.

Of course, not all people keep important files on their machines and if you are one of those people, even if Ransomware has attacked you, this shouldn’t be too big of a problem because you won’t stand to lose any overly valuable data. Alternatively, if you have some sensitive files in your machine, but had previously made sure to save them on a backup location, there’s no need to worry about the Ransomware because this virus only locks the files but it cannot distribute them to other devices or steal them from you. In either of these situations, all the user needs to do is to remove the Ribd,Cadq or Ygkz virus itself so that their computer becomes clean again and no further malware encryption could take place.

However, the fact that Ransomware viruses are so popular within hacker circles and that those infections tend to be so effective for online harassment comes to show that, apparently, a lot of the victims of these threats do indeed need the files that get encrypted on their machines and they also have no way of getting those files back via backups. In those cases, the Ransomware victims need to really carefully examine the situation and assess the possible options they could go for. Throughout the remainder of this post, we will try to help you decide what to do if Ransomware has attacked you and you stand to lose some highly valuable data if you don’t deal with the Ransomware encryption.

The Ribd virus

The Ribd virus is a computer malware program of the Ransomware variety that seeks to extort money from its victims via keeping their most valuable data hostage. The Ribd virus applies encryption to the files, meaning that removing the virus won’t unlock them.

Despite this, it is not irrelevant whether you remove the virus or not. The Ransomware still needs to be eliminated so as to prevent further undesired encryption of your data. As for the files that are currently under the virus’ lockdown, paying the ransom to get them released is not advisable. Going for this option could make things even worse because you may spend a big portion of your money and still not receive the means to release your data.

The Ribd file decryption

The Ribd file decryption is a process that must be completed before the locked files can be accessed again. The Ribd file decryption can be completed with the help of the unique key that matches the locking algorithm used on the infected computer.

Ribd file

The Ribd file virus

The goal of the hackers is to blackmail you for the key that could release your files. However, if you are lucky, you may be able to get around the need to acquire this key. Our advice for you is to follow the instructions available in the guide below to remove the virus and then to attempt to restore some of the files without paying the ransom.


Name Ribd
Type Ransomware
Data Recovery Tool Not Available
Detection Tool

anti-malware offerOFFER *Read more details in the first ad on this page, EULA, Privacy Policy, and full terms for Free Remover.

Remove Ribd Ransomware


Ransomware threats like Ribd run various processes in the background of the system. To detect these processes, open the Task Manager by typing it in the Windows search field.

Next, once in the Task Manager, open the Processes tab and search for Ribd-related processes. Keep your eyes open for processes with unusual names, or those that are consuming too much RAM and CPU power without any particular reason.

If you find a process that looks suspicious, research it online to find out more about its nature. In many cases, processes that look sketchy in the Task manager may just be Windows system processes that shouldn’t be touched, stopped, or deleted. 

If your research shows that the selected process is not from Windows, however, or does not belong to any legitimate program, right-click on it, and select Open File Location.


Next, scan the files stored in that location for malware. To help you out, below we have included a  free online scanner that can do the job. Simply drag and drop the files there and run a check:

Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
This scanner is free and will always remain free for our website's users.
This file is not matched with any known malware in the database. You can either do a full real-time scan of the file or skip it to upload a new file. Doing a full scan with 64 antivirus programs can take up to 3-4 minutes per file.
Drag and Drop File Here To Scan
Drag and Drop File Here To Scan
Analyzing 0 s
Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
    This scanner is based on VirusTotal's API. By submitting data to it, you agree to their Terms of Service and Privacy Policy, and to the sharing of your sample submission with the security community. Please do not submit files with personal information if you do not want them to be shared.

    If the scan results show that the files are infected, go to the Task Manager, right-click on the related process and select the End Process Tree option. After that, go to the file location folder and try to delete it along with all the malicious files that it contains.



    If you have missed any Ransomware processes in the previous steps, the next steps will helpi you to completely remove the Ransomware from the computer. For optimal removal, however, you should enter the infected computer in Safe Mode. 


    Open a Run window on the screen by pressing the Windows key and R at the same time. Next, type the msconfig command and press Enter. Go to the Startup tab in System Configurations and look through the listed startup entries. If you detect items related to Ribd in the list, uncheck the tick from their checkboxes and click on Apply. 


    Save the changes by clicking on OK and close the window.


    Another system location where Ribd may make changes is the Hosts file on your computer. To check it, copy the following line:

    notepad %windir%/system32/Drivers/etc/hosts

    Paste it in a new Run box (Windows key and R) and press Enter.

    A notepad named Hosts will open on the screen. Once you are in it, scroll the text until you find “Localhost“. Check for suspicious IP addresses below localhost and if you find any, leave us a comment under this post with a copy of those IPs. We will see them and will tell you if they are related to the ransomware and what you need to do next.

    .hosts_opt (1)


    Important! The instructions that follow involve making changes in the Registry of your computer. Deleting and changing items from the registry involves risks for the normal operation of the OS.

    Start the Registry Editor by going to your Start Menu and typing “regedit” in it. Select the regedit.exe and when the Registry Editor starts, click on the Edit menu and select Find. A Find window will pop up where you have to type the NAME of the ransomware and select the Find Next button. Delete all items that are found and repeat the search until no more results are detected. After that, use the sidebar to the left and manually navigate to these directories:

    • HKEY_CURRENT_USER > Software
    • HKEY_CURRENT_USER > Software > Microsoft > Windows > CurrentVersion > Run
    • HKEY_CURRENT_USER > Software > Microsoft > Internet Explorer > Main

    Search for folders that may be related to Ribd or have unusual names such as random characters and delete them.

    Attention! If you can’t decide that the folders you are about to delete are malicious, the comments section on this page is open for your questions. Don’t risk deleting entries that are not related to the malware as this may corrupt your system. 


    Finally, paste each of the lines below in the Start Menu one by one and hit the Enter button. When the respective folder opens, sort the files by date and delete everything created or last modified after the Ransomware infection occurred.

    1. %AppData%
    2. %LocalAppData%
    3. %ProgramData%
    4. %WinDir%
    5. %Temp%

    Once you get to the Temp folder, delete all files that are stored in it.

    How to Decrypt Ribd files

    Important! Please make sure that you have removed Ribd from your computer completely before you attempt to recover your files. If there are some suspicious files left on your system, it is best to run a check with a professional malware removal tool. Also, you can use our free online virus scanner to test questionable files for malware in order to delete them.

    You can find instructions that may help you get back your data inside our How to Decrypt Ransomware guide. 


    About the author


    Brandon Skies

    Brandon is a researcher and content creator in the fields of cyber-security and virtual privacy. Years of experience enable him to provide readers with important information and adequate solutions for the latest software and malware problems.


    Leave a Comment

    We are here to help! Use SpyHunter to remove malware in under 15 minutes.

    Not Your OS? Download for Windows® and Mac®.

    * See Free Trial offer details and alternative Free offer here.

    ** SpyHunter Pro receives additional removal definitions and manual fixes through its HelpDesk in cases where they are needed.

    Spyware Helpdesk 1