Malware may reinstall itself multiple times if you don't delete its core files. This may require tracking down dozens of files in different locations.
We recommend downloading Restoro to eradicate Malware for you (it should cut down the time to about 15 minutes).
Getting the virus off from your computer won’t recover the encrypted files affected by the Ransomware. This article will guide you on how to decrypt those encrypted files. We have provided step-by-step instructions on how to do it.
Step 1: Eliminate the virus. (If you haven’t checked out the article about this, please do, the article is entitled “Removing BlackSnow Virus” and if you can’t remove the virus yourself, it’s best to download SpyHunter).
Step 2: Shadow Clone Restoration. You know what they say, prevention is better than cure, same goes to your files, it’s best they have backups that is located to a different location to save you the trouble of going over these steps. You can also use software like Data Recovery Pro which uses shadow volume copies that helps in restoring your files.
Step 3: Find out what type of Ransomware is in your computer. With the help of ID Ransomware; a free online service that will help you identify the kind of Ransomware on your computer. All you have to do is upload the ransom note that you can usually find in your computer’s desktop together with the encrypted files.
Step 4: Decrypting the encrypted files. Be warned, the decryption process don’t always work 100% of the time, but it’s definitely a solution that’s worth the shot. Before proceeding, as stated in Step 2, creating backups for all files would be best.
- Autolocky – file extension: .locky
- Nemucod – file extension: .crypted
- DMALocker2 – file extension: unchanged
- DMALocker – file extension: unchanged
- Gomasom – file extension: .crypt
- LeChiffre – file extension: .lechiffre
- KeyBTC – file extension: .keybtc@inbox_com
- Radamant – file extension: .rdm or .rrk
- PClock – file extension: unchanged
- CryptoDefense – file extension: unchanged
- Harasom – file extension: .HTML
- Decrypt Protect – file extension: .HTML
- Apocalypse – .encrypted
- ApocalypseVM variant – .ecrypted .locked
- Xorist – .cerber (for the Cerber ransomware including .cerber and .cerber2 look below)
- Globe ransomware – .globe
- MRCR or Merry Christmas/Merry Xmas – .pegs1 , .mrcr1 , .rare1 , .merry , .rmcm1
- HydraCrypt and UmbreCrypt – file extension: .hydracrypt and .umbrecrypt
- Petya password generator – no extension, whole HDD is locked
- Operation Global III – file extension: .exe
- TeslaCrypt – file extensions: .ECC , .EXX , and .EZZ
- TeslaCrypt – file extensions: .micro, .xxx, .ttt, .mp3 or “unchanged”
- BitCryptor and CoinVault – file extension: 7z.encrypted
- CrySiS –file extensions: .crysis and .crysis2 (You can also use the Rakhni decryptor for this one listed below).
- Rector – file extension: unknown
- Rakhni – file extension: .locked
.kraken; .nochance; .oshit; .oplata@qq_com; .relock@qq_com; .crypto; .firstname.lastname@example.org; .pizda@qq_com; .dyatel@qq_com; .crypt; .nalog@qq_com; .hifrator@qq_com; .gruzin@qq_com; .troyancoder@qq_com; .encrypted; .cry .AES256; .enc; .coderksu@gmail_com_id371;
.coderksu@gmail_com_id372 .coderksu@gmail_com_id374; .coderksu@gmail_com_id375; .coderksu@gmail_com_id376; .coderksu@gmail_com_id392; .coderksu@gmail_com_id357; .coderksu@gmail_com_id356; .coderksu@gmail_com_id358; .coderksu@gmail_com_id359; .coderksu@gmail_com_id360; .coderksu@gmail_com_id20; .email@example.com_characters; .hb15;
._date-time_$address@domain$.777; .xxx; .ttt; .micro; .mp3
- Scatter – file extensions: .pzdc .crypt .good
- Xorist – file extension: unknown
- Rannoh – possible file extensions: locked-<original_name>.<four_random_letters> ; <original_name>@<mail server>_<random_set_of_characters> ; <original_name>.crypt
- Dharma Ransomware – file extension: .dharma (Use the Rakhni decryptor for this).
Trend Micro’s Decrypter will allow you to decrypt files affected by:
- TeslaCrypt(v3, v4) – extensions: .micro, .xxx, .ttt, .mp3 or “unchanged ”
- AutoLocky – extension: .locky
- SNSLockeр – extension: .RSNSlocked
- CryptXXX (v1, v2, v3) – extension: .crypt
- Jigsaw – file extensions: .fun; .kkk; .gws; .btc; .PAYSM
- CryptXXX – file extensions: .crypz and .crypt1 ONLY
- Breaking Bad themed ransomware with the following file extensions: .xtbl, .ytbl, .breaking_bad, .heisenberg.
- Cerber ransomware file extensions: .cerber and .cerber2
Step 5: Wait for any available solution.