Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Remove OpenToYou Virus and Decrypt .-opentoyou@india.com Files

This article will help you remove OpenToYou virus effectively and decrypt your data. Follow the ransomware removal guide provided at the end of the article.

OpenToYou is the name of a ransomware virus written in the Delphi programming language. Your files will get encrypted with the RC4 (Rivest Cipher 4) encryption algorithm and receive the .-opentoyou@india.com extension when the encryption is complete. Afterward, the OpenToYou cryptovirus displays a ransom note. Read on to see how you can decrypt your files.

Threat Summary

Name OpenToYou
Type Ransomware
Short Description The ransomware encrypts files on your computer with the RC4 algorithm and displays a ransom message after the process is finished.
Symptoms The ransomware will encrypt your files and put the .-opentoyou@india.com extension on all of them.
Distribution Method Spam Emails, Email Attachments
Detection Tool See If Your System Has Been Affected by OpenToYou

Download

Malware Removal Tool

User Experience Join Our Forum to Discuss OpenToYou.
Data Recovery Tool Data Recovery Pro by ParetoLogic Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

OpenToYou Virus – Distribution Ways

The OpenToYou virus can be distributed through different ways. The payload file which executes the malicious script of this ransomware, that in turn infects your computer system has been seen on the Web. You can take a peek on the malware analysis of the VirusTotal service for that same executable file of the OpenToYou ransomware, from the snapshot here below:

OpenToYou virus could also be distributing that payload file on social media networks and file-sharing services for wider coverage. A big number of freeware programs could be promoted as being useful on the Internet, but might also be hiding the malicious script of the virus in question. Refrain from opening files immediately after you have downloaded them, especially ones that come from suspicious sources such as emails and links. First, you should perform a scan on them with a security program. Be sure to also check their size and signatures for anything that seems out of the ordinary. You should check out the tips for ransomware prevention from the corresponding forum topic.

OpenToYou Virus – Technical Information

OpenToYou is the name of a ransomware which is also a cryptovirus. It will encrypt files on your computer device while appending the exact same extension to them when the process is complete. The RC4 encryption algorithm is used. The virus is written on the Delphi programming language, just like other ones, e.g. Telecrypt ransomware.

OpenToYou ransomware could make entries in the Windows Registry to achieve persistence. These registry entries are typically designed in a way to launch the virus automatically with each boot of the Windows operating system.

The ransom note is located in a file called !!!.txt and shows a similar message in a lockscreen after the encryption process is done. Some files connected to the ransomware will be located in the directory C:\Logs\. The note and the screen share the same simplistic text, which you can see from the screenshot down here:

That ransom note reads the following:

Your files are encrypted!
To decrypt write on email – opentoyou@india.com
Identification key – 5E1C0884

The cyber crooks have kept the ransom note simple with that short message, but that can still be effective. However, no matter what you do, you should NOT in any circumstances contact the cybercriminals. They will only try to negotiate a price for you to pay for unlocking your data. Nothing can guarantee that you will restore your files upon payment. Keep in mind that supporting these criminals financially, you will end up in giving them more motivation to create other ransomware or do different criminal acts. Also, the ransomware is decryptable, and there is already a solution, so keep on reading below to find out how to decrypt your files for free.

Directories which will be skipped and not get encrypted are the following:

  • C:\$Recycle.Bin
  • C:\Logs
  • C:\Users\All Users
  • C:\Windows
  • C:\ProgramData
  • C:\Program Files
  • C:\Program Files (x86)
  • C:\nVidia
  • C:\Intel
  • C:\Boot
  • C:\bootmgr
  • C:\PerfLogs
  • C:\Drivers
  • C:\MSOCache
  • C:\Program instal
  • %USERPROFILE%\AppData

The algorithm used for the encryption of the files is called RC4 a.k.a. Rivest Cipher 4, named after its creator Ronald Rivest. The OpenToYou ransomware searches to encrypt files that have the following extensions:

→.3ds, .3fr, .4db, .7z, .7zip, .accdb, .accdt, .aes, .ai, .apk, .arch00, .arj, .arw, .asset, .avi, .bar, .bay, .bc6, .bc7, .big, .bik, .bkf, .bkp, .blob, .bpw, .bsa, .cas, .cdr, .cer, .cfr, .cr2, .crp, .crt, .crw, .css, .csv, .d3dbsp, .das, .dazip, .db0, .dba, .dbf, .dbx, .dcr, .der, .desc, .dmp, .dng, .doc, .docm, .docx, .dot, .dotm, .dotx, .dwfx, .dwg, .dwk, .dxf, .dxg, .eml, .epk, .eps, .erf, .esm, .ff, .flv, .forge, .fos, .fpk, .fsh, .gdb, .gho, .gpg, .gxk, .hkdb, .hkx, .hplg, .hvpl, .ibank, .icxs, .idx, .ifx, .indd, .iso, .itdb, .itl, .itm, .iwd, .iwi, .jpe, .jpeg, .jpg, .js, .kdb, .kdbx, .kdc, .key, .kf, .ksd, .layout, .lbf, .litemod, .lrf, .ltx, .lvl, .m2, .m3u, .m4a, .map, .max, .mcmeta, .mdb, .mdbackup, .mddata, .mdf, .mef, .menu, .mlx, .mov, .mp3, .mp4, .mpd, .mpp, .mpqge, .mrwref, .myo, .nba, .nbf, .ncf, .nrw, .nsf, .ntl, .nv2, .odb, .odc, .odm, .odp, .ods, .odt, .ofx, .orf, .p12, .p7b, .p7c, .pak, .pdb, .pdd, .pdf, .pef, .pem, .pfx, .pgp, .pkpass, .png, .ppj, .pps, .ppsx, .ppt, .pptm, .pptx, .prproj, .psd, .psk, .pst, .psw, .ptx, .py, .qba, .qbb, .qbo, .qbw, .qdf, .qfx, .qic, .qif, .raf, .rar, .raw, .rb, .re4, .rgss3a, .rim, .rofl, .rtf, .rw2, .rwl, .saj, .sav, .sb, .sdf, .sid, .sidd, .sidn, .sie, .sis, .sko, .slm, .snx, .sql, .sr2, .srf, .srw, .sum, .svg, .sxc, .syncdb, .t12, .t13, .tar, .tax, .tbl, .tib, .tor, .txt, .upk, .vcf, .vdf, .vfs0, .vpk, .vpp_pc, .vtf, .w3x, .wallet, .wb2, .wdb, .wma, .wmo, .wmv, .wotreplay, .wpd, .wps, .x3f, .xf, .xlk, .xls, .xlsb, .xlsm, .xlsx, .xml, .xxx, .zip, .ztmp

All of the files that become encrypted will receive the same extension appended to them, which is .-opentoyou@india.com.

The OpenToYou cryptovirus is very likely going to delete the Shadow Volume Copies from any Windows operating system by using the following command:

→vssadmin.exe delete shadows /all /Quiet

Read further to see how you can decrypt your files without for free.

Remove OpenToYou Virus and Decrypt .-opentoyou@india.com Files

If your computer got infected with the OpenToYou ransomware virus, you should have some experience in removing malware. You should get rid of this ransomware as fast as possible before it can have the chance to spread further and infect more computers. You should remove the ransomware and follow the step-by-step instructions guide provided below.

Manually delete OpenToYou from your computer

Note! Substantial notification about the OpenToYou threat: Manual removal of OpenToYou requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove OpenToYou files and objects
2.Find malicious files created by OpenToYou on your PC

Automatically remove OpenToYou by downloading an advanced anti-malware program

1. Remove OpenToYou with SpyHunter Anti-Malware Tool and back up your data
2. Restore files encrypted by OpenToYou
Optional: Using Alternative Anti-Malware Tools

Berta Bilbao

Berta is the Editor-in-Chief of SensorsTechForum. She is a dedicated malware researcher, dreaming for a more secure cyber space.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.