AES-NI Virus - Decrypt Files for Free (Update May 2017) - How to, Technology and PC Security Forum | SensorsTechForum.com
THREAT REMOVAL

AES-NI Virus – Decrypt Files for Free (Update May 2017)

Article created to explain how to remove AES-NI ransomware from your computer and decrypt AES_NI encrypted files for free.

Update May 2017! A decrypter has been developed for a ransomware virus, known by many as AES-NI ransomware. The infection aims to apply ECB encryption mode with the AES-256 algorithm on the important files of the encrypted computer after which immediately drops a ransom note to ask victims to pay ransom to get them back. If you have become a victim of the AES-NI ransomware infection, we recommend you to read the article below. It will help you remove the virus from your computer and decrypt files encrypted by AES-NI ransomware without having to pay the ransom fee.

Threat Summary

Name

AES-NI

TypeRansomware
Short DescriptionEncrypts important documents and other files on computers it infects. Asks for a ransom to be paid.
SymptomsThe victim may see a ransom note, named !!! READ THIS – IMPORTANT !!!.txt and the files encrypted with and added .aes-ni file extension.
Distribution MethodVia an Exploit kit, Dll file attack, malicious JavaScript or a drive-by download of the malware itself in an obfuscated manner.
Detection Tool See If Your System Has Been Affected by AES-NI

Download

Malware Removal Tool

User ExperienceJoin our forum to Discuss AES-NI.

AES-NI Ransomware – Quick Background

When it was initially detected, security experts have established that the AES-NI ransomware was spread via a massive campaign, using different methods. The main method by which the virus was reported to spread is via spam e-mails, containing a deceitful message within them, such as the example below:

After infection with AES-NI is inevitable, the ransomware drops multiple different files on the infected computer:

  • !!! READ THIS – IMPORTANT !!!.txt
  • .key.aes_ni files
  • Exectuable files located in the %System Drive%, %AppData% or %Windows% folders.

Then, the AES-NI virus tampers with the Volume Shadow Copies of the infected computer to make restoring the files using them impossible. AES-NI ransomware also may attack the Windows registry editor, more specifically the Run and RunOnce registry sub-keys. After this has been performed, the virus may begin the encryption procedure, which is orchestrated by ECB encryption mode. It replaces blocks of data from the files, to make them no longer openable. After encryption, the files may look like one of the following, depending on the variant of AES-NI ransomware used to infect:

Fortunately, malware researchers have come up with a decrypter for this one. Keep reading this article to learn how to remove AES-NI ransomware and decrypt your files without having to pay the cyber-criminals.

Remove AES-NI Ransomware

Before downloading and installing the decrypter, we advise you to remove this ransomware virus from your computer. The removal process can be conducted via multiple different approaches like the manual and automatic instructions we have created below. In case you lack the experience in malware removal, security experts advise to download anti-malware scanner in order to remove AES-NI automatically.

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...