Clouded Ransomware – Remove and Restore .Cloud Files

This article will aid you to remove Clouded ransomware absolutely. Follow the ransomware removal instructions provided at the end of the article.

Clouded ransomware is the name of a cryptovirus. The extension it puts to all files after encryption is .cloud. After encryption, a ransom note will be displayed with instructions on how to pay the demanded ransom. The name of the Clouded ransomware virus is put in that note. Read on through and find out what ways you could try to potentially recover some of your data.

Threat Summary

NameClouded
TypeRansomware
Short DescriptionThe ransomware encrypts files on your computer system and it shows a ransom note afterward.
SymptomsThis ransomware virus will encrypt your files and place the .cloud extension on each one of them.
Distribution MethodSpam Emails, Email Attachments
Detection Tool See If Your System Has Been Affected by Clouded

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss Clouded.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

Clouded Ransomware – Distribution Tactics

The Clouded ransomware might be distributed by utilizing different tactics. The payload dropper file which initiates the malicious script for the ransomware infection is seen circling the Internet. Malware researchers have found a sample of the payload which could infect users and you can preview its analysis on the VirusTotal service here below:

The Clouded ransomware might be using other ways to deliver the payload file, such as social media and file-sharing sites. Freeware applications found on the Web could be promoted as helpful but also could hide the malicious script for this virus. Before opening any files after you have downloaded them, you should instead scan them with a security program. Especially if they come from suspicious places, such as emails or links. Also, don’t forget to check the size and signatures of such files for anything that seems out of place. You should read the ransomware prevention tips given in the forum section.

Clouded Ransomware – In-Depth Overview

The Clouded ransomware is a cryptovirus, which was named that way by the people who created it. After the Clouded ransomware encrypts your files, it will place the .cloud extension to every one of them. Then, a ransom note will be displayed with payment instructions.

The Clouded ransomware could make new registry entries in the Windows Registry to achieve a higher level of persistence. Those entries are usually designed in a way that will start the virus automatically with every launch of the Windows Operating System, like in the example provided below, such as the example given down here:

→“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run”

The ransom message will be placed inside your computer system. The following message will show up:

This is what the ransom message with instructions reads:

All your documents have been encrypted by the Clouded ransomware!
Any new files will deleted, so do not try to download or move/copy files to this computer!
– How do I decrypt my files?
– In order to decrypt your files, you must pay atleast 0.1 BTC to the Bitcoin address
1FoRjcEbKfL949gKGE7Etk7sKPtYJq7QVy and press “Check and Decrypt”.
– What’s Bitcoin?
– It’s a cryptocurrency and an electronic payment system. More information at
https://en.wikipedia.org/wiki/Bitcoin
Check and Decrypt
IMPORTANT: DO NOT turn off your computer while this screen is displayed or your files will be lost forever!

The developers of the Clouded cryptovirus demand that pay 0.1 Bitcoin, which equates to nearly 158 US dollars. However, you should NOT contact those crooks under any circumstances. Financially supporting the cybercriminals does not guarantee that you will restore your files back to normal. Also, it is generally a bad idea to pay up a ransom, as that might motivate criminals to continue making ransomware viruses. Also, you might get your files encrypted again.

Clouded Ransomware – Encryption Process

There is no official list with file extensions that the Clouded ransomware seeks to encrypt and the article will be updated if such a list is found. However, all files which get encrypted will receive the .cloud extension appended to them. The following files are most likely to get encrypted, as they are the most commonly used ones on Windows:

→.7z, .bmp, .doc, .docm, .docx, .html, .jpeg, .jpg, .mp3, .mp4, .pdf, .php, .ppt, .pptx, .rar, .rtf, .sql, .tiff, .txt, .xls, .xlsx, .zip

Disclaimer! A one-of-a-kind key will be generated for each file that gets encrypted, but no log of those keys is kept anywhere. Thus, if the ransomware is closed, nobody will know with what encryption keys your files are locked with, hence decryption seems impossible.

The Clouded cryptovirus is more than likely to erase the Shadow Volume Copies from the Windows Operating System by executing the following command:

→vssadmin.exe delete shadows /all /Quiet

If the above-stated command is inputted into the command prompt of the Windows operating system, that will make the encryption process more effective, as one of the main ways for file recovery will be gone. Keep reading to find out what methods you can try out to potentially restore some of your data.

Remove Clouded Ransomware and Restore .Cloud Files

If your computer got infected with the Clouded ransomware virus, you should have a bit of experience in removing malware. You should get rid of this ransomware as quickly as possible before it can have the chance to spread further and infect other computers. You should remove the ransomware and follow the step-by-step instructions guide provided below.

Manually delete Clouded from your computer

Note! Substantial notification about the Clouded threat: Manual removal of Clouded requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove Clouded files and objects
2. Find malicious files created by Clouded on your PC

Automatically remove Clouded by downloading an advanced anti-malware program

1. Remove Clouded with SpyHunter Anti-Malware Tool and back up your data
2. Restore files encrypted by Clouded
Optional: Using Alternative Anti-Malware Tools

Berta Bilbao

Berta is the Editor-in-Chief of SensorsTechForum. She is a dedicated malware researcher, dreaming for a more secure cyber space.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.