Decrypt Files Encrypted by Amnesia Ransomware (Update May 2017) - How to, Technology and PC Security Forum | SensorsTechForum.com
THREAT REMOVAL

Decrypt Files Encrypted by Amnesia Ransomware (Update May 2017)

OFFER

SCAN YOUR PC
with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by Amnesia and other threats.
Threats such as Amnesia may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

This article aims to show you how to fully delete Amnesia ransomware from your computer and decrypt .amnesia and other encrypted files.

A ransomware virus, by the name of Amnesia has been roaming around infecting users and demanding 0.5 BTC to be paid as a ransom to restore the damage done by it. And the damage is not little – Amnesia ransomware aims to attack only the important files on an infected PC to encrypt them and make them no longer openable. Lucky, there is a method to decrypt files encrypted by this virus, thanks to Emsisoft researchers. In case your computer has been infected by Amnesia ransomware, read this article to remove the ransomware threat and restore your files in the event that they have been encrypted.

Threat Summary

Name

Amnesia

TypeRansomware
Short DescriptionEncrypts important files on the compromised computers and then demands a hefty ransom fee to be paid to get the unlock code.

SymptomsThe victim may not be able to open the files. The files may either be completely renamed or have the .amnesia extension added.
Distribution MethodVia an Exploit kit, Dll file attack, malicious JavaScript or a drive-by download of the malware itself in an obfuscated manner.
Detection Tool See If Your System Has Been Affected by Amnesia

Download

Malware Removal Tool

User ExperienceJoin our forum to Discuss Amnesia.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

Amnesia Ransowmare – More Information

Discovered in the beginning of May 2017, Amnesia ransomware has been released in several variants.

Amnesia Virus Variant 1.0

One of the variants has reportedly used the ransom note, named HOW TO RECOVER ENCRYPTED FILES.TXT and the ransom note had the following message, including a unique victim ID:

YOUR FILES ARE ENCRVPTED!
Vour personal ID: {UNIQUE ID}
Attention! What happened?
Vour documents, databases and other important data has been encrypted.
IF you want to restore Files send an email to: [email protected]
In a letter to indicate your personal identiFier (see in the beginning of this document).
Attention!
Do not attempt to remove the program or run the anti-virus tools.
attempts to self-decrypting files will result in the loss of your data.
Decoders are not compatible with other users of your data, because each user’s unique encryption key.

The extension of encrypted files that this ransomware variant was reported to use are .amnesia. After encryption, the files appear like the following:

Amnesia Virus Variant 1.1

The second iteration of Amnesia ransomware came with several different changes. Some of those changes were in the ransom note file used by the virus, which demands the sum of 0.5 BTC to buy the decryptor in an .HTML file, named RECOVER-FILES.HTML. It has the following message to victims:

Your files are Encrypted!
For data recovery needs decryptor.
To buy the decryptor, you must pay the cost of 0.5 Bitcoin
[Buy Decryptor] button
Free decryption as guarantee.
Before paying you can send us 1 file for free decryption.
To send a message or file use this form:

The most radical changes of this Amnesia ransomware variant were in the files. The ransomware completely renames files to a number, after which a randomly generated name and then a two digit file extension, for example .05. An encrypted file by this variant of Amnesia ransomware would look like the following:

Thankfully, it is now possible to decrypt files that have been encrypted by Amnesia ransomware, and all that it takes is one original file and it’s encrypted analogue to restore all of the files for free. But first, you need to remove the ransomware from your computer. To remove Amnesia ransomware and then decrypt your files, please follow the instructions below.

Amnesia Ransomware – Removal

First, before begging to decrypt your files, it is very important to try and remove the virus. One method to do it is if you follow the manual decryption instructions below. However, bear in mind that experts strongly advise using and advanced anti-malware software to remove everything associated with Amnesia permanently.

1 Comment

  1. Juan Peñuela

    Si los archivos encriptados son en excel o word?

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...