Decrypt Files Encrypted by Amnesia Ransomware (Update May 2017) - How to, Technology and PC Security Forum |

Decrypt Files Encrypted by Amnesia Ransomware (Update May 2017)

This article aims to show you how to fully delete Amnesia ransomware from your computer and decrypt .amnesia and other encrypted files.

A ransomware virus, by the name of Amnesia has been roaming around infecting users and demanding 0.5 BTC to be paid as a ransom to restore the damage done by it. And the damage is not little – Amnesia ransomware aims to attack only the important files on an infected PC to encrypt them and make them no longer openable. Lucky, there is a method to decrypt files encrypted by this virus, thanks to Emsisoft researchers. In case your computer has been infected by Amnesia ransomware, read this article to remove the ransomware threat and restore your files in the event that they have been encrypted.

Threat Summary



Short DescriptionEncrypts important files on the compromised computers and then demands a hefty ransom fee to be paid to get the unlock code.

SymptomsThe victim may not be able to open the files. The files may either be completely renamed or have the .amnesia extension added.
Distribution MethodVia an Exploit kit, Dll file attack, malicious JavaScript or a drive-by download of the malware itself in an obfuscated manner.
Detection Tool See If Your System Has Been Affected by Amnesia


Malware Removal Tool

User ExperienceJoin our forum to Discuss Amnesia.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

Amnesia Ransowmare – More Information

Discovered in the beginning of May 2017, Amnesia ransomware has been released in several variants.

Amnesia Virus Variant 1.0

One of the variants has reportedly used the ransom note, named HOW TO RECOVER ENCRYPTED FILES.TXT and the ransom note had the following message, including a unique victim ID:

Vour personal ID: {UNIQUE ID}
Attention! What happened?
Vour documents, databases and other important data has been encrypted.
IF you want to restore Files send an email to:
In a letter to indicate your personal identiFier (see in the beginning of this document).
Do not attempt to remove the program or run the anti-virus tools.
attempts to self-decrypting files will result in the loss of your data.
Decoders are not compatible with other users of your data, because each user’s unique encryption key.

The extension of encrypted files that this ransomware variant was reported to use are .amnesia. After encryption, the files appear like the following:

Amnesia Virus Variant 1.1

The second iteration of Amnesia ransomware came with several different changes. Some of those changes were in the ransom note file used by the virus, which demands the sum of 0.5 BTC to buy the decryptor in an .HTML file, named RECOVER-FILES.HTML. It has the following message to victims:

Your files are Encrypted!
For data recovery needs decryptor.
To buy the decryptor, you must pay the cost of 0.5 Bitcoin
[Buy Decryptor] button
Free decryption as guarantee.
Before paying you can send us 1 file for free decryption.
To send a message or file use this form:

The most radical changes of this Amnesia ransomware variant were in the files. The ransomware completely renames files to a number, after which a randomly generated name and then a two digit file extension, for example .05. An encrypted file by this variant of Amnesia ransomware would look like the following:

Thankfully, it is now possible to decrypt files that have been encrypted by Amnesia ransomware, and all that it takes is one original file and it’s encrypted analogue to restore all of the files for free. But first, you need to remove the ransomware from your computer. To remove Amnesia ransomware and then decrypt your files, please follow the instructions below.

Amnesia Ransomware – Removal

First, before begging to decrypt your files, it is very important to try and remove the virus. One method to do it is if you follow the manual decryption instructions below. However, bear in mind that experts strongly advise using and advanced anti-malware software to remove everything associated with Amnesia permanently.


Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Follow Me:

1 Comment

  1. AvatarJuan Peñuela

    Si los archivos encriptados son en excel o word?


Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share