.disposed2017 File Ransomware (SamSam) – Recover Files - How to, Technology and PC Security Forum | SensorsTechForum.com

.disposed2017 File Ransomware (SamSam) – Recover Files

This article aims to show you how to remove SamSam ransomware virus and how to recover .disposed2017 encrypted files without paying the ransom.

A new version of the decryptable SamSam ransomware has come out, dropping a ransom note after encrypting files. The virus demands a hefty ransom to be paid to the cyber-criminals in order to restore files it has previously encrypted on their computers with an added .disposed 2017 file suffix to those files. After doing so, the virus drops a ransom note, named PLEASE-README-HOWTO-RECOVERY.html file which asks victims to go to a Tor-based website where they can pay in BitCoins to recover their files. Luckily the virus is decryptable. Read this article to learn how to firstly remove this virus and then decrypt your files for free.

Threat Summary

Name.disposed2017 SamSam Virus
TypeRansomware, Cryptovirus
Short DescriptionEncrypts files on the infected computer and asks victims to visit a TOR-based website and pay a ransom fee to get the encrypted files decrypted once again.
SymptomsEncrypts files adding the .disposed2017 file extension and drops a ransom note, named PLEASE-README-HOWTO-RECOVERY.html with instructions.
Distribution MethodSpam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by .disposed2017 SamSam Virus


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss .disposed2017 SamSam Virus.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.


SamSam Ransomware – More Information

In order to infect users, SamSam ransomware may use the following methods:

  • Spam e-mails that have malicious e-mail attachments in them or web links.
  • Malicious links posted online as comments or replies.
  • Fake setups or programs uploaded on suspicious software download sites.

The malicious files are reported to be the following:

→ Valley2.exe with SHA256: 642276c4a397ca62cd6614627c3dfa370452c5b37a13fa13be84fb9cdbc39d55
ConsoleApplication2.exe with SHA256: 4b5f9b1e8c82e0b0a434a83a5d947a69860fd7846673570eb623af01876959ab

After the victim clicks on the malicious file, the SamSam virus drops malicious files in multiple important Windows folders, such as:

  • %AppData%
  • %Local%
  • %Roaming%
  • %LocalLow%
  • %Temp%

After the files are dropped, the virus executes a process which encrypts the files, adding the .disposed2017 file extension. The encrypted files look like the following:

After the files are encrypted, a ransom note file is dropped, named PLEASE-README-HOWTO-RECOVERY.html.

How to Remove and Decrypt .disposed2017 Files Virus

Before actually beginning to decrypt this ransomware infection from your computer system you should focus on removing the virus from your computer. The best and fasted method to do this is to remove it using an advanced anti-malware tool which will take care of the removal for you.

Automatically remove .disposed2017 SamSam Virus by downloading an advanced anti-malware program

1. Remove .disposed2017 SamSam Virus with SpyHunter Anti-Malware Tool and back up your data

After doing so, you can use the alternative methods for file recovery below. They are specifically designed to help you with the file recovery process of SamSam without you having to pay the ransom. As always, those methods are not a guarantee you will recover all of your files, but they can help you restore as many files as possible and this is why it is recommended to backup the encrypted files before beggining.

2. Restore files encrypted by .disposed2017 SamSam Virus

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share