A new version of the decryptable SamSam ransomware has come out, dropping a ransom note after encrypting files. The virus demands a hefty ransom to be paid to the cyber-criminals in order to restore files it has previously encrypted on their computers with an added .disposed 2017 file suffix to those files. After doing so, the virus drops a ransom note, named PLEASE-README-HOWTO-RECOVERY.html file which asks victims to go to a Tor-based website where they can pay in BitCoins to recover their files. Luckily the virus is decryptable. Read this article to learn how to firstly remove this virus and then decrypt your files for free.
|Name||.disposed2017 SamSam Virus|
|Short Description||Encrypts files on the infected computer and asks victims to visit a TOR-based website and pay a ransom fee to get the encrypted files decrypted once again.|
|Symptoms||Encrypts files adding the .disposed2017 file extension and drops a ransom note, named PLEASE-README-HOWTO-RECOVERY.html with instructions.|
|Distribution Method||Spam Emails, Email Attachments, Executable files|
|Detection Tool|| See If Your System Has Been Affected by .disposed2017 SamSam Virus |
Malware Removal Tool
|User Experience||Join Our Forum to Discuss .disposed2017 SamSam Virus.|
|Data Recovery Tool||Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
SamSam Ransomware – More Information
In order to infect users, SamSam ransomware may use the following methods:
- Spam e-mails that have malicious e-mail attachments in them or web links.
- Malicious links posted online as comments or replies.
- Fake setups or programs uploaded on suspicious software download sites.
The malicious files are reported to be the following:
→ Valley2.exe with SHA256: 642276c4a397ca62cd6614627c3dfa370452c5b37a13fa13be84fb9cdbc39d55
ConsoleApplication2.exe with SHA256: 4b5f9b1e8c82e0b0a434a83a5d947a69860fd7846673570eb623af01876959ab
After the victim clicks on the malicious file, the SamSam virus drops malicious files in multiple important Windows folders, such as:
After the files are dropped, the virus executes a process which encrypts the files, adding the .disposed2017 file extension. The encrypted files look like the following:
After the files are encrypted, a ransom note file is dropped, named PLEASE-README-HOWTO-RECOVERY.html.
How to Remove and Decrypt .disposed2017 Files Virus
Before actually beginning to decrypt this ransomware infection from your computer system you should focus on removing the virus from your computer. The best and fasted method to do this is to remove it using an advanced anti-malware tool which will take care of the removal for you.
Automatically remove .disposed2017 SamSam Virus by downloading an advanced anti-malware program
After doing so, you can use the alternative methods for file recovery below. They are specifically designed to help you with the file recovery process of SamSam without you having to pay the ransom. As always, those methods are not a guarantee you will recover all of your files, but they can help you restore as many files as possible and this is why it is recommended to backup the encrypted files before beggining.