.disposed2017 File Ransomware (SamSam) – Recover Files - How to, Technology and PC Security Forum | SensorsTechForum.com

.disposed2017 File Ransomware (SamSam) – Recover Files

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

This article aims to show you how to remove SamSam ransomware virus and how to recover .disposed2017 encrypted files without paying the ransom.

A new version of the decryptable SamSam ransomware has come out, dropping a ransom note after encrypting files. The virus demands a hefty ransom to be paid to the cyber-criminals in order to restore files it has previously encrypted on their computers with an added .disposed 2017 file suffix to those files. After doing so, the virus drops a ransom note, named PLEASE-README-HOWTO-RECOVERY.html file which asks victims to go to a Tor-based website where they can pay in BitCoins to recover their files. Luckily the virus is decryptable. Read this article to learn how to firstly remove this virus and then decrypt your files for free.

Threat Summary

Name.disposed2017 SamSam Virus
TypeRansomware, Cryptovirus
Short DescriptionEncrypts files on the infected computer and asks victims to visit a TOR-based website and pay a ransom fee to get the encrypted files decrypted once again.
SymptomsEncrypts files adding the .disposed2017 file extension and drops a ransom note, named PLEASE-README-HOWTO-RECOVERY.html with instructions.
Distribution MethodSpam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by .disposed2017 SamSam Virus


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss .disposed2017 SamSam Virus.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.


SamSam Ransomware – More Information

In order to infect users, SamSam ransomware may use the following methods:

  • Spam e-mails that have malicious e-mail attachments in them or web links.
  • Malicious links posted online as comments or replies.
  • Fake setups or programs uploaded on suspicious software download sites.

The malicious files are reported to be the following:

→ Valley2.exe with SHA256: 642276c4a397ca62cd6614627c3dfa370452c5b37a13fa13be84fb9cdbc39d55
ConsoleApplication2.exe with SHA256: 4b5f9b1e8c82e0b0a434a83a5d947a69860fd7846673570eb623af01876959ab

After the victim clicks on the malicious file, the SamSam virus drops malicious files in multiple important Windows folders, such as:

  • %AppData%
  • %Local%
  • %Roaming%
  • %LocalLow%
  • %Temp%

After the files are dropped, the virus executes a process which encrypts the files, adding the .disposed2017 file extension. The encrypted files look like the following:

After the files are encrypted, a ransom note file is dropped, named PLEASE-README-HOWTO-RECOVERY.html.

How to Remove and Decrypt .disposed2017 Files Virus

Before actually beginning to decrypt this ransomware infection from your computer system you should focus on removing the virus from your computer. The best and fasted method to do this is to remove it using an advanced anti-malware tool which will take care of the removal for you.

Automatically remove .disposed2017 SamSam Virus by downloading an advanced anti-malware program

1. Remove .disposed2017 SamSam Virus with SpyHunter Anti-Malware Tool and back up your data

Remove .disposed2017 SamSam Virus with SpyHunter Anti-Malware Tool

1. Install SpyHunter to scan for and remove .disposed2017 SamSam Virus.2. Scan with SpyHunter to Detect and Remove .disposed2017 SamSam Virus. Back up your data to secure it against infections and file encryption by .disposed2017 SamSam Virus in the future.
Step 1:Click on the “Download” button to proceed to SpyHunter’s download page.

It is highly recommended to run a scan before purchasing the full version of the software to make sure that the current version of the malware can be detected by SpyHunter.

Step 2: Guide yourself by the download instructions provided for each browser.
Step 3: After you have installed SpyHunter, wait for it to automatically update.


Step1: After the update process has finished, click on the ‘Scan Computer Now’ button.
Step2: After SpyHunter has finished scanning your PC for any .disposed2017 SamSam Virus files, click on the ‘Fix Threats’ button to remove them automatically and permanently.
Step3: Once the intrusions on your PC have been removed, it is highly recommended to restart it.

Back up your data to secure it against attacks in the future

IMPORTANT! Before reading the Windows backup instructions, we highly recommend to back up your data automatically with cloud backup and insure it against any type of data loss on your device, even the most severe. We recommend reading more about and downloading SOS Online Backup .

After doing so, you can use the alternative methods for file recovery below. They are specifically designed to help you with the file recovery process of SamSam without you having to pay the ransom. As always, those methods are not a guarantee you will recover all of your files, but they can help you restore as many files as possible and this is why it is recommended to backup the encrypted files before beggining.

2. Restore files encrypted by .disposed2017 SamSam Virus

Restore Files Encrypted by .disposed2017 SamSam Virus

Ransomware infections like .disposed2017 SamSam Virus aim to encrypt your files using an encryption algorithm which may be very difficult to directly decrypt. This is why we have suggested several alternative methods that may help you go around direct decryption and try to restore your files. Bear in mind that they may not be 100% effective but they may help you little or a lot in some situations.

Method 1: Scanning your drive’s sectors by using Data Recovery software.
Another method of restoring your files is by trying to bring back your files via data recovery software. Here are some suggestions for preferred data recovery software solutions:

Method 2: Trying Kaspersky and EmsiSoft’s decryptors.
If the first method does not work, we suggest trying to use decryptors for other ransomware viruses, in case your virus is a variant of them. The two primary developers of decryptors are Kaspersky and EmsiSoft, links to which we have provided below:

Urgent! It is strongly advisable to first remove the .disposed2017 SamSam Virus threat before attempting any decryption, since it may interfere with system files and registries. You can do the removal yourself just in 5 minutes, using an advanced malware removal tool.

Method 3: Using Shadow Explorer

To restore your data in case you have backup set up, it is important to check for shadow copies in Windows using this software if ransomware has not deleted them:

Method 4: Finding .disposed2017 SamSam Virus decryption key while it communicates it via a network sniffing software.

Another way to decrypt the files is by using a Network Sniffer to get the encryption key, while files are encrypted on your system. A Network Sniffer is a program and/or device monitoring data traveling over a network, such as its internet traffic and internet packets. If you have a sniffer set before the attack happened you might get information about the decryption key. See how-to instructions below:


Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share