.EMPTY Files Virus – How to Remove and Decrypt Files for Free
THREAT REMOVAL

.EMPTY Files Virus – How to Remove and Decrypt Files for Free

OFFER

SCAN YOUR PC
with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by .EMPTY File Virus and other threats.
Threats such as .EMPTY File Virus may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

This article aims to provide instructions and information on how to remove .EMPTY file ransomware virus and how to restore files that have been encrypted by it.

The CryptoMix family of ransomware viruses has received new update and this time it uses the .EMPTY file extension. The ransomware aims to encrypt each important file on your computer leaving behind a ransom note. The note demands to contact the cybercriminals on one of three different e-mails provided and eventually receive further instructions on how to pay ransom In return of the encrypted file.

Threat Summary

Name.EMPTY File Virus
TypeRansomware, Cryptovirus
Short DescriptionEncrypts the files on the infected computer and then demands victims to pay a hefty ransom fee in order to decrypt them. Decryptable for free.
SymptomsFiles are encrypted with the added .EMTPY file extension as the picture above displays. Users are asked to contact the cyber-criminals via e-mail.
Distribution MethodSpam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by .EMPTY File Virus

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss .EMPTY File Virus.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

.EMPTY Files Virus – How Does It Spread

For this virus to be widespread it may us various different methods, the main of which may be e-mail spam. The e-mail messages that may spam the .EMPTY ransomware virus may contain convincing statements whose end goal is to get the victim of the ransomware virus to open the malicious infection file, like the example statement below:

  • Financial Activity Statement Keep track of your account with your latest Online Financial Statement from NatWest Bank.
  • Please download and view Microsoft Word attachment.
  • So check out your statement right away, or at your earliest convenience.
  • Thank you for managing your account online. Sincerely, NatWest Bank.

Besides an infected Microsoft Word document that may contain malicious macros, the e-mails may also carry other type of malicious executables, one of which has been reported on VirusTotal.com to be the following:

.EMPTY File Virus – More Information

Once the victim becomes infected with the .EMPTY variant of CryptoMix, the virus may initially drop the malicious files on the user’s computer. The files may exist under different names and be located in the commonly targeted Windows folders below:

After the files of .EMPTY ransomware are dropped on the user’s computer, the malware may begin it’s malicious activity. It executes the payload files which run in the background as processes. Those files are obfuscated so that any security software running on the computer fails to detect them. They contain multiple functions within them that take advantage of critical Windows components. These functions may result in .EMPTY ransomware to modify crucial registry entries on the user’s computer, adding registry strings to change different Windows settings. One of the strings added may be located in the Run and RunOnce Windows registry sub-keys, responsible for running malicious files automatically on Windows start up. The sub-keys have the following location:

• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

Not only this, but the .EMPTY files variant of CryptoMix may also execute a batch (.bat) file that may delete the shadow volume copies on the compromised computer. This file may contain the following administrative Windows command:

→ process call create “cmd.exe /c
vssadmin.exe delete shadows /all /quiet
bcdedit.exe /set {default} recoveryenabled no
bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures

Among the files that may be executed may also be the ransom note dropped by the .EMPTY virus. It has the following contents:

Hello!
Attention! All Your data was encrypted!
For specific information, please send us an email with Your ID number:
[email protected]
[email protected]
[email protected]
We will help You as soon as possible!

The virus then proceeds to encrypt the files on the infected computer, resulting in them appearing with the .EMPTY file extension. Luckily most CryptoMix ransomware variants are decryptable without you having to pay any ransom at all. Continue reading this article to learn how to remove the virus and decrypt your files for free.

Remove .EMPTY CryptoMix from Your PC

Before beginning to remove this virus, we strongly suggest you to backup all of your encrypted files, just in case. Then, you can proceed removing the .EMPTY files ransomware from your computer, preferably by following the instructions underneath.

Note! Your computer system may be affected by .EMPTY File Virus and other threats.
Scan Your PC with SpyHunter
SpyHunter is a powerful malware removal tool designed to help users with in-depth system security analysis, detection and removal of threats such as .EMPTY File Virus.
Keep in mind, that SpyHunter’s scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter’s malware removal tool to remove the malware threats. Read our SpyHunter 5 review. Click on the corresponding links to check SpyHunter’s EULA, Privacy Policy and Threat Assessment Criteria.

To remove .EMPTY File Virus follow these steps:

1. Boot Your PC In Safe Mode to isolate and remove .EMPTY File Virus files and objects
2. Find files created by .EMPTY File Virus on your PC

Use SpyHunter to scan for malware and unwanted programs

3. Scan for malware and unwanted programs with SpyHunter Anti-Malware Tool
4. Try to Restore files encrypted by .EMPTY File Virus

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...