.##ENCRYPTED_BY_pablukl0cker## Virus – Remove and Restore Files

.##ENCRYPTED_BY_pablukl0cker## Virus – Remove and Restore Files

This article will help you to remove the .##ENCRYPTED_BY_pablukl0cker## virus fully. Follow the ransomware removal instructions at the end of the article.

The .##ENCRYPTED_BY_pablukl0cker## File Virus is in actuality Jigsaw ransomware. The cryptovirus is back with a new ransom screen message and various new pictures. The malware is written with the code of the original malware. The virus has a list with over 120 file extensions that seeks to encrypt. All of the locked files will get the extension .##ENCRYPTED_BY_pablukl0cker## appended to them.

Threat Summary

Name.##ENCRYPTED_BY_pablukl0cker## Virus
TypeRansomware, Cryptovirus
Short DescriptionThe ransomware will encrypt your files and display a screen with the ransom note, which has various themes, including the Anonymous group wearing Guy Fawkes masks.
SymptomsThe ransomware will encrypt files by placing the .##ENCRYPTED_BY_pablukl0cker## extension to all of them.
Distribution MethodSpam Emails, Email Attachments
Detection Tool See If Your System Has Been Affected by .##ENCRYPTED_BY_pablukl0cker## Virus

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss .##ENCRYPTED_BY_pablukl0cker## Virus.

.##ENCRYPTED_BY_pablukl0cker## File Virus – Spread

Jigsaw ransomware could infect computers using different methods for spreading that infection. Spam e-mails could be spreading its payload dropper. Those types of emails will try to convince you that something important is attached as a file to that e-mail. In actuality, the attachment will look like a legitimate document or one that is archived, but it is a file containing a malicious script. If you open that file, it will launch the payload for the ransomware. You can preview the analysis of one such file on the VirusTotal service:

Jigsaw ransomware might be using other methods for spreading, like putting the payload file dropper via social media and file-sharing sites. Freeware applications which roam the Internet could be presented as useful but also could hide the malicious files of this virus. Refrain from opening files after you download them, especially if they come from unverified sources, such as links and e-mails. First, you should scan these files with a security tool, and also make sure to check their sizes and signatures for anything that seems unusual. You should read the ransomware preventing tips topic in the forum.

.##ENCRYPTED_BY_pablukl0cker## File Virus – Details

The Jigsaw ransomware ransomware virus is back with this new variant. This time the theme is based on Anonymous, Death and Shrek as those were all found with this variant. That makes it somewhat different compared to the original Jigsaw ransomware virus.

These are the pictures associated with the current variant of Jigsaw ransomware:

When the Jigsaw virus is initialized, it could modify an existing entry in the Windows Registry or create a new one to achieve a higher level of persistence. That registry entry makes the malware to automatically execute with each launch of the Windows operating system.

Next, a window will pop-up on your screen that shows the following text (ransom):

HELLO VICTIM! ! ! ! !, I’m very sorry, but all your personal files have been encrypted. 🙁
All your documents, videos, pictures, music etc…
And after 72 hours all your encrypted files will be deleted permanently!
But, don’t worry! It will only happen if you don’t comply.
Every hour I select some of them to delete permanently,
therefore I won’t be able to access them, either.
Are you familiar with the concept of exponential growth? Let me help you out.
It starts out slowly then increases rapidly.
During the first 24 hour you will only lose a few files,
the second day a few hundred, the third day a few thousand, and so on.

If you turn off your computer or try to close me, when I start next time
you will get 1000 files deleted as a punishment.
Yes you will want me to start next time, since I am the only one that
is capable to decrypt your personal data for you.
If you have some question, contact us by email: [email protected]

The Jigsaw ransomware scares you that it will delete files from your computer every time you try to close it and that there is nothing else that you can do to prevent that. However, that is a lie. But you should NOT under any circumstances pay any ransom sum as the note is lying to you about the decryption as well – the virus remains decryptable. Supporting cybercriminals is a bad idea as that will only motivate them to do more criminal acts.

.##ENCRYPTED_BY_pablukl0cker## File Virus – Encryption Process

The list is with a little over than 125 file extensions that will become encrypted. The full list is the following:

→.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip

The list with file extensions for encryption could have been updated with more than that. The encrypted files will have the .##ENCRYPTED_BY_pablukl0cker## extension appended to all of them, after their file name. The extension .Beep might still be appended in some variants of the ransomware a bit older than the current one.

The Jigsaw ransomware is very likely to erase all Shadow Volume Copies from the Windows operating system, in order to make the encryption process more viable. The command for that is the following:

→vssadmin.exe delete shadows /all /Quiet

A decryption tool developed by the malware researcher Michael Gillespie is available for you to try out. Since this variant is new, the decrypter might not work yet, but you should definitely consider running it. You can find it in the bottom of the article.

Remove Jigsaw Virus and Restore .##ENCRYPTED_BY_pablukl0cker## Files

If your computer got infected with the Jigsaw ransomware virus, you should have a bit of experience in removing malware. You should get rid of this ransomware as quickly as possible before it can have the chance to spread further and infect other computers. You should remove the ransomware and follow the step-by-step instructions guide provided below.

Manually delete .##ENCRYPTED_BY_pablukl0cker## Virus from your computer

Note! Substantial notification about the .##ENCRYPTED_BY_pablukl0cker## Virus threat: Manual removal of .##ENCRYPTED_BY_pablukl0cker## Virus requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove .##ENCRYPTED_BY_pablukl0cker## Virus files and objects
2. Find malicious files created by .##ENCRYPTED_BY_pablukl0cker## Virus on your PC

Automatically remove .##ENCRYPTED_BY_pablukl0cker## Virus by downloading an advanced anti-malware program

1. Remove .##ENCRYPTED_BY_pablukl0cker## Virus with SpyHunter Anti-Malware Tool and back up your data
2. Restore files encrypted by .##ENCRYPTED_BY_pablukl0cker## Virus
Optional: Using Alternative Anti-Malware Tools

Berta Bilbao

Berta is the Editor-in-Chief of SensorsTechForum. She is a dedicated malware researcher, dreaming for a more secure cyber space.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...