Remove Everbe 2.0 Ransomware and Restore .divine Files
THREAT REMOVAL

Remove Everbe 2.0 Ransomware and Restore .divine Files

OFFER

SCAN YOUR PC
with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by Everbe 2.0 and other threats.
Threats such as Everbe 2.0 may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

Remove Everbe 2.0 Ransomware Restore .divine Files sensorstechforum

This is an article that provides specific details on Everbe 2.0 ransomware infection as well as a step-by-step removal followed by alternative data recovery approaches.

As spotted by security researchers a new version of Everbe ransomware has been released in active attack campaigns. Everbe 2.0 is a threat that corrupts computer systems in order to encode valuable data and demand a ransom for its decryption. This time cyber criminals set the crypto virus to append a specific string of extensions that begins with their contact email and ends with the extension .divine. So upon encryption the files are renamed with .[[email protected]].divine extensions and access to the information they store is restricted. In addition a ransom note !=How_to_decrypt_files=!.txt attempts to blackmail you into paying for a decryption tool possessed by hackers.

Threat Summary

NameEverbe 2.0
TypeRansomware, Cryptovirus
Short DescriptionA data locker ransomware that utilizes AES cihper algorithm to encrypt valuable files stored on the infected computer and then demands a ransom for decryption solution.
SymptomsThe access to important files is restricted and all they are renamed with .[[email protected]].divine string of extensions. A ransom message urges victims to contact hackers at [email protected] email address.
Distribution MethodSpam Emails, Email Attachments
Detection Tool See If Your System Has Been Affected by Everbe 2.0

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss Everbe 2.0.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

Update November 2018 — New Everbe 2.0 Ransomware Strain Identified

In November 2018 a new attack carrying Everbe 2.0 ransomware samples was identified. It is possible that the hacker or criminal group behind are different than the ones affiliated with the previous attacks. This is possible if the Everbe 2.0 ransomware code is being offered on the underground hacker markets. A popular option is the upload of such threats as a RaaS (ransomware-as-a-service). This means that the criminal developers will offer a subscription-based access to the ransomware code and offer customization options to the buyers. It is very possible that this variant is bought by a different criminal community and used for specific targeted attacks.

It appears that the same behavior pattern is used, no major differences have been reported in the way the virus infects the host computers. At this moment the distribution campaigns are limited in scope which doesn’t show the primary strategy. We anticipate that a wider deployment will use several of the methods used by the main Everbe 2.0 ransomware.

Instead of the previous extension this variant assigns the .[[email protected]][email protected] suffix to the infected files. Like before the engine will target the most popular user data.

The ransomware note itself is created in a file called Note: !=How_recovery_files=!.html which reads the following contents:

All your important files are encrypted

Your files has been encrypted using RSA2048 algorithm with unique public-key stored on your PC.
There is only one way to get your files back: contact with us, pay, and get decryptor software.

We accept Bitcoin, and other cryptocurrencies, you can find exchangers on bestbitcoinexchange.io

You have unique idkey(in a yellow frame), write it in letter when contact with us.

Also you can decrypt 1 file for test, its guarantee what we can decrypt your files.

IDKEY: XXXXXXXXXXXXXXXXXXXXXXXXXX

Contact information:
primary email: [email protected]

reserver email: [email protected]

Everbe 2.0 Ransomware – Distribution

For the distribution of this iteration of Everbe ransomware hackers are likely to utilize common techniques such as malspam, fake updates, various potentially unwanted third-party programs, and corrupted web pages.

Spam email campaigns that may carry the infection code of Everbe 2.0 ransomware are likely to target online users worldwide. Those emails may resemble a lot the ones sent by legitimate institutions and commonly used services. So as their senders may be pointed out representatives of well-known companies like PayPal, DHL, FedEx, and Amazon. Another trait of malicious emails is the presence of file attachments presented as files that contain important information which you should review as soon as possible. The trick here is that these files are set to trigger the ransomware infection code once opened on the computer.

Another commonly used infection element used in malicious emails is a clickable link that may be in the form of button, in-text link, discount voucher, etc. What a visit of such a link may lead to is the activation of malicious scripts injected into web page’s source code. With the help of these scripts hackers could drop and activate malicious objects directly on your PC.

So if you want to keep your system secure against devastating threats like Everbe 2.0 in future you should have an active anti-malware tool installed on it. Once activated on the system such a tool will detect all intrusive malware and this way save you a lot of troubles.

Everbe 2.0 Ransomware – Overview

The infection process with Everbe 2.0 ransomware begins when its malicious payload is started on the system. In the beginning the threat is developed to plague essential system settings that will eventually enable it to reach the main infection stage which data encryption.

Among the affected system components is the Registry Editor known for storing low-level system and installed programs settings. There are two specific keys that are usually targeted by ransomware threats like Everbe 2.0 and they are Run and RunOnce. This could be explained by the fact that these two registry sub-keys manage the automatic execution process of all files and objects essential for the smooth system performance. So by adding malicious values under these sub-keys the ransomware becomes able to run all necessary infection files on each system start.

The manipulation of their functionalities could also help Everbe 2.0 to display its ransom note on the screen at the end of the attack. As of the note associated with this crypto virus it is dropped on the system under the name !=How_to_decrypt_files=!.txt and all it reads is:

Hello ! All your files have been encrypted !
Don’t worry , we can help tou to return all of your files .
If you want to know price for decryptor , write to our email – [email protected]
In the subject write – id-[redacted 11 numbers]

Every 7 days price doubles.
If within 24 hours we didn’t answer you , write to our backup mail – [email protected] .

Everbe 2.0 ransom note !=How_to_decrypt_files=!.txt file

Everbe 2.0 Ransomware – Data Encryption Process

After all needed modifications are implemented Everbe 2.0 initiates a scan of predefined drives and folders in order to locate target files and encode them with strong cipher algorithm. Alike previous versions of Everbe ransomware that are associated with the extensions .Everbe, .eV3rbe, and .thunder, Everbe .divine could be using the strong AES cipher for alteration of files code. As of the files targeted by the ransomware they may be all of the following:

  • Audio files
  • Video files
  • Document files
  • Image files
  • Backup files
  • Banking credentials, etc

So upon encryption all corrupted files remain inaccessible due to the changes of their original code. In addition, they are all marked with the following string of extensions:

Their code could be reverted back with the help of alternative efficient recovery solutions which could help you to avoid paying criminals the ransom as well. Some tested by our team are listed in the guide that follows. So make sure to check all the information presented in step “Restore files encrypted by Everbe 2.0” as it could help you to find a way to restore a few to all of encrypted .divine files.

Also don’t forget that soon or later security experts could crack the code of this Everbe variant and release publicly a free decryption tool.

Remove Everbe 2.0 Ransomware and Restore .divine Files

Below you could find how to remove Everbe 2.0 step by step. To remove the ransomware manually you need to have a bit of technical experience and ability to recognize traits of malware files. Beware that ransomware is a threat with highly complex code that plagues not only your files but your whole system. So as recommended by security researchers you need to utilize an advanced anti-malware tool for its complete removal. Such a tool will keep your system protected against devastating threats like Everbe 2.0 ransomware and other kinds of malware that endanger your online security.

After you remove the ransomware make sure to check the “Restore Files” step listed in the guide below. But before you take any further actions, don’t forget to back up all encrypted files to an external drive in order to prevent their irreversible loss.

Note! Your computer system may be affected by Everbe 2.0 and other threats.
Scan Your PC with SpyHunter
SpyHunter is a powerful malware removal tool designed to help users with in-depth system security analysis, detection and removal of threats such as Everbe 2.0.
Keep in mind, that SpyHunter’s scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter’s malware removal tool to remove the malware threats. Read our SpyHunter 5 review. Click on the corresponding links to check SpyHunter’s EULA, Privacy Policy and Threat Assessment Criteria.

To remove Everbe 2.0 follow these steps:

1. Boot Your PC In Safe Mode to isolate and remove Everbe 2.0 files and objects
2. Find files created by Everbe 2.0 on your PC

Use SpyHunter to scan for malware and unwanted programs

3. Scan for malware and unwanted programs with SpyHunter Anti-Malware Tool
4. Try to Restore files encrypted by Everbe 2.0
Gergana Ivanova

Gergana Ivanova

Gergana has completed a bachelor degree in Marketing from the University of National and World Economy. She has been with the STF team for three years, researching malware and reporting on the latest infections. She believes that in times of constantly evolving dependency of network connected technologies, people should spread the word not the war.

More Posts

Follow Me:
Google Plus

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...