“YOUR FILES ARE STRIKED!” Virus (Remove + Restore Data) - How to, Technology and PC Security Forum | SensorsTechForum.com
THREAT REMOVAL

“YOUR FILES ARE STRIKED!” Virus (Remove + Restore Data)

OFFER

SCAN YOUR PC
with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by Striked Virus and other threats.
Threats such as Striked Virus may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

This article’s primary purpose is to help you by showing how to completely remove the “YOUR FILES ARE STRIKED!” ransomware infection from your computer and restore encrypted files.

A new virus which encrypts the files on the computers infected by it has been reported to change the wallpaper of victims and prompt to contact the e-mail [email protected]. The virus, also dubbed “Striked” by malware researchers has been reported to attack documents, photos, save games, databases and other important files, after which change the wallpaper with instructions on how to get them back. If your computer has become one of the victim devices of Striked ransomware, we recommend you to read this article thoroughly.

Image Source: id-ransomware.blogspot.bg

Threat Summary

NameStriked Virus
TypeRansomware, Cryptovirus
Short DescriptionEncrypts the files on the infected computer adding a custom ID and the contact e-mail as demands and file extensions.
SymptomsThe wallpaper is changed to “YOUR FILES ARE STRIKED!” one. The malware also drops a ransom note, named “README_DECRYPT.html”.
Distribution MethodSpam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by Striked Virus

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss Striked Virus.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

“YOUR FILES ARE STRIKED!” Ransomware – Distribution

In order for this ransomware virus to be effectively spread and infect users, it may exist in several different forms:

  • Executable files (.exe) that may pose as legitimate setups of software or other types of programs.
  • JavaScript (.js) files that aim to infect the victim via e-mail or malicious web links (as scripts).
  • Documents with malicious macros embedded within them that are activated when you click on the “Enable Content” button similar to what the graph below shows:

“YOUR FILES ARE STRIKED!” Virus – Infection Activity

Once the victim of this virus opens it’s malicious file, it may connect immediately to C2 servers from which it downloads the malicious payload of the Striked ransomware virus. The payload may consist of the main executable of the virus which does the actual encryption plus support files that may be .tmp, .vbs, .bat, .dll and others. The files may be dropped in the usually targeted Windows directories which are:

  • %AppData%
  • %Temp%
  • %Roaming%
  • %Local%
  • %LocalLow%
  • %Windows%

After having dropped the malicious files on the compromised computer, the ransomware virus aims to perform another malicious activity and that is to interfere with the Windows Registry editor and more specifically to modify the following sub-keys in it:

→ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

The Run and RunOnce keys are usually targeted because if a value string with the correct parameters is created within them, this makes it possible for a malicious file, such as the main executable of Striked ransomware to run automatically when your Windows starts up.

In addition to having modified this aspect of Windows, the Striked ransomware may also obtain administrative permissions over the Windows command prompt in order to delete the Shadow Copies of the infected computer. This activity may eliminate all chances of restoring your encrypted files via backup. The commands which may be entered are in quiet mode, meaning that the victim does not notice while this is done. They may be the following:

→ process call create “cmd.exe /c vssadmin.exe delete shadows /all /quiet & bcdedit.exe /set {default} recoveryenabled no & bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures

The Striked ransomware virus also drops it’s ransom note, which is named README_DECRYPT.html. The wallpaper is also changed to the image at the beginning of this article and has the following contents:

“YOUR FILES ARE STRIKED!
-=ALL OF YOUR FILES ARE ENCRYPTED!=
Your personal identifier: {UNIQUE ID}
Your documents, photos, databases, save games and other important data were encrypted. For a data recovery requires a decryptor.
To decrypt your files send an email [email protected] In the reply letter you will receive a program for decryption.
After starting the decryption program, all your files will be restored.
!!! Attention!!! !!! Attention!!!
***Do not attempt to uninstall the program or run antivirus software
***Attempts to decrypt files by themselves will result in the loss of your data”

Striked Ransomware’s Encryption Procedure

The encryption of this virus may consist of the usage of an advanced cipher which generates a decryption key afterwards. The files which are encrypted by the Striked ransomware may be of the following types:

→ “PNG .PSD .PSPIMAGE .TGA .THM .TIF .TIFF .YUV .AI .EPS .PS .SVG .INDD .PCT .PDF .XLR .XLS .XLSX .ACCDB .DB .DBF .MDB .PDB .SQL .APK .APP .BAT .CGI .COM .EXE .GADGET .JAR .PIF .WSF .DEM .GAM .NES .ROM .SAV CAD Files .DWG .DXF GIS Files .GPX .KML .KMZ .ASP .ASPX .CER .CFM .CSR .CSS .HTM .HTML .JS .JSP .PHP .RSS .XHTML. DOC .DOCX .LOG .MSG .ODT .PAGES .RTF .TEX .TXT .WPD .WPS .CSV .DAT .GED .KEY .KEYCHAIN .PPS .PPT .PPTX ..INI .PRF Encoded Files .HQX .MIM .UUE .7Z .CBR .DEB .GZ .PKG .RAR .RPM .SITX .TAR.GZ .ZIP .ZIPX .BIN .CUE .DMG .ISO .MDF .TOAST .VCD SDF .TAR .TAX2014 .TAX2015 .VCF .XML Audio Files .AIF .IFF .M3U .M4A .MID .MP3 .MPA .WAV .WMA Video Files .3G2 .3GP .ASF .AVI .FLV .M4V .MOV .MP4 .MPG .RM .SRT .SWF .VOB .WMV 3D .3DM .3DS .MAX .OBJ R.BMP .DDS .GIF .JPG ..CRX .PLUGIN .FNT .FON .OTF .TTF .CAB .CPL .CUR .DESKTHEMEPACK .DLL .DMP .DRV .ICNS .ICO .LNK .SYS .CFG”Source:fileinfo.com

After the encryption, the malware sets a file extension to the files which contains the unique identification number (10 digits) and the e-mail of the cyber-criminals, for example:

Remove Striked and Restore Encrypted Files

If you want to remove this ransomware virus, we recommend that you backup the encrypted files beforehand. After doing so, it is advisable to follow the removal instructions below. They are specifically designed to help you isolate the threat and then remove it. However, due to the uniqueness of the situation, the Striked virus may interfere with system files, tampering with which may damage your Windows OS. This is why, for a safe removal a ransomware-specific tool should be used to scan for the objects belonging to this virus and remove them safely. Experts often advise using anti-malware software to do this, since it will provide protection against all malware types in the future as well.

If you want to restore files that have been encrypted by this ransomware virus, it is recommended to use copies of your encrypted files and try the alternative methods we have suggested in step “2. Restore files encrypted by Striked”. Those may not be a guarantee that you will recover all of your files, but with their aid, at least some of your data may be restored.

Note! Your computer system may be affected by Striked Virus and other threats.
Scan Your PC with SpyHunter
SpyHunter is a powerful malware removal tool designed to help users with in-depth system security analysis, detection and removal of threats such as Striked Virus.
Keep in mind, that SpyHunter’s scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter’s malware removal tool to remove the malware threats. Read our SpyHunter 5 review. Click on the corresponding links to check SpyHunter’s EULA, Privacy Policy and Threat Assessment Criteria.

To remove Striked Virus follow these steps:

1. Boot Your PC In Safe Mode to isolate and remove Striked Virus files and objects
2. Find files created by Striked Virus on your PC

Use SpyHunter to scan for malware and unwanted programs

3. Scan for malware and unwanted programs with SpyHunter Anti-Malware Tool
4. Try to Restore files encrypted by Striked Virus

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...