“YOUR FILES ARE STRIKED!” Virus (Remove + Restore Data) - How to, Technology and PC Security Forum | SensorsTechForum.com

“YOUR FILES ARE STRIKED!” Virus (Remove + Restore Data)

This article’s primary purpose is to help you by showing how to completely remove the “YOUR FILES ARE STRIKED!” ransomware infection from your computer and restore encrypted files.

A new virus which encrypts the files on the computers infected by it has been reported to change the wallpaper of victims and prompt to contact the e-mail [email protected]. The virus, also dubbed “Striked” by malware researchers has been reported to attack documents, photos, save games, databases and other important files, after which change the wallpaper with instructions on how to get them back. If your computer has become one of the victim devices of Striked ransomware, we recommend you to read this article thoroughly.

Image Source: id-ransomware.blogspot.bg

Threat Summary

NameStriked Virus
TypeRansomware, Cryptovirus
Short DescriptionEncrypts the files on the infected computer adding a custom ID and the contact e-mail as demands and file extensions.
SymptomsThe wallpaper is changed to “YOUR FILES ARE STRIKED!” one. The malware also drops a ransom note, named “README_DECRYPT.html”.
Distribution MethodSpam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by Striked Virus


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss Striked Virus.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

“YOUR FILES ARE STRIKED!” Ransomware – Distribution

In order for this ransomware virus to be effectively spread and infect users, it may exist in several different forms:

  • Executable files (.exe) that may pose as legitimate setups of software or other types of programs.
  • JavaScript (.js) files that aim to infect the victim via e-mail or malicious web links (as scripts).
  • Documents with malicious macros embedded within them that are activated when you click on the “Enable Content” button similar to what the graph below shows:

“YOUR FILES ARE STRIKED!” Virus – Infection Activity

Once the victim of this virus opens it’s malicious file, it may connect immediately to C2 servers from which it downloads the malicious payload of the Striked ransomware virus. The payload may consist of the main executable of the virus which does the actual encryption plus support files that may be .tmp, .vbs, .bat, .dll and others. The files may be dropped in the usually targeted Windows directories which are:

  • %AppData%
  • %Temp%
  • %Roaming%
  • %Local%
  • %LocalLow%
  • %Windows%

After having dropped the malicious files on the compromised computer, the ransomware virus aims to perform another malicious activity and that is to interfere with the Windows Registry editor and more specifically to modify the following sub-keys in it:

→ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

The Run and RunOnce keys are usually targeted because if a value string with the correct parameters is created within them, this makes it possible for a malicious file, such as the main executable of Striked ransomware to run automatically when your Windows starts up.

In addition to having modified this aspect of Windows, the Striked ransomware may also obtain administrative permissions over the Windows command prompt in order to delete the Shadow Copies of the infected computer. This activity may eliminate all chances of restoring your encrypted files via backup. The commands which may be entered are in quiet mode, meaning that the victim does not notice while this is done. They may be the following:

→ process call create “cmd.exe /c vssadmin.exe delete shadows /all /quiet & bcdedit.exe /set {default} recoveryenabled no & bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures

The Striked ransomware virus also drops it’s ransom note, which is named README_DECRYPT.html. The wallpaper is also changed to the image at the beginning of this article and has the following contents:

Your personal identifier: {UNIQUE ID}
Your documents, photos, databases, save games and other important data were encrypted. For a data recovery requires a decryptor.
To decrypt your files send an email [email protected] In the reply letter you will receive a program for decryption.
After starting the decryption program, all your files will be restored.
!!! Attention!!! !!! Attention!!!
***Do not attempt to uninstall the program or run antivirus software
***Attempts to decrypt files by themselves will result in the loss of your data”

Striked Ransomware’s Encryption Procedure

The encryption of this virus may consist of the usage of an advanced cipher which generates a decryption key afterwards. The files which are encrypted by the Striked ransomware may be of the following types:


After the encryption, the malware sets a file extension to the files which contains the unique identification number (10 digits) and the e-mail of the cyber-criminals, for example:

Remove Striked and Restore Encrypted Files

If you want to remove this ransomware virus, we recommend that you backup the encrypted files beforehand. After doing so, it is advisable to follow the removal instructions below. They are specifically designed to help you isolate the threat and then remove it. However, due to the uniqueness of the situation, the Striked virus may interfere with system files, tampering with which may damage your Windows OS. This is why, for a safe removal a ransomware-specific tool should be used to scan for the objects belonging to this virus and remove them safely. Experts often advise using anti-malware software to do this, since it will provide protection against all malware types in the future as well.

If you want to restore files that have been encrypted by this ransomware virus, it is recommended to use copies of your encrypted files and try the alternative methods we have suggested in step “2. Restore files encrypted by Striked”. Those may not be a guarantee that you will recover all of your files, but with their aid, at least some of your data may be restored.

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share