.Oled Files Ransomware Virus (Decrypt Files) - How to, Technology and PC Security Forum | SensorsTechForum.com
THREAT REMOVAL

.Oled Files Ransomware Virus (Decrypt Files)

OFFER

SCAN YOUR PC
with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by Oled Ransomware and other threats.
Threats such as Oled Ransomware may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

This article aims to help you remove the Oled ransomware virus completely from your computer and restore files encrypted with .oled file extension added.

A ransomware virus, believed to be a part of the BTCWare ransomware family has been reported to append AES encryption algorithm on important files of the computers it has infected. The Oled ransomware’s primary purpose is to convince the victims to pay a hefty ransom fee and this is why the virus drops a ransom note, named DECRYPTION.txt. In this note, the cyber-criminals even provide the option to decrypt 3 files without having to pay anything as a guarantee. In case your computer has been infected by Oled ransomware, recommendations are to read this article thoroughly.

Threat Summary

NameOled Ransomware
TypeRansomware, Cryptovirus
Short DescriptionA variant of BTCWare. Uses AES encryption algorithm on the infected computer and then demands Bitcoin payment as a ransom payoff.
SymptomsFiles encrypted with .oled file extension added to them. Dropped ransom note, named DECRYPTION.txt
Distribution MethodSpam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by Oled Ransomware

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss Oled Ransomware.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

.oled File Virus – Distribution

For it’s distribution, Oled ransomware may use spam e-mails that aim to spread it’s malicious executable that drops the payload of the ransomware once opened. These malicious executable files may be loaders or droppers and may be either uploaded on websites or sent out via spam.

One of the spam methods which may be associated with Oled ransomware infections, is via e-mail. What the cyber-criminals do is they aim to send out message portraying the infection file as a legitimate document, for example letter of complaint or an invoice. Usually most e-mails aim to resemble legitimate companies such as PayPal or other entities.

.oled Ransomware – Analysis

Oled ransomware virus is a part of the BTCWare ransomware family, meaning it may exhibit similar behavior to other viruses from the family, like the .onyon ransomware.

After infection has taken place, the ransomware virus may begin to exhibit different types of activities, the first of which is to drop the malicious files related to the virus in various Windows folders. These files may be located in multiple different Windows folders, such as:

  • %AppData%
  • %Roaming%
  • %Local%
  • %LocalLow%
  • %Temp%

After the malicious files of the Oled ransomware are dropped on the infected computer, the malware may modify the registry keys on the infected computer, more specifically targeting the Run and RunOnce registry keys. After doing so, the virus may also delete the shadow volume copies on the infected computer. These shadow copies are an option to recover files and Oled ransomware may execute the vssadmin and other commands in order to delete them:

→ process call create “cmd.exe /c
vssadmin.exe delete shadows /all /quiet
bcdedit.exe /set {default} recoveryenabled no
bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures

After this has happened, the Oled ransomware infection may also drop it’s ransom note, which has the following message to victims:

The ransom note is almost identical to the ransom note set by OnyonLock ransomware:

Oled Ransomware – Encryption Process

Being a suspected variant of the BTCWare ransomware family, the .oled file virus is believed to use the same AES encryption algorithm to render the files on the compromised PC no longer able to be opened. Oled ransomware looks for specific types of files to encrypt:

  • Microsoft Office documents.
  • Adobe documents.
  • Text files.
  • Pictures.
  • Music.
  • Videos.
  • Archives.
  • Other often used file types.

After the .oled file virus encrypted the files, it appends it’s distinctive file extension which includes the e-mail [email protected]. The encrypted files look like the following:

Remove Oled Ransomware and Restore .oled Encrypted Files

For the removal of Oled ransomware it is advisable to follow the removal instructions down below. They are specifically designed to help you with removing the malicious files either manually or automatically with the aid of an anti-malware tool. Security experts always advise using the automatic approach since it is swift, effective and will protect your computer system in the future as well.

Note! Your computer system may be affected by Oled Ransomware and other threats.
Scan Your PC with SpyHunter
SpyHunter is a powerful malware removal tool designed to help users with in-depth system security analysis, detection and removal of threats such as Oled Ransomware.
Keep in mind, that SpyHunter’s scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter’s malware removal tool to remove the malware threats. Read our SpyHunter 5 review. Click on the corresponding links to check SpyHunter’s EULA, Privacy Policy and Threat Assessment Criteria.

To remove Oled Ransomware follow these steps:

1. Boot Your PC In Safe Mode to isolate and remove Oled Ransomware files and objects
2. Find files created by Oled Ransomware on your PC

Use SpyHunter to scan for malware and unwanted programs

3. Scan for malware and unwanted programs with SpyHunter Anti-Malware Tool
4. Try to Restore files encrypted by Oled Ransomware

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...