PLAGUE17 File Virus (Dont_Worry Ransomware) - Remove It

PLAGUE17 File Virus (Dont_Worry Ransomware) – Remove It

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)


What is PLAGUE17 file virus? PLAGUE17 file virus is also known as Dont_Worry ransomware which encrypts files and demands a ransom for their alleged restoration.

Dont_Worry or otherwise known as PLAGUE17 file virus is ransomware. It encrypts files by appending the PLAGUE17 extension to them, making them inaccessible. All encrypted files will receive the new extension as a secondary one. Another extension will be added before it that is generated on a random principle. The PLAGUE17 ransomware drops a ransom note, which gives instructions to victims on how they can allegedly restore their data.

Threat Summary

Name.PLAGUE17 file virus
TypeRansomware, Cryptovirus
Short DescriptionThe ransomware encrypts files on your computer system and demands a ransom to be paid to allegedly recover them.
SymptomsThe new Dont_Worry ransomware variant will encrypt your files by appending the .PLAGUE17 extension to them, along with a hex pattern afterward.
Distribution MethodSpam Emails, Email Attachments
Detection Tool See If Your System Has Been Affected by .PLAGUE17 file virus


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss .PLAGUE17 file virus.
Data Recovery ToolWindows Data Recovery by Stellar Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

PLAGUE17 File Virus (Dont_Worry Ransomware) – How Did I Get It and What To Do?

PLAGUE17 File Virus might spread its infection via a payload dropper, which initiates the malicious script for this ransomware. The virus might also distribute its payload file on social media and file-sharing services. Freeware which is found on the Web can be presented as helpful also be hiding the malicious script for the cryptovirus. Read the tips for ransomware prevention from our forum.

Related: Dont_Worry Virus – How to Remove It and Restore Encrypted Files

PLAGUE17 or better known as the PLAGUE17 File Virus is ransomware that encrypts your files and shows ransomware instructions inside a ransom note called PLAGUE17.txt:


Beside the instructions you can see in the above image, there is a note that states the following:

Если Вы читаете это сообщение, значит Ваш компьютер был атакован опаснейшим вирусом.
Вся Ваша информация (документы, базы данных, бэкапы и другие файлы) на этом компьютере была зашифрована.
Все зашифрованые файлы имеют расширение .PLAGUE17
Ни в коем случае не изменяйте файлы! И не используйте чужие дешифраторы, Вы можете потерять Ваши файлы навсегда.

Напишите нам письмо на адрес , чтобы узнать как получить дешифратор.

Если мы Вам не ответили в течении 3 часов – повторите пересылку письма.

В письмо вставьте текст из файла ‘PLAGUE17.txt’ или напишите номер – 68286653
В первом письме не прикрепляйте файлы для дешифровки. Все инструкции вы получите в ответном письме.

You should NOT under any circumstances pay any ransom sum.

The extortionists want you to pay a ransom for the alleged restoration of your files, same as with a lot of ransomware viruses. PLAGUE17 File Virus ransomware could make entries in the Windows Registry to achieve persistence, and could launch or repress processes in a Windows system. All encrypted will receive the .PLAGUE17 extension alongside a random generated one. That extension will be placed as a secondary one to each file and a hex pattern could be present with different numbers as a secondary extension. Audio, video, image files as well as documents, backups and banking data can be encrypted by the ransomware.

Files with the following extensions will become encrypted if the virus is found on your computer:

→ .$$$, .[0-9]+, .~ini, .~klt, .1cd, .1cd2, .1cl, .1ey, .1txt, .2, .2cd, .6t[0-9], .6tr, .7z, .7zip, .8t0, .8tr, .9tr, .a2u, .a3d, .aad, .abd, .accdb, .adb, .adi, .afd, .ai, .als, .amp, .amr, .ans, .apc, .apk, .apx, .arc, .arch, .arh, .arj, .atc, .atg, .ava, .avhd, .avhdx, .awr, .axx, .bac[0-9], .backup, .bak, .bck, .bco, .bcp, .bde, .bdf, .bdf, .bf, .bf3, .bg, .bip, .bkc, .bkf, .bkp, .bks, .blb, .blf, .blk, .bln, .bls, .bls, .bmp, .box, .bpl, .bpn, .btr, .burn, .bz, .bz2, .car, .cbf, .cbm, .cbu, .cdb, .cdr, .cdx, .cer, .cf, .cfl, .cfu, .cia, .cmt, .cnc, .cpr, .cr2, .cripted, .criptfiles, .crypt, .csv, .ctl, .ctlg, .cuc, .cui, .cuix, .custom, .dafile, .data, .db, .db[0-9], .dbf, .dbk, .dbs, .dbt, .dbx, .dcf, .dcl, .dcm, .dct, .dcu, .dd, .ddf, .ddt, .dfb, .dff, .dfp, .dgdat, .dic, .diff, .dis, .djvu, .dmp, .doc, .docx, .dot, .dpr, .dproj, .drs, .dsus, .dt, .dtz, .dump, .dwg, .dz, .ect, .edb, .efd, .efm, .eif, .elf, .eml, .enc, .enz, .epf, .eps, .erf, .ert, .esbak, .esl, .eso, .etw, .export, .fbf, .fbk, .fdb, .fdb[0-9], .fi, .fil, .fkc, .fld, .flx, .fob, .fpf, .fpt, .frf, .frm, .frp, .frw, .frx, .fxp, .gbk, .gbp, .gd, .gdb, .gdoc, .gfd, .gfo, .gfr, .gho, .ghost, .ghs, .gif, .gopaymeb, .gpd, .granit, .grd, .gsheet, .gsn, .gz, .gzip, .hbi, .hbk, .hdf, .his, .hive, .htm, .html, .ib, .idf, .idx, .ifm, .ifo, .ifs, .ima, .img, .imgc, .imh, .imm, .indd, .info, .ipa, .ips, .irsf, .irsi, .irss, .iso, .isz, .iv2i, .jbc, .jpeg, .jpg, .jrs, .kdc, .keg, .key, .klt, .kmn, .kpm, .kwm, .laccdb, .last, .lay6, .lbl, .ldb, .ldf, .ldif, .ldw, .lg, .lgd, .lgf, .lgp, .lic, .lis, .lky, .lnk, .local, .lock, .lrv, .lsp, .lst, .lvd, .lzh, .m2v, .mac, .mak, .map, .max, .mb, .mbox, .mcx, .md, .md5, .mdb, .mde, .mdf, .mdmp, .mdt, .mdw, .mdx, .meb, .mft, .mig, .mkd, .mnc, .mnr, .mns, .mod, .mov, .msf, .mtl, .mxl, .mxlz, .mxlz, .myd, .myi, .n[0-9], .nag, .nbi, .nbk, .nbr, .nc, .nd[0-9], .ndf, .ndt, .nef, .new, .nif, .nrg, .nsf, .ntx, .nvram, .obf, .ods, .odt, .ogd, .ok, .okk, .old, .one, .onetoc2, .ora, .ord, .ost, .out, .ovf, .oxps, .p12, .packed, .pak, .pas, .paycrypt@gmail_com, .pbd, .pbf, .pck, .pdf, .pdt, .pf, .pfi, .pfl, .pfm, .pfx, .pgd, .pgp, .php, .pka, .pkg, .pkr, .plan, .plb, .pln, .plo, .pm, .pml, .png, .pnl, .ppd, .ppsx, .ppt, .pptx, .prb, .prg, .prk, .profile, .prv, .ps1, .psd, .psl, .pst, .pwd, .pwm, .px, .py, .q1c, .qib, .qrp, .qst, .rar, .rbf, .rcf, .rdf, .rec, .rep, .repx, .req, .res, .rez, .rgt, .rk6, .rn, .rpb, .rpt, .rst, .rsu, .rtf, .rvs, .sac, .sacx, .save, .saved, .sbin, .sbk, .sbp, .scn, .sct, .scx, .sdb, .sdf, .sdl, .sel, .sem, .sfpe, .sfpz, .sgn, .shd, .shdb, .shdl, .shs, .skr, .sln, .smf, .smfx, .sna, .snp, .sob, .sobx, .spr, .sql, .sqlite, .sqm, .sqx, .srx, .ssd, .ssf, .ssp, .sst, .st[0-9], .stm, .stop, .str, .sv2i, .svc, .svp, .tab, .tar, .tbb, .tbc, .tbh, .tbi, .tbk, .tbl, .tbn, .tdb, .tgz, .thm, .tib, .tid, .tmf, .tmp, .tmp0, .tnx, .tpl, .tps, .trc, .trec, .trn, .tst, .twd, .txt, .ua_, .udb, .unf, .upd, .utf, .v2i, .v8i, .vault, .vbe, .vbk, .vbm, .vbx, .vct, .vcx, .vdb, .vdi, .ver, .vhd, .vhdx, .vib, .viprof, .vlx, .vmcx, .vmdk, .vmem, .vmp, .vmpl, .vmrs, .vmsd, .vmsn, .vmss, .vmx, .vmxf, .vpc, .vrd, .vrfs, .vsd, .vsv, .vswp, .vvr, .vvv, .wallet, .war, .wav, .wbcat, .wbverify, .wid, .wim, .wnw, .wrk, .wsb, .xch, .xg0, .xls, .xlsb, .xlsm, .xlsx, .xml, .xsc, .xsd, .xstk, .xtbl, .xxx, .xz, .yg0, .ytbl, .zip, .zrb, .zsp, .zup .БРОНЬ

The PLAGUE17 File Virus could be set to erase all the Shadow Volume Copies from the Windows operating system with the help of the following command:

→vssadmin.exe delete shadows /all /Quiet

If your computer device was infected with this ransomware and your files are locked, read on through to find out how you could potentially restore your files back to normal.

Remove PLAGUE17 File Virus (Dont_Worry Ransomware)

If your computer got infected with the PLAGUE17 File Virus, you should have a bit of experience in removing malware. You should get rid of this ransomware as quickly as possible before it can have the chance to spread further and infect other computers. You should remove the ransomware and follow the step-by-step instructions guide provided below.

Tsetso Mihailov

Tsetso Mihailov

Tsetso Mihailov is a tech-geek and loves everything that is tech-related, while observing the latest news surrounding technologies. He has worked in IT before, as a system administrator and a computer repair technician. Dealing with malware since his teens, he is determined to spread word about the latest threats revolving around computer security.

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share