Remove Ransomware and Restore Encrypted Files - How to, Technology and PC Security Forum |

Remove [email protected] Ransomware and Restore Encrypted Files

data-encryption-stforumA ransomware virus using the [email protected] file extension has appeared recently. The virus is widely believed to be a part of the ransomware viruses which are part of the CrySiS ransomware family. Not only this but this malware is also the reason for many users reporting that their files were no longer able to be opened and upon contacting the e-mail, to be asked for payoff to restore their files. We strongly urge you not to conduct any payoffs related to [email protected] ransomware and to attempt and use the information in this article to remove the ransomware successfully from your computer and to restore your files.

Threat Summary


[email protected]

Short DescriptionThe malware encrypts users files using a strong encryption algorithm, making direct decryption possible only via a unique decryption key available to the cyber-criminals.
SymptomsThe user may witness the files encrypted with the ransomware e-mail address as correspondence.
Distribution MethodVia an Exploit kit, Dll file attack, malicious JavaScript or a drive-by download of the malware itself in an obfuscated manner.
Detection Tool See If Your System Has Been Affected by [email protected]


Malware Removal Tool

User ExperienceJoin our forum to Discuss [email protected].
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

[email protected] – How Does It Infect

In order to attack as high as possible amount of users, the ransomware, identifying itself with the e-mail [email protected] may use e-mails related to persuasive topics that aim to convince users that their bank accounts are being suspended or have other issues.

The primary target of cyber-crooks is to get users to focus on clicking either a malicious web link or an e-mail attachment which only seems to be consisting of:

  • Microsoft Office type of documents.
  • Adobe Reader files.
  • Photos or archives.

Not only this, but as soon as several users click on such web links and e-mail attachments, the payload of the ransomware might be downloaded from the command and control servers belonging to the cyber-criminals onto the computer of the user.

[email protected] – More Information about The Virus

After the virus has infected the user, [email protected] may drop the payload in several different folders, among which are the:

  • %User’s Profile%
  • %System32%
  • %Temp%
  • %AppData%

Similar to [email protected] ransomware, the virus may have files like the decryption instructions in a text and .jpg file formats dropped on the %Startup% folder so that these files run every time Windows has started.

In addition to this, the malware might also delete several different types of files which are primarily related to the shadow copies and backups of windows. This is achievable by executing the vssadmin command for shadow copy deletion:

→ vssadmin delete shadows /all /quiet

Not only this, but when the [email protected] virus begins to encrypt user files, it is pre-programmed to look for a different set of file extensions amongst which are:

  • Video types of files.
  • Image data.
  • Audio files.
  • Database type of files.
  • Microsoft Office and Adobe documents.

After having encrypted all the files on the compromised computer, the virus appends it’s e-mail address as a file extension for the encrypted files, making them appear like the following:


Remove [email protected] Ransomware and Restore Encrypted Files

Experts strongly advise against contacting the cyber-criminals who have encrypted your files for several obvious reasons:

  • You are helping cyber-crooks infect more users and generate profit.
  • There is no guarantee the files will be decrypted.

To remove this ransomware virus completely from your computer, you may follow the removal instructions after this article. However, experts strongly advise that you focus on removing the ransomware automatically with an advanced anti-ransomware tool and try the alternative file restoration methods below until a free decryptor is released after which we will update this article with a download URL.

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share