A ransomware virus using the [email protected] file extension has appeared recently. The virus is widely believed to be a part of the ransomware viruses which are part of the CrySiS ransomware family. Not only this but this malware is also the reason for many users reporting that their files were no longer able to be opened and upon contacting the e-mail, to be asked for payoff to restore their files. We strongly urge you not to conduct any payoffs related to [email protected] ransomware and to attempt and use the information in this article to remove the ransomware successfully from your computer and to restore your files.
|Short Description||The malware encrypts users files using a strong encryption algorithm, making direct decryption possible only via a unique decryption key available to the cyber-criminals.|
|Symptoms||The user may witness the files encrypted with the ransomware e-mail address as correspondence.|
|Detection Tool|| See If Your System Has Been Affected by [email protected] |
Malware Removal Tool
|User Experience||Join our forum to Discuss [email protected].|
|Data Recovery Tool||Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
[email protected] – How Does It Infect
In order to attack as high as possible amount of users, the ransomware, identifying itself with the e-mail [email protected] may use e-mails related to persuasive topics that aim to convince users that their bank accounts are being suspended or have other issues.
The primary target of cyber-crooks is to get users to focus on clicking either a malicious web link or an e-mail attachment which only seems to be consisting of:
- Microsoft Office type of documents.
- Adobe Reader files.
- Photos or archives.
Not only this, but as soon as several users click on such web links and e-mail attachments, the payload of the ransomware might be downloaded from the command and control servers belonging to the cyber-criminals onto the computer of the user.
[email protected] – More Information about The Virus
After the virus has infected the user, decryptallf[email protected] may drop the payload in several different folders, among which are the:
- %User’s Profile%
Similar to [email protected] ransomware, the virus may have files like the decryption instructions in a text and .jpg file formats dropped on the %Startup% folder so that these files run every time Windows has started.
In addition to this, the malware might also delete several different types of files which are primarily related to the shadow copies and backups of windows. This is achievable by executing the vssadmin command for shadow copy deletion:
→ vssadmin delete shadows /all /quiet
Not only this, but when the [email protected] virus begins to encrypt user files, it is pre-programmed to look for a different set of file extensions amongst which are:
- Video types of files.
- Image data.
- Audio files.
- Database type of files.
- Microsoft Office and Adobe documents.
After having encrypted all the files on the compromised computer, the virus appends it’s e-mail address as a file extension for the encrypted files, making them appear like the following:
Remove [email protected] Ransomware and Restore Encrypted Files
Experts strongly advise against contacting the cyber-criminals who have encrypted your files for several obvious reasons:
- You are helping cyber-crooks infect more users and generate profit.
- There is no guarantee the files will be decrypted.
To remove this ransomware virus completely from your computer, you may follow the removal instructions after this article. However, experts strongly advise that you focus on removing the ransomware automatically with an advanced anti-ransomware tool and try the alternative file restoration methods below until a free decryptor is released after which we will update this article with a download URL.