Remove Executioner (Cellat) Ransomware. Sifre_Coz_Talimat.html File
THREAT REMOVAL

Remove Executioner (Cellat) Ransomware. Sifre_Coz_Talimat.html File

OFFER

SCAN YOUR PC
with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by Executioner (Cellat) Ransomware and other threats.
Threats such as Executioner (Cellat) Ransomware may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

Executioner (Cellat) ransomware is yet another crypto virus recently discovered by security researchers at MalwareHunterTeam. The Executioner ransomware encrypts the user’s data and appends six random characters to the encrypted files. The crypto virus also changes the desktop wallpaper of the victim’s computer, and creates an HTML file identified as Sifre_Coz_Talimat.html which is dropped in every folder with encrypted files. This article is designed to help you to remove the ransomware and try to restore your encrypted files.

Threat Summary

NameExecutioner (Cellat) Ransomware
TypeRansomware
Short DescriptionThe Executioner ransomware encryptс files on your computer and displays a ransom message, demanding that $150 are sent to a Bitcoin address.
SymptomsYour files are encrypted, a ransom note is displayed. The desktop wallpaper is changed to a ransom note in Turkish.
Distribution MethodSpam Emails, Email Attachments, Freeware Bundles, Social Media, etc.
Detection Tool See If Your System Has Been Affected by Executioner (Cellat) Ransomware

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss Executioner (Cellat) Ransomware.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

Executioner (Cellat) Ransomware Distribution

The Executioner ransomware also known as Cellat ransomware is most likely spread via spam emails containing malicious email attachments, pdf attachments and Word documents prompting the user to enable Macros, etc. Most recent ransomware cases rely on this method of distribution because of its high success rates. Most users tend to be careless with suspicious emails which often lead to ransomware and malware infections. A perfect example here is the way of distribution used by the .sVn variant of the well-known Jaff ransomware.

However, there are other probable methods of infections that could be used by the creators of the Executioner crypto virus. A payload dropper which triggers its malicious script could be spread online. The ransomware may also be spreading the payload file on social media websites and file-sharing services. Another popular method of ransomware and malware distribution is via freeware packages where a program may be bundled with malicious programs.

To avoid infections of that kind, be extremely cautious when dealing with files downloaded from the Web as well as with emails sent by unknown or suspicious entities. More useful tips on avoiding ransomware are published in our forum https://sensorstechforum.com/forums/pc-tips-tricks/tips-about-ransomware/ . We advise you to read them carefully and drop a question in case you have any.

Executioner (Cellat) Ransomware Technical Details

As usual, the wallpaper set by the ransomware contains a ransom demand written in Turkish. The demanded ransom is in Bitcoin and amounts to $150 USD.

The website of the ransomware contains the following message:

Read The Instructions!
Send 150$ (Dollar)-(USD) to this Bitcoin Adress: 164eQzsZUZCR9mfLWGdiqqGcUyQsYcX6vU – Case Sensitive!
IN ORDER TO DECRYPT YOUR FILES BACK!
DO NOT FORGET ! You can use services called LocalBitcoins.com, CoinBase.com and Paxful.com to send BITCOIN!
Follow the instructions that given below step by steps once you have done the sending BITCOIN process!
Your COMPUTER has been infected by Executioner (CELLAT) Ransomware and ALL OF YOUR FILES SAFELY ENCRYPTED!!
In order to DECRYPT your pictures, videos, documents and ALL OF YOUR ENCRYPTED FILES you have to send 150$ (USD) worth of BITCOIN to the BITCOIN ADRESS that GIVEN ABOVE!!!,
Otherwise your files will not be accessible!! If you have finished this step once, please skip this step!
DO NOT FORGET ! You can remove the virus from your computer BUT! You cannot decrypt and recover your encrypted files!! THE ONLY WAY is to save and decrypt your files is to buy a DECRYPTION KEY! Once You send 150$ (USD) worth of BITCOIN to the adress that given below than there is nothing to worry about!! Please Keep Continue Reading!!
After sending payment of 150$ (USD) worth of Bitcoin, Then open the .HTML file located on YOUR DESKTOP called Sifre_Coz_Talimat.html and you will see an COMPUTER ID copy that COMPUTER ID than email it to the mail address that given below!!
email adress : “[email protected]
Immediately afterwards, you will receive an email with the DECRYPTION KEY and DECRYPTION SOFTWARE within 24 HOURS!!
IMPORTANT!! DO NOT FORGET TO SEND YOUR BITCOIN WALLET ADRESS AND YOUR COMPUTER ID TO THE EMAIL ADRESS THAT GIVEN ABOVE!!
ALSO All Of YOUR FILES ARE ENCRYPTED WITH RSA-2018 ENCRYPTION!!
IT IS NOT POSSIBLE TO SOLVE THIS CIPHER!!!
PROOF OF FILE DECRYPTION PROCESS!!

As for the encryption algorithms used by Executioner (Cellat) ransomware, it is not known yet. However, considering how evolved most ransomware viruses are, it is highly likely that the creators of Executioner (Cellat) employed a sophisticated encryption nearly impossible to decrypt without the decryption key possessed by the cybercriminals.

Remove Executioner (Cellat) Ransomware: Methods

If your computer got infected with the Executioner (Cellat) ransomware and you wish to remove it manually from your system, note that you should have at least a bit of experience in removing ransomware or malware. Still, you should get rid of this ransomware immediately before it gets the chance to spread further and infect more computers. To remove Executioner (Cellat) ransomware entirely from your machine, pay close attention to our removal instructions provided below.

Also, remember that paying the ransom is not recommended as you would be further fueling the malicious operations of whoever is behind Executioner (Cellat) ransomware.

Note! Your computer system may be affected by Executioner (Cellat) Ransomware and other threats.
Scan Your PC with SpyHunter
SpyHunter is a powerful malware removal tool designed to help users with in-depth system security analysis, detection and removal of threats such as Executioner (Cellat) Ransomware.
Keep in mind, that SpyHunter’s scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter’s malware removal tool to remove the malware threats. Read our SpyHunter 5 review. Click on the corresponding links to check SpyHunter’s EULA, Privacy Policy and Threat Assessment Criteria.

To remove Executioner (Cellat) Ransomware follow these steps:

1. Boot Your PC In Safe Mode to isolate and remove Executioner (Cellat) Ransomware files and objects
2. Find files created by Executioner (Cellat) Ransomware on your PC

Use SpyHunter to scan for malware and unwanted programs

3. Scan for malware and unwanted programs with SpyHunter Anti-Malware Tool
4. Try to Restore files encrypted by Executioner (Cellat) Ransomware

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...