Executioner (Cellat) ransomware is yet another crypto virus recently discovered by security researchers at MalwareHunterTeam. The Executioner ransomware encrypts the user’s data and appends six random characters to the encrypted files. The crypto virus also changes the desktop wallpaper of the victim’s computer, and creates an HTML file identified as Sifre_Coz_Talimat.html which is dropped in every folder with encrypted files. This article is designed to help you to remove the ransomware and try to restore your encrypted files.
|Name||Executioner (Cellat) Ransomware|
|Short Description||The Executioner ransomware encryptс files on your computer and displays a ransom message, demanding that $150 are sent to a Bitcoin address.|
|Symptoms||Your files are encrypted, a ransom note is displayed. The desktop wallpaper is changed to a ransom note in Turkish.|
|Distribution Method||Spam Emails, Email Attachments, Freeware Bundles, Social Media, etc.|
|Detection Tool|| See If Your System Has Been Affected by Executioner (Cellat) Ransomware |
Malware Removal Tool
|User Experience||Join Our Forum to Discuss Executioner (Cellat) Ransomware.|
|Data Recovery Tool||Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
Executioner (Cellat) Ransomware Distribution
The Executioner ransomware also known as Cellat ransomware is most likely spread via spam emails containing malicious email attachments, pdf attachments and Word documents prompting the user to enable Macros, etc. Most recent ransomware cases rely on this method of distribution because of its high success rates. Most users tend to be careless with suspicious emails which often lead to ransomware and malware infections. A perfect example here is the way of distribution used by the .sVn variant of the well-known Jaff ransomware.
However, there are other probable methods of infections that could be used by the creators of the Executioner crypto virus. A payload dropper which triggers its malicious script could be spread online. The ransomware may also be spreading the payload file on social media websites and file-sharing services. Another popular method of ransomware and malware distribution is via freeware packages where a program may be bundled with malicious programs.
To avoid infections of that kind, be extremely cautious when dealing with files downloaded from the Web as well as with emails sent by unknown or suspicious entities. More useful tips on avoiding ransomware are published in our forum https://sensorstechforum.com/forums/pc-tips-tricks/tips-about-ransomware/ . We advise you to read them carefully and drop a question in case you have any.
Executioner (Cellat) Ransomware Technical Details
As usual, the wallpaper set by the ransomware contains a ransom demand written in Turkish. The demanded ransom is in Bitcoin and amounts to $150 USD.
The website of the ransomware contains the following message:
Read The Instructions!
Send 150$ (Dollar)-(USD) to this Bitcoin Adress: 164eQzsZUZCR9mfLWGdiqqGcUyQsYcX6vU – Case Sensitive!
IN ORDER TO DECRYPT YOUR FILES BACK!
DO NOT FORGET ! You can use services called LocalBitcoins.com, CoinBase.com and Paxful.com to send BITCOIN!
Follow the instructions that given below step by steps once you have done the sending BITCOIN process!
Your COMPUTER has been infected by Executioner (CELLAT) Ransomware and ALL OF YOUR FILES SAFELY ENCRYPTED!!
In order to DECRYPT your pictures, videos, documents and ALL OF YOUR ENCRYPTED FILES you have to send 150$ (USD) worth of BITCOIN to the BITCOIN ADRESS that GIVEN ABOVE!!!,
Otherwise your files will not be accessible!! If you have finished this step once, please skip this step!
DO NOT FORGET ! You can remove the virus from your computer BUT! You cannot decrypt and recover your encrypted files!! THE ONLY WAY is to save and decrypt your files is to buy a DECRYPTION KEY! Once You send 150$ (USD) worth of BITCOIN to the adress that given below than there is nothing to worry about!! Please Keep Continue Reading!!
After sending payment of 150$ (USD) worth of Bitcoin, Then open the .HTML file located on YOUR DESKTOP called Sifre_Coz_Talimat.html and you will see an COMPUTER ID copy that COMPUTER ID than email it to the mail address that given below!!
email adress : “email@example.com”
Immediately afterwards, you will receive an email with the DECRYPTION KEY and DECRYPTION SOFTWARE within 24 HOURS!!
IMPORTANT!! DO NOT FORGET TO SEND YOUR BITCOIN WALLET ADRESS AND YOUR COMPUTER ID TO THE EMAIL ADRESS THAT GIVEN ABOVE!!
ALSO All Of YOUR FILES ARE ENCRYPTED WITH RSA-2018 ENCRYPTION!!
IT IS NOT POSSIBLE TO SOLVE THIS CIPHER!!!
PROOF OF FILE DECRYPTION PROCESS!!
As for the encryption algorithms used by Executioner (Cellat) ransomware, it is not known yet. However, considering how evolved most ransomware viruses are, it is highly likely that the creators of Executioner (Cellat) employed a sophisticated encryption nearly impossible to decrypt without the decryption key possessed by the cybercriminals.
Remove Executioner (Cellat) Ransomware: Methods
If your computer got infected with the Executioner (Cellat) ransomware and you wish to remove it manually from your system, note that you should have at least a bit of experience in removing ransomware or malware. Still, you should get rid of this ransomware immediately before it gets the chance to spread further and infect more computers. To remove Executioner (Cellat) ransomware entirely from your machine, pay close attention to our removal instructions provided below.
Also, remember that paying the ransom is not recommended as you would be further fueling the malicious operations of whoever is behind Executioner (Cellat) ransomware.