Remove Green_Ray Ransomware and Restore .green_ray(@) Files

Remove Green_Ray Ransomware and Restore .green_ray(@) Files

ransomware-virusRansomware doesn’t sleep. Another crypto virus, Green_Ray ransomware, has been “introduced” to users, encrypting their files and demanding a payment for their decryption. Green_Ray has been reported to use asymmetric encryption (a public and a private key). The ransomware appends a green_ray(@) extension. Paying the ransom is not advisory, since the victim may not receive a decryption key. Moreover, ransom payments only help malicious actors evolve their “business” and create even more threats.

Threat Summary

NameGreen_Ray Ransomware
TypeRansomware (Crypto Virus).
Short DescriptionThe ransomware encrypts files with and demands a ransom.
SymptomsFiles are encrypted with the green_ray[@] extension.
Distribution MethodSpam Emails, Email Attachments, File Sharing Networks.
Detection Tool See If Your System Has Been Affected by Green_Ray Ransomware


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss Green_ray Ransomware.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

Research indicates that Green_Ray ransomware is similar to Mahasaraswati and JohnyCryptor. Another similar ransomware may be the one appending .xtbl extension to affected files.

Green_Ray Ransomware Distribution Method

As with most ransomware pieces, Green_Ray is highly likely distributed via aggressive spam emails and malicious URLs. Here is one example of malicious URL that shouldn’t be clicked:


Besides being spread in spam emails, malicious email attachments and via corrupted links, ransomware such as Green_Ray may rely on other distribution vectors as well:

  • Peer-to-peer sharing networks, torrents;
  • Bundling with other suspicious apps;
  • Fake software updates, like Java or Flash;
  • Exploit kits.

Green_Ray Ransomware Technical Overview

Once Green_Ray has entered the system successfully, it will change the victim’s desktop and create a “How to decrypt your files.txt” file. This file contains information to contact the ransomware operators. Two email addresses are provided:

  • Green_ray(@)
  • Green_ray(@)

As mentioned in the beginning, contacting the ransomware operators is not recommended. First, there are many cases of victims who have paid the ransom but never received a decryption key for their files. Second, ransomware has turned into a successful business partially because of victims’ payments.

For now, the amount of the ransom demanded by Green_Ray ransomware is not known. If you have any information about it, don’t hesitate to contact us. You can do this by leaving a comment in our security forums dedicated to malware problems.

Remove Green_ray Ransomware and Restore . green_ray[@] Files

There is still no information if this ransomware affects Shadow Volume Copies. Nonetheless, recent crypto viruses are usually written to delete these copies and thus makе the file restoration process harder. If you have a clean backup of your files, you should try and recover them.

The removal steps below the article will provide you with assistance in case you decide to try and recover your files. But first, consider removing the ransomware via a strong anti-malware program.

Manually delete Green_Ray Ransomware from your computer

Note! Substantial notification about the Green_Ray Ransomware threat: Manual removal of Green_Ray Ransomware requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove Green_Ray Ransomware files and objects
2.Find malicious files created by Green_Ray Ransomware on your PC
3.Fix registry entries created by Green_Ray Ransomware on your PC

Automatically remove Green_Ray Ransomware by downloading an advanced anti-malware program

1. Remove Green_Ray Ransomware with SpyHunter Anti-Malware Tool
2. Back up your data to secure it against infections and file encryption by Green_Ray Ransomware in the future
3. Restore files encrypted by Green_Ray Ransomware
Optional: Using Alternative Anti-Malware Tools

Milena Dimitrova

An inspired writer, focused on user privacy and malicious software. Enjoys 'Mr. Robot' and fears '1984'.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.