Remove Green_Ray Ransomware and Restore .green_ray(@)aol.com.xtbl Files
THREAT REMOVAL

Remove Green_Ray Ransomware and Restore .green_ray(@)aol.com.xtbl Files

OFFER

SCAN YOUR PC
with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by Green_Ray Ransomware and other threats.
Threats such as Green_Ray Ransomware may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

ransomware-virusRansomware doesn’t sleep. Another crypto virus, Green_Ray ransomware, has been “introduced” to users, encrypting their files and demanding a payment for their decryption. Green_Ray has been reported to use asymmetric encryption (a public and a private key). The ransomware appends a green_ray(@)aol.com.xtbl extension. Paying the ransom is not advisory, since the victim may not receive a decryption key. Moreover, ransom payments only help malicious actors evolve their “business” and create even more threats.

Threat Summary

NameGreen_Ray Ransomware
TypeRansomware (Crypto Virus).
Short DescriptionThe ransomware encrypts files with and demands a ransom.
SymptomsFiles are encrypted with the green_ray[@]aol.com.xtbl extension.
Distribution MethodSpam Emails, Email Attachments, File Sharing Networks.
Detection Tool See If Your System Has Been Affected by Green_Ray Ransomware

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss Green_ray Ransomware.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

Research indicates that Green_Ray ransomware is similar to Mahasaraswati and JohnyCryptor. Another similar ransomware may be the one appending .xtbl extension to affected files.

Green_Ray Ransomware Distribution Method

As with most ransomware pieces, Green_Ray is highly likely distributed via aggressive spam emails and malicious URLs. Here is one example of malicious URL that shouldn’t be clicked:

spam-email-sensorstechforum

Besides being spread in spam emails, malicious email attachments and via corrupted links, ransomware such as Green_Ray may rely on other distribution vectors as well:

  • Peer-to-peer sharing networks, torrents;
  • Bundling with other suspicious apps;
  • Fake software updates, like Java or Flash;
  • Exploit kits.

Green_Ray Ransomware Technical Overview

Once Green_Ray has entered the system successfully, it will change the victim’s desktop and create a “How to decrypt your files.txt” file. This file contains information to contact the ransomware operators. Two email addresses are provided:

  • Green_ray(@)aol.com
  • Green_ray(@)india.com

As mentioned in the beginning, contacting the ransomware operators is not recommended. First, there are many cases of victims who have paid the ransom but never received a decryption key for their files. Second, ransomware has turned into a successful business partially because of victims’ payments.

For now, the amount of the ransom demanded by Green_Ray ransomware is not known. If you have any information about it, don’t hesitate to contact us. You can do this by leaving a comment in our security forums dedicated to malware problems.

Remove Green_ray Ransomware and Restore . green_ray[@]aol.com.xtbl Files

There is still no information if this ransomware affects Shadow Volume Copies. Nonetheless, recent crypto viruses are usually written to delete these copies and thus makе the file restoration process harder. If you have a clean backup of your files, you should try and recover them.

The removal steps below the article will provide you with assistance in case you decide to try and recover your files. But first, consider removing the ransomware via a strong anti-malware program.

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...