Remove Green_Ray Ransomware and Restore .green_ray(@) Files

Remove Green_Ray Ransomware and Restore .green_ray(@) Files

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

ransomware-virusRansomware doesn’t sleep. Another crypto virus, Green_Ray ransomware, has been “introduced” to users, encrypting their files and demanding a payment for their decryption. Green_Ray has been reported to use asymmetric encryption (a public and a private key). The ransomware appends a green_ray(@) extension. Paying the ransom is not advisory, since the victim may not receive a decryption key. Moreover, ransom payments only help malicious actors evolve their “business” and create even more threats.

Threat Summary

NameGreen_Ray Ransomware
TypeRansomware (Crypto Virus).
Short DescriptionThe ransomware encrypts files with and demands a ransom.
SymptomsFiles are encrypted with the green_ray[@] extension.
Distribution MethodSpam Emails, Email Attachments, File Sharing Networks.
Detection Tool See If Your System Has Been Affected by Green_Ray Ransomware


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss Green_ray Ransomware.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

Research indicates that Green_Ray ransomware is similar to Mahasaraswati and JohnyCryptor. Another similar ransomware may be the one appending .xtbl extension to affected files.

Green_Ray Ransomware Distribution Method

As with most ransomware pieces, Green_Ray is highly likely distributed via aggressive spam emails and malicious URLs. Here is one example of malicious URL that shouldn’t be clicked:


Besides being spread in spam emails, malicious email attachments and via corrupted links, ransomware such as Green_Ray may rely on other distribution vectors as well:

  • Peer-to-peer sharing networks, torrents;
  • Bundling with other suspicious apps;
  • Fake software updates, like Java or Flash;
  • Exploit kits.

Green_Ray Ransomware Technical Overview

Once Green_Ray has entered the system successfully, it will change the victim’s desktop and create a “How to decrypt your files.txt” file. This file contains information to contact the ransomware operators. Two email addresses are provided:

  • Green_ray(@)
  • Green_ray(@)

As mentioned in the beginning, contacting the ransomware operators is not recommended. First, there are many cases of victims who have paid the ransom but never received a decryption key for their files. Second, ransomware has turned into a successful business partially because of victims’ payments.

For now, the amount of the ransom demanded by Green_Ray ransomware is not known. If you have any information about it, don’t hesitate to contact us. You can do this by leaving a comment in our security forums dedicated to malware problems.

Remove Green_ray Ransomware and Restore . green_ray[@] Files

There is still no information if this ransomware affects Shadow Volume Copies. Nonetheless, recent crypto viruses are usually written to delete these copies and thus makе the file restoration process harder. If you have a clean backup of your files, you should try and recover them.

The removal steps below the article will provide you with assistance in case you decide to try and recover your files. But first, consider removing the ransomware via a strong anti-malware program.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share