Remove Styx Ransomware Virus - Restore .Styx Files

Remove Styx Ransomware Virus – Restore .Styx Files

This article will help you remove Styx ransomware efficiently. Follow the ransomware removal instructions provided at the bottom of the article.

Styx is a virus that encrypts your files and demands money as a ransom to get your files restored. Files are encrypted with the AES-256 military grade algorithm. The Styx cryptovirus will encrypt your data and files, while also placing the .Styx extension to each locked file. You are demanded to pay around 300 US dollars in the Bitcoin cryptocurrency as a ransom payment to supposedly restore your data. Read on through the article and see how you could try to potentially recover some of your data and files.

Threat Summary

TypeRansomware, Cryptovirus
Short DescriptionThe ransomware encrypts files on your computer machine and demands a ransom of $300 to be paid in the Bitcoin cryptocurrency to allegedly recover them.
SymptomsThe ransomware will encrypt your files with the AES-256 encryption algorithm. All locked files will have the .Styx extension.
Distribution MethodSpam Emails, Email Attachments
Detection Tool See If Your System Has Been Affected by Styx


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss Styx.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

Styx Ransomware – Delivery Methods

Styx ransomware might spread its infection with various methods. A payload dropper which initiates the malicious script for this ransomware is being spread around the World Wide Web, and researchers have gotten their hands on a malware sample. If that file lands on your computer system and you somehow execute it – your computer system will become infected. You can see the detections of such a file on the VirusTotal service right down here:

Styx ransomware might also distribute its payload file on social media and file-sharing services. Freeware which is found on the Web can be presented as helpful also be hiding the malicious script for the cryptovirus. Refrain from opening files right after you have downloaded them. You should first scan them with a security tool, while also checking their size and signatures for anything that seems out of the ordinary. You should read the tips for preventing ransomware found in the forum section.

Styx Ransomware – Detailed Analysis

Styx is a virus that encrypts your files and extorts you to pay a ransom to supposedly recover them. The extortionists want you to pay in Bitcoin for the alleged restoration of your files. Interestingly enough, Styx is also a goddess and a river in Greek mythology.

Some malware researchers even point out that the very first version of the virus has been spotted on the November 21, 2017. The low detection rate in VirusTotal suggests that Styx can hide itself from a lot of the Anti-virus software, but it will eventually will be added to their databases.

The list of filenames used for the executable of the ransomware suggests that this is even version 1.2:

  • STX.exe
  • STX1.2.exe
  • FacebookHackerTool V4.7.exe
  • Reloder Activator.exe
  • Application.exe

Styx ransomware could make entries in the Windows Registry to achieve persistence, and could launch or repress processes in a Windows environment. Such entries are typically designed in a way to launch the virus automatically with each start of the Windows operating system.

After encryption the Styx virus drops a ransom message in the following files:


The note can be viewed from both .txt and .html files. You can see its contents from the following screenshot given here:

The ransom note states the following:

All of your files have been encrypted by Styx Ransomware!

—-Not your language? USE:—-
All of your files (photos, videos, documents, etc) are encrypted using AES-256 bit encryption

Decrypting of your files is only possible with the private key and a decrypt program which is on our secret server.
Decryption of your files will cost you $300 Dollars worth of Bitcoin
Your files will be lost at 12/21/2017 8:43:57 AM, when this date has been passed your files are lost forever.

Please follow these instructions:

1. You can make a payment with Bitcoin, there are many methods to get them.

2. Register a bitcoin wallet or login to one if you already have one, if you don’t we recommend

3. Purchasing Bitcoins, altought it’s not yet easy to buy bitcoins, it’s getting simpler every day

Here are our recommendations: International

4. Send 300$ dollars worth of Bitcoins to the address specified below. After sending bitcoins send email to [email protected] with your Personal Identifier and your Bitcoin transaction ID
We will send you the decryption key and program after the payment has been confirmed

Bitcoin Address: 15mA1ea42KSRpjYDiEJYjrHCjjMp3Cq3SG
Bitcoin Amount: 300$ dollars worth of Bitcoins
5. After your payment has been confirmed, you will receive your decryption program and key in 1 hour
to email address that was used in Step 4.

The following e-mail address is used to contact the cybercriminals:

However, it is advised against contacting them. The e-mail address suggests that the TOR network and Mail2Tor mailing service is used by the crooks to preserve their anonymity.

The note of the Styx ransomware states that your files are encrypted. You are demanded to pay 300 US dollars in the Bitcoin cryptocurrency. However, you should NOT under any circumstances pay any ransom. Your files may not get recovered, and nobody could give you a guarantee for that. Moreover, giving money to cybercriminals will most likely motivate them to create more ransomware viruses or commit different criminal acts.

Styx Ransomware – Encryption Process

What is known for the encryption process of the Styx ransomware is that every file that gets encrypted will receive the .Styx extension. The encryption algorithm used to lock files is AES with 256-bit ciphers and also says so in the ransom note message.

The targeted extensions of files which are sought to get encrypted are listed down below:

→.123, .602, .asm, .CSV, .dif, .DOC, .docb, .docm, .docx, .DOT, .dotm, .dotx, .hwp, .mml, .odg, .odp, .ods, .odt, .otg, .otp, .ots, .ott, .pdf, .pot, .potm, .potx, .ppam, .pps, .ppsm, .ppsx, .PPT, .pptm, .pptx, .RTF, .rtf, .sldm, .sldx, .slk, .stc, .std, .sti, .stw, .sxc, .sxd, .sxi, .sxm, .sxw, .txt, .uop, .uot, .wb2, .wk1, .wks, .xlc, .xlm, .XLS, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml

The Styx cryptovirus could be set to erase all the Shadow Volume Copies from the Windows operating system with the help of the following command:

→vssadmin.exe delete shadows /all /Quiet

In case the above-stated command is executed that will make the encryption process more efficient. That is due to the fact that the command eliminates one of the prominent ways to restore your data. If your computer device was infected with this ransomware and your files are locked, read on through to find out how you could potentially restore your files back to normal.

Remove Styx Ransomware and Restore .Styx Files

If your computer got infected with the Styx ransomware virus, you should have a bit of experience in removing malware. You should get rid of this ransomware as quickly as possible before it can have the chance to spread further and infect other computers. You should remove the ransomware and follow the step-by-step instructions guide provided below.

Berta Bilbao

Berta is a dedicated malware researcher, dreaming for a more secure cyber space. Her fascination with IT security began a few years ago when a malware locked her out of her own computer.

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share