What is [email protected]? [email protected] is one of the latest ransomware that was released recently. According to researchers, this ransomware is one of the most dangerous ones developed for it acts like an advanced version of ransomware by applying strong and complicated algorithm in encrypting your computer’s files. Its name [email protected] comes from the contact email in the ransom note which is contained on a .txt file entitled “HOW TO DECRYPT FILES.txt” that embodies the following message:
“All your important files were encrypted on this computer.
You can verify this by click on see files an try open them.
Encrtyption was produced using unique KEY generated for this computer.
To decrypted files, you need to otbtain private key.
The single copy of the private key, with will allow you to decrypt the files, is locate on a secret server on the internet;
The server will destroy the key within 24 hours after encryption completed.
Payment have to be made in maxim 24 hours
To retrieve the private key, you need to pay 3 BITCOINS
Bitcoins have to be sent to this address: 1NJNG57hFPPcmSmFYbxKmL33uc5nLwYLCK
After you’ve sent the payment send us an email to: [email protected] with subject: ERROR-ID-(Redacted)(3BITCOINS)
If you are not familiar with bitcoin you can buy it from here:
SITE: www.localbitcoin.com
After we confirm the payment, we send the private key so you can decrypt your system.
This ransomware is no joke for it has the ability to bring even more problem to its victims as well as the infected computer. Its malicious extension will automatically change the original files to encrypted ones making it impossible to access. Like most file-encrypting infection this ransomware follows the classic pattern. Once it infiltrates your computer, it works secretly so won’t know you have it until it is too late. This ransomware scans your computer to locate your files especially the important ones that you frequently open like work-related documents, pictures, etc. It encrypts all of it and then shows you the .txt file which contains the ransom note. So to be safe, make sure to make another copy of your important files and save them on a different location.
How does this ransomware infect your computer? The [email protected] uses the good old way in getting into your computer. One of it is through spam emails. These spam emails often contain suspicious attachments that are usually opened by the victims especially if the message appears to be from someone in a higher position or someone who appears to be legit. Apart from spam emails, this ransomware is also distributed through websites who offer free software and is bundled with other software that can also contain this nefarious infection.
Follow these steps below to remove [email protected] Ransomware:
Step 1: Reboot your computer into Safe Mode.
Step 2: Open Windows Task Manager by pressing Ctrl+Shift+Esc at the same time and select the Processes tab and look for any suspicious processes that might be related to [email protected] Ransomware.
Right-click on the files, then click Open File Location and scan them using your updated antivirus. After opening their folders, end their processes and delete their folders. If the virus scanner fails to detect something that you know is suspicious, don’t hesitate to delete it.
Step 3: Open the Windows Registry Editor by typing Regedit.
Keep in mind that making changes on your Windows Registry can cause a big effect on your computer system. So if you are not that familiar with exploring your computer, it is best to seek the help of an expert to assist you in fixing the trouble that is the [email protected] Ransomware. It is always better if you create a backup of any files you want to modify by exporting it to any desired location, that way you can always restore it if something happens.
Once you’ve opened the Registry Editor, press Ctrl + F and type in [email protected], right-click and delete any entries with the same name as [email protected] Ransomware. If you can’t find anything under [email protected], look for it manually under these directories:
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
Step 4: Go to Control Panel by pressing the Start key + R to launch Run and type appwiz.cpl in the search box and click OK.
Look for [email protected] or other suspicious programs. Right-click on it and click Uninstall.
Locate the [email protected] Ransomware or any suspicious program and then Uninstall. Then click the Windows button and type msconfig in the search box and hit Enter to Open System Configuration. Go to Startup and unmark items which have an unknown manufacturer.
Going through all these procedures and steps can be quite troublesome and may take a long time especially if you are not tech savvy. For a hassle-free and one-click solution, we strongly suggest installing SpyRemover Pro to help you remove [email protected] Ransomware and prevent potentially unwanted programs like this from infecting your computer as well as other harmful and severe threats.
Decrypting your encrypted files:
Restoring your files shouldn’t be hard as long as it still has its shadow volume copies. This method is one of the safest methods you can try in restoring your encrypted data.
To restore the encrypted file, right-click on it and select Properties, a new window will pop-up, then proceed to Previous Versions. It will load the file’s previous version before it was modified. After it loads, select any of the previous versions displayed on the list like the one in the illustration below. And then click the Restore button.