2 Remove Virus

Remove ransomware and recover your files

How To Remove “Your personal files are encrypted” Ransomware and recover your files for free

When it comes to malware, there are many types, with varying levels of severity. Ransomware is one of the most dangerous types of malware you can get, as it can take your files for hostage and demand a payment to get them back. But there are several of types of ransomware, and not all of them encrypt files. In order to help you find out which type of ransomware you are actually dealing with, how to get rid of it, and how to recover files if they have been encrypted, we have prepared this article.

So here’s what you need to know about ransomware.

The types of ransomware you may encounter:

Fake ransomware

In rare cases, you might encounter malware that claims it has encrypted your files when it actually hasn’t. From first glance, the malware may resemble actual ransomware, as it renames your files, adds a weird extension, and displays a ransom note. However, while it may appear as if files have been encrypted, they aren’t. If you can open the supposedly encrypted files, you’re dealing with fake ransomware. Anti-malware software like WiperSoft should be able to get rid of the fake ransomware infecting your computer, and you can go back to normal computer use.

  1. You can download WiperSoft from the below link.
    WiperSoft DOWNLOAD LINK
  2. When WiperSoft has finished downloading, double-click on the “wipersoft-installer” file to install WiperSoft on your computer.
  3. When the WiperSoft installation begins, you will see the WiperSoft Setup Wizard which will guide you through the installation process.
  4. Once installed, WiperSoft will automatically start and update the antivirus database. To start a system scan you can click on the “Scan Now” button.

Screenlock malware

A couple of years ago, screenlock malware was very widely encountered, but is not so common nowadays. What the malware essentially does is it locks your screen and displays a message saying you need to pay money in order to unlock the screen. The lock screens usually display messages supposedly from government or law enforcement agencies claiming that you have broken the law and need to pay a fine.

A very common version of this malware displays messages from the “FBI” and claims that users have downloaded/watched copyrighted content illegally, or in many cases, child pornography. Supposedly, unless the users agrees to pay money, he/she will be arrested. While the message may scare a few users in the beginning, realistically it doesn’t make much sense. If someone was caught consuming child pornography in any way, they would be facing jail time, and would not be asked to pay a couple of hundred dollars via gift cards. But while the lock screens are always very obviously fake, the shock of seeing such a message may prompt more than a few people to pay the requested sum.

The thing about these screenlock viruses is that they don’t actually harm your computer, they merely freeze your screen to make their messages more believable. All you need to do is remove the malware in your computer with anti-malware like WiperSoft, and the screenlock will disappear, allowing you to go back to normal computer use.

File-encrypting ransomware

This is the most serious type of ransomware you can encounter, and infection could mean loss of files. The most widely known names when it comes to ransomware are Locky, WannaCry, NotPetya, CryptoLocker, BadRabbit, GandCrab, TeslaCrypt, etc. While some screenlock malware merely claims to have locked your files, these infections actually do. Once files are encrypted, they cannot be opened until they have been decrypted with a special tool which ransomware creators will try to sell you.

While actual file-encrypting malware seems scary, avoiding losing your files isn’t actually hard. All you need to do is back up files you don’t want to lose prior to getting infected. But if it’s already too late, and you have no backup for encrypted files, there’s still some hope.

How to Restore Ransomware infected Files

Removing ransomware can be tricky business, especially if you have little experience with such things. Fortunately, if you can manage to launch anti-malware software, the program would take care of everything. However, some malware, particularly screenlock, can prevent you from running security software. If that is the case, you should try running your computer in Safe Mode.

If you’re running your Windows in Safe Mode, only core functions will be running, which may prevent malware from blocking your anti-virus program. When you boot your computer in Safe Mode, run a scan with an anti-malware program like Avast, Kaspersky, Norton, Sophos, BitDefender. If you don’t have anti-virus installed, boot your computer in Safe Mode with Networking and download the tool of your choice. The anti-virus program should be able to detect and delete the ransomware. If you don’t know how to do it, here are instructions on how to enter Safe Mode:

Windows 7/Vista

Immediately after you restart the computer, start tapping the F8 key repeatedly. When Advanced Boot Options open, go down to Safe Mode or Safe Mode with Networking and press Enter.

Windows 8

Press Windows key + C, and select Settings. Press Power and hold down the Shift key. Press Restart. Once given the option, Troubleshoot -> Advanced options -> Startup Settings -> Restart. Press the key 4 to enter Safe Mode, or the key 5 to enter Safe Mode with Networking.

Windows 10

Press Start -> Power, hold the Shift key and press Restart. Once given the option, Troubleshoot -> Advanced options -> Startup Settings -> Restart. Press the key 4 to enter Safe Mode, or the key 5 to enter Safe Mode with Networking.

If you were unable to remove ransomware this way, System Restore may be of help. System Restore essentially returns your system files and programs to the state they were in at a certain time. In simple terms, it would restore your system to a point prior to infection. It should be mentioned that while this feature needs to be turned on, Windows usually has it on by default. Here’s how to launch System Restore.

Windows 7/Vista

Immediately after you restart the computer, start tapping the F8 key repeatedly. When Advanced Boot Options open, go down to Repair Your Computer and press Enter. If you are asked to, log in to your user.

Windows 8

Press Windows key + C, and select Settings. Press Power and hold down the Shift key. Press Restart. Once given the option, Troubleshoot -> Advanced options -> System Restore.

Windows 10

Press Start -> Power, hold the Shift key and press Restart. Once given the option, Troubleshoot -> Advanced options -> System Restore.

When System Restore is launched, follow the instructions on the screen.

When is it possible to recover files

Fake ransomware and screenlockers don’t encrypt your files, so if you are dealing with those types of malware, you should be able to open your files as usual. However, if your files have been encrypted, you’re in a bit more trouble.

First of all, we feel it’s necessary to stress that paying the ransom does not mean you will be sent a decryptor. Ransomware is created/distributed by cyber criminals, and they won’t necessarily feel obligated to help you recover files even after you have paid. So in the end, you could be wasting money.

The easiest way to recover files would be from backup. If you regularly back up your files, get rid of the ransomware and then recover them. However, storing backup copies of important files is not as common as it should be, which is why this is the part where we lecture you about having backup. You have likely heard it all before, but we still feel it’s necessary to remind you that backup is the only sure way to get files back if they’ve been lost or encrypted. So if you haven’t already, look into the various backup options available.

If you find yourself with encrypted files and no backup, all is not lost. Some ransomware is decryptable, and experts may have released a free decryption tool. No More Ransom have great resources to help you, including links to download decryption tools for various ransomware.

The battle is over for these ransomware threats. If you have been infected with one of these types of ransomware click on the link under its name and it will lead you to a decryption tool. All Ransom (alphabetical order): https://www.nomoreransom.org/en/decryption-tools.html

  1.     777 Ransomware FREE Decryptor – Trend Micro Ransomware Decryptor is designed to decrypt files encrypted by 777 Ransom.
  2.     AES_NI Ransomware FREE Decryptor – Rakhni Decryptor is designed to decrypt files encrypted by AES_NI Ransom.
  3.     Agent.iih Ransom FREE decryptor – Rakhni Decryptor is designed to decrypt files encrypted by AES_NI Ransom.
  4.     Alcatraz Ransomware FREE Files Decryptor
  5.     Alpha Ransomware FREE Files Decryptor
  6.     Amnesia Ransomware FREE Files Decryptor
  7.     Amnesia2 Ransomware FREE Files Decryptor
  8.     Annabelle Ransomware FREE Files Decryptor – Tool made by Bitdefender , Tool made by Bleeping Computer 
  9.     Aura Ransomware FREE Files Decryptor – Tool made by Kaspersky Lab 
  10.     Aurora Ransomware FREE Files Decryptor – Tool made by Bleeping Computer 
  11.     AutoIt Ransomware FREE Files Decryptor – Tool made by Kaspersky Lab , Tool made by Kaspersky Lab 
  12.     AutoLocky Ransomware FREE Files Decryptor – Tool made by Trend Micro
  13.     BTCWare Ransomware FREE Files Decryptor – Tool made by Avast
  14.     BadBlock Ransomware FREE Files Decryptor – Tool made by Trend Micro
  15.     BarRax Ransomware FREE Files Decryptor – Tool made by Check Point
  16.     Bart Ransomware FREE Files Decryptor – Tool made by Avast , Tool made by Bitdefender 
  17.     Bitcryptor Ransomware FREE Files Decryptor
  18.     CERBER V1 Ransomware FREE Files Decryptor
  19.     Chimera Ransomware FREE Files Decryptor
  20.     Coinvault Ransomware FREE Files Decryptor
  21.     Cry128 Ransomware FREE Files Decryptor
  22.     Cry9 Ransomware FREE Files Decryptor
  23.     CrySIS Ransomware FREE Files Decryptor
  24.     Cryakl Ransomware FREE Files Decryptor
  25.     Crybola Ransomware FREE Files Decryptor
  26.     Crypt888 Ransomware FREE Files Decryptor
  27.     CryptON Ransomware FREE Files Decryptor
  28.     CryptXXX V1 Ransomware FREE Files Decryptor
  29.     CryptXXX V2 Ransomware FREE Files Decryptor
  30.     CryptXXX V3 Ransomware FREE Files Decryptor
  31.     CryptXXX V4 Ransomware FREE Files Decryptor
  32.     CryptXXX V5 Ransomware FREE Files Decryptor
  33.     CryptoMix Ransomware FREE Files Decryptor
  34.     Cryptokluchen Ransomware FREE Files Decryptor
  35.     DXXD Ransomware FREE Files Decryptor
  36.     Damage Ransomware FREE Files Decryptor
  37.     Democry Ransomware FREE Files Decryptor
  38.     Derialock Ransomware FREE Files Decryptor
  39.     Dharma Ransomware FREE Files Decryptor
  40.     EncrypTile Ransomware FREE Files Decryptor
  41.     Everbe 1.0 Ransomware FREE Files Decryptor
  42.     FenixLocker Ransomware FREE Files Decryptor
  43.     FilesLocker v1 and v2 Ransomware FREE Files Decryptor
  44.     Fury Ransomware FREE Files Decryptor
  45.     GandCrab (V1, V4 and V5 versions) Ransomware FREE Files Decryptor
  46.     Globe Ransomware FREE Files Decryptor
  47.     Globe/Purge Ransomware FREE Files Decryptor
  48.     Globe2 Ransomware FREE Files Decryptor
  49.     Globe3 Ransomware FREE Files Decryptor
  50.     GlobeImposter Ransomware FREE Files Decryptor
  51.     Gomasom Ransomware FREE Files Decryptor
  52.     HiddenTear Ransomware FREE Files Decryptor
  53.     InsaneCrypt Ransomware FREE Files Decryptor
  54.     Jaff Ransomware FREE Files Decryptor
  55.     Jigsaw Ransomware FREE Files Decryptor
  56.     LECHIFFRE Ransomware FREE Files Decryptor
  57.     LambdaLocker Ransomware FREE Files Decryptor
  58.     Lamer Ransomware FREE Files Decryptor
  59.     Linux.Encoder.1 Ransomware FREE Files Decryptor
  60.     Linux.Encoder.3 Ransomware FREE Files Decryptor
  61.     Lortok Ransomware FREE Files Decryptor
  62.     MacRansomware FREE Files Decryptor
  63.     Marlboro Ransomware FREE Files Decryptor
  64.     Marsjoke aka Polyglot Ransomware FREE Files Decryptor
  65.     Merry X-Mas Ransomware FREE Files Decryptor
  66.     MirCop Ransomware FREE Files Decryptor
  67.     Mole Ransomware FREE Files Decryptor
  68.     Nemucod Ransomware FREE Files Decryptor
  69.     NemucodAES Ransomware FREE Files Decryptor
  70.     Nmoreira Ransomware FREE Files Decryptor
  71.     Noobcrypt Ransomware FREE Files Decryptor
  72.    Ozozalocker Ransomware FREE Files Decryptor
  73.     PHP Ransomware FREE Files Decryptorware
  74.     Philadelphia Ransomware FREE Files Decryptor
  75.     Pletor Ransomware FREE Files Decryptor
  76.     Popcorn Ransomware FREE Files Decryptor
  77.     Pylocky Ransomware FREE Files Decryptor
  78.     Rakhni Ransomware FREE Files Decryptor
  79.     Rannoh Ransomware FREE Files Decryptor
  80.     Rotor Ransomware FREE Files Decryptor
  81.     SNSLocker Ransomware FREE Files Decryptor
  82.     Shade Ransomware FREE Files Decryptor
  83.     Simplocker Ransomware FREE Files Decryptor
  84.     Stampado Ransomware FREE Files Decryptor
  85.     Teamxrat/Xpan Ransomware FREE Files Decryptor
  86.     TeslaCrypt V1 Ransomware FREE Files Decryptor
  87.     TeslaCrypt V2 Ransomware FREE Files Decryptor
  88.     TeslaCrypt V3 Ransomware FREE Files Decryptor
  89.     TeslaCrypt V4 Ransomware FREE Files Decryptor
  90.     Thanatos Ransomware FREE Files Decryptor
  91.     Trustezeb Ransomware FREE Files Decryptor
  92.     Wildfire Ransomware FREE Files Decryptor
  93.     XData Ransomware FREE Files Decryptor
  94.     XORBAT Ransomware FREE Files Decryptor
  95.     XORIST Ransomware FREE Files Decryptor
  96.     XORIST Ransom FREE files Decryptor

https://www.nomoreransom.org/en/decryption-tools.html – IMPORTANT! Before downloading and starting the solution, read the how-to guide. Make sure you remove the malware from your system first, otherwise it will repeatedly lock your system or encrypt files. Any reliable antivirus solution can do this for you.

If you have no backup and a decryption tool is not available for the ransomware you are dealing with, you may be able to recover files via Shadow Volume Copies. Download Shadow Explorer and follow the on-screen instructions to see if you can recover files this way. It this method does not work, the ransomware has deleted the copies.

How to avoid ransomware altogether

The best remedy for ransomware is not getting it in the first place. Don’t open questionable email attachments without making sure they are safe, install all available updates for your system and programs, don’t download anything from questionable sources, and avoid clicking on ads when on dubious websites. Lastly, keep a trustworthy anti-virus software with real-time protection running at all times.

If you need any decryption key – please write in the comment!

Quick Menu

Step 1. Delete ransomware using Safe Mode with Networking.

Remove ransomware from Windows 7/Windows Vista/Windows XP
  1. Click on Start and select Shutdown.
  2. Choose Restart and click OK.
  3. Start tapping F8 when your PC starts loading.
  4. Under Advanced Boot Options, choose Safe Mode with Networking.
  5. Open your browser and download the anti-malware utility.
  6. Use the utility to remove ransomware
Remove ransomware from Windows 8/Windows 10
  1. On the Windows login screen, press the Power button.
  2. Tap and hold Shift and select Restart.
  3. Go to Troubleshoot → Advanced options → Start Settings.
  4. Choose Enable Safe Mode or Safe Mode with Networking under Startup Settings.
  5. Click Restart.
  6. Open your web browser and download the malware remover.
  7. Use the software to delete ransomware

Step 2. Restore Your Files using System Restore

Delete ransomware from Windows 7/Windows Vista/Windows XP
  1. Click Start and choose Shutdown.
  2. Select Restart and OK
  3. When your PC starts loading, press F8 repeatedly to open Advanced Boot Options
  4. Choose Command Prompt from the list.
  5. Type in cd restore and tap Enter.
  6. Type in rstrui.exe and press Enter.
  7. Click Next in the new window and select the restore point prior to the infection.
  8. Click Next again and click Yes to begin the system restore.
Delete ransomware from Windows 8/Windows 10
  1. Click the Power button on the Windows login screen.
  2. Press and hold Shift and click Restart.
  3. Choose Troubleshoot and go to Advanced options.
  4. Select Command Prompt and click Restart.
  5. In Command Prompt, input cd restore and tap Enter.
  6. Type in rstrui.exe and tap Enter again.
  7. Click Next in the new System Restore window.
  8. Choose the restore point prior to the infection.
  9. Click Next and then click Yes to restore your system.