Do you know what Enigma Ransomware is?
Enigma Ransomware is a malicious program that might have been created to extort money from the Russian users. Apparently, it encrypts various files on user’s computer and leaves a note written in the Russian language. If you have the infection on your system, you are left with only two choices: either delete the malware and lose your files or pay the ransom. It seems that there are people who have successfully made the payment and received a decryptor. However, if you do not want to put up with the cyber criminal’s demands, you can get rid of the malware. For that reason, we will provide you not only the facts about the malicious program, but also a removal guide that will help you eliminate Enigma Ransomware.
To begin with, the malware might be spread with suspicious email attachments. Some users infected their computer after opening a questionable HTML file that probably executed Enigma Ransomware. If this happened to you, we would advise you to avoid such files in the future or at least scan them with an antimalware tool before launching.
After you launch the malicious file, the infection will settle into your system and begin encrypting your data, such as text documents, photographs, pictures, various videos, and so on. The encrypted files will have an additional extension, e.g. photo1.jpg.enigma. The ransomware uses AES (Advanced Encryption Standard) method to encipher your data. It encrypts data with a unique key of 128 bits, and the same key is required if you want to decrypt your files.
When the encryption process is done, you will receive a notification in the Russian language. As usual for ransomware infections, it will state that your files are encrypted, and the only way to decrypt them is to pay the ransom, which should allow you to obtain your unique key and download the decryptor. The estimated price for your files appears to be almost 0.5 bitcoins, which is about 200 dollars. The notification states that if you want to pay the ransom you have to get the Tor browser and visit a particular site through it. If you do what the note says, you should reach the website that contains further instructions on how to make the payment and get your decryptor. Many similar infections give users some time limit to make the payment or they threaten to destroy the encrypted files, but this malware does not do that. Thus, you have all the time that you need to think this through and decide what you should do with Enigma Ransomware.
We should warn you that if you have copies of your data on some removable media device, do not try to copy them while Enigma Ransomware is still in the system. It could be that the malicious program encrypts the files that are on a plugged in device. If you have no intentions of paying the ransom, you should delete the malware. Users who feel confident enough could take a look at the manual removal instructions located below. The steps will list the exact locations and files related to the Enigma Ransomware that you have to erase. If you do not feel experienced enough for this task, you could download an antimalware tool and use it to eliminate the infection. Make sure that the malware is erased and only then you can copy files from removable media devices, remote clouds, and so on. If you have any question related to this malicious program, do not hesitate to leave us a message in the comments section at the bottom of this page.
Delete Enigma Ransomware
- Press Windows Key+E.
- Insert the following location %Temp%
- Locate text file named as testttt, right-click it and select Delete.
- Copy and paste this directory %AppData%
- Locate another text file titled as testStart and right-click to delete it.
- Navigate to: %UserProfile%\Downloads
- Locate and delete an executable file with a random name (e.g. 4c899de7490gbb7b4e25d28264g6df97).
- Go to: %UserProfile%\Desktop
- Find given files:
 allfilefinds.dat
 enigma.hta
 ENIGMA_807.RSA
 enigma_encr.txt
- Right-click each of the files listed above and select Delete.
- Close the Explorer and press Windows Key+R.
- Type regedit and click OK.
- Navigate to: HKCU\Software\Microsoft\Windows\CurrentVersion\Run
- Search for value names titled as MyProgram and MyProgramOk on the right side of the Registry Editor.
- Right-click MyProgram and MyProgramOk value names separately and press Delete.
- Close the Registry Editor and empty Recycle bin.
In non-techie terms:
The malware locks your data and makes it unusable. You could try to retrieve it by paying the ransom, but if you have a backup, there is no need to pay these cyber criminals that created the malicious program. Enigma Ransomware is a dangerous threat, and if it managed to get into your system, you should think of ways to secure your computer. For instance, you could get a reliable antimalware tool that would help you get rid of the infection. Also, if you keep it updated, the security tool should guard your system from malware.
