Home / Spyware Help / parambingobam@cock.li Ransomware Removal Guide

parambingobam@cock.li Ransomware Removal Guide

by 0 Comments

Do you know what parambingobam@cock.li Ransomware is?

You can be sure that it is parambingobam@cock.li Ransomware that infected your Windows operating system when you find “.id-[8 character ID].[parambingobam@cock.li].adobe” attached to your personal files. You also should be unable to open or read these files because they are encrypted, which means that data is scrambled. Is this a permanent state? Although, theoretically, a decryptor should exist and should help read the files, it is most likely that the files encrypted by this malware are lost for good. Our research team is familiar with this threat because it comes from the Crysis/Dharma family, and a few other threats that come from it include Dharma Ransomware (audit24@qq.com variation), Backdata@qq.com Ransomware, and helpfilerestore@india.com Ransomware. These threats might have different names, but they are all identical, and we know how to delete them. With this report, we want to help you remove parambingobam@cock.li Ransomware.

Since all Crysis infections are identical, the different variants are named after the email addresses or the extensions that are attached to the corrupted files. The email address, in most cases, is the only thing that changes from one threat to the next. This email address is presented in the ransom note, attached to the corrupted files’ extension, and even displayed as the title of the window launched by the threat. If you have been introduced to the “parambingobam@cock.li” window already, your files must be encrypted already too. The window displays a message that is also delivered using the “FILES ENCRYPTED.txt” file. This file should be created in %HOMEDRIVE%, %PUBLIC%\Desktop\, and %USERPROFILE%\Desktop\ directories, and it displays a shorter version of the main ransom note. Basically, the ransom notes ask to email cyber criminals at parambingobam@cock.li or bufytufylala@tuta.io and pay an unspecified ransom to obtain a “decryption tool.” Will you get it if you pay the ransom? That is very unlikely.parambingobam@cock.li Ransomware Removal Guideparambingobam@cock.li Ransomware screenshot
Scroll down for full removal instructions

Ransomware is lucrative because it is not difficult to create (especially in this case, where copies of Crysis ransomware are created using an already existing code) or spread. According to our research team, spam emails could help execute parambingobam@cock.li Ransomware, but other existing threats could also drop it without you knowing about it. Ransomware is also lucrative because once files are encrypted, the victims are pushed into a corner, and they can either choose to accept the loss of files or they can give in and pay the ransom in the hopes of obtaining a decryptor. It is a pretty hopeless situation, but if backups exist, users should delete parambingobam@cock.li Ransomware without any delay. What are backups? They are copies of personal files that are stored someplace else, such as a virtual cloud or an external drive. If backups exist and malware strikes, the corrupted copies can still be replaced with backups!

Do you have backups? If you do, what are you waiting for? Delete parambingobam@cock.li Ransomware right away. You must remove the infection even if backups do not exist, and if you are still thinking about whether or not you should pay the ransom, remember that attackers are devious, and they are unlikely to help you regardless of what you do. As for the removal, you might be able to successfully get rid of the infection by following the instructions below, but if you lack experience and, more importantly, need a security system to keep other threats away, we suggest utilizing anti-malware software.

Remove parambingobam@cock.li Ransomware

  1. Identify the [launcher’s name].exe file, right-click it, and select Delete.
  2. Tap Win+E keys to launch Explorer and enter the following paths into the quick access field at the top to find and Delete files named Info.hta, [unknown name].exe, and FILES ENCRYPTED.txt:
    • %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\
    • %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup\
    • %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\Startup\
    • %WINDIR%\System32\
    • %APPDATA%
    • %HOMEDRIVE%
    • %PUBLIC%\Desktop\
    • %USERPROFILE%\Desktop\
    • %WINDIR%\System32\
  3. Tap Win+R keys to launch RUN and enter regedit.exe to launch Registry Editor.
  4. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.
  5. Delete all [unknown name] values that represent Info.hta and [unknown name].exe files.
  6. Quickly Empty Recycle Bin and then perform a full system scan.

In non-techie terms:

If files were corrupted by parambingobam@cock.li Ransomware, most likely, they are not salvageable. Even though the attackers behind the threat might be promising you a decryption tool, who can trust them? We certainly do not recommend trusting them or following their instructions. Instead, we suggest focusing on the removal of the threat. If the launcher is in a visible place, and you can remove it yourself, deleting parambingobam@cock.li Ransomware manually should not be a challenge. Even so, you also need to take a good look at your virtual security, and, clearly, you have not been able to take care of it manually. That is why the best thing you can do is install anti-malware software that will automatically erase active threats (remember that the ransomware might not be the only one) and erect defense shields against threats that could try to attack in the future.