Home / Spyware Help / Righ Ransomware Removal Guide

Righ Ransomware Removal Guide

by 0 Comments

Do you know what Righ Ransomware is?

Righ Ransomware is one of the many Stop Ransomware variants. Like most of such threats, the malware works silently until it encrypts all targeted files (e.g., pictures, photos, various documents, etc.) with a robust encryption algorithm. Once the process is over, it shows a ransom note that urges to contact the malware’s creators in 72 hours and pay a smaller price to receive decryption tools. While you might be tempted to put up with such demands to get your data back and save money on decryption tools, we urge you to think carefully if it is really a good idea. Cybercriminals might promise that they will deliver the needed tools as soon as you pay, but they might not bother to do so. In such a case, you could lose not just your files but also your money. To learn more about the threat, we invite you to read our full article.

We believe that Righ Ransomware travels same as other Stop Ransomware threats. To be more precise, it could be spread through unsecured RDP (Remote Desktop Protocol) connections, malicious email attachments, fake updates, or harmful installers. Therefore, we highly recommend ensuring that your RDP connections are secured and that there are no other weaknesses on your device. Plus, you should stay away from questionable installers or any other files that come from unreliable sources. To make sure that files downloaded or obtained from the Internet are safe to interact with, you should always scan them with a legitimate antimalware tool first.

If the malware is launched, it should create randomly named folders, in which, the threat should place its launcher’s copies (.exe files). Also, Righ Ransomware could create a scheduled task or a Registry entry that would make the infected device run it after each system restart or regularly. Soon enough, the malicious application should start the encryption process, during which all targeted files should become locked and marked with the .righ extension. Once this process is over, Righ Ransomware ought to create a text file called _readme.txt and open a pop-up window containing a full ransom note. According to the message in the threat’s pop-up users who contact hackers and pay ransom can get decryption tools and get all their files decrypted. Cybercriminals might also offer to decrypt a file free of charge and a 50 percent discount to those who get in touch within 72 hours.Righ Ransomware Removal GuideRigh Ransomware screenshot
Scroll down for full removal instructions

Naturally, we do not advise trusting the malware’s developers. There is always a chance they might not keep up with their promises and if you do not want to risk losing your money, we advise ignoring the ransom note. Also, our researchers say that it best to delete Righ Ransomware because if it can auto-start, it might encrypt new data on your device that you could yet create or download. You could try to erase Righ Ransomware manually with the removal guide available below, but it would be safer to employ a reputable antimalware tool that would eliminate it for you.

Delete Righ Ransomware

  1. Restart your device in Safe Mode with Networking.
  2. Press Windows key+E.
  3. Go to your Desktop, Temporary Files, and Downloads directories.
  4. Find the file launched before the threat infected the computer, right-click this suspicious file, and click Delete.
  5. Navigate to these locations:
    %USERPROFILE%\Local Settings\Application Data
    %LOCALAPPDATA%
  6. Search for randomly named folders, for example, 2a9ea166-82c4-499d-9f16-9e28ac1b8ef4 that should contain malicious .exe files.
  7. Right-click the randomly named malware’s folders and select Delete.
  8. Find this location: %WINDIR%\System32\Tasks
  9. Locate a task called Time Trigger Task, right-click it, and select Delete.
  10. Close File Explorer.
  11. Click Windows key+R.
  12. Type regedit and press Enter.
  13. Find the following path: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
  14. Search for a value name belonging to the malicious application, for example, SysHelper.
  15. Right-click the malicious value name and press Delete.
  16. Close Registry Editor.
  17. Empty Recycle Bin.
  18. Reboot the system.

In non-techie terms:

Righ Ransomware encrypts files and marks them with the .righ extension. Thus, if you receive this threat, you should be able to tell which files are affected by just looking at their title. For instance, an encrypted document called text.docx would become text.docx.righ. Also, the malicious application should drop a text file and open a window with a ransom note. Such messages are shown to convince you to pay ransom and that you can receive decryption tools. For example, they might tell you hackers can prove that they have the needed decryption tools or that you can get a discount if you contact them in 72 hours. No matter what they say, there is always a chance that they could trick you and that your money could be lost for nothing. Therefore, we advise thinking carefully if you want to take any chances. Also, we advise deleting Righ Ransomware because it could still be dangerous if it is left on a system. You could eliminate it with a reputable antimalware tool or try to erase it manually with the removal guide available above.