Czech Ransomware Removal Guide

Do you know what Czech Ransomware is?

If you live in the Czech Republic, you need to be cautious about Czech Ransomware. This particular threat is region sensitive, and it was created to target those who speak Czech only. Our researchers warn that the distribution of this ransomware is very unpredictable. Although it is most likely that the installer of this threat will be hidden in a corrupted spam email, it could also spread via software bundles or it could be downloaded by Trojan infections. There are many different methods of distribution that cyber criminals could use, and there is no doubt that they are aware of all of them. If you would like to share your story about the invasion of this threat, please do so in the comments section below. Your experience might help other potential victims! Overall, once this threat slithers in, you might feel helpless because it locks down your operating system. Luckily, we know how to unlock your PC and remove Czech Ransomware. If you wish to learn about this, continue reading.

Czech Ransomware comes from the group of malware that locks down the screen to make the operating systems appear paralyzed. Similar infections include Česká Republika Policie virus and Paysafecard Virus. Of course, unlike these threats, Czech Ransomware does not use the credentials of Police or other reputable organizations, and it does not pretend to be something it is not. Once it attacks your PC, it immediately locks your screen with a window that informs you that your files were encrypted using the AES-256 algorithm. Our research team has found that this threat is incapable of encrypting your files at this moment; however, it is possible that it will gain this function in the future, with the next version. Hopefully, you are currently dealing with the version that cannot corrupt your files because that might lead to their loss, even if you remove the infection. In case your files do get locked, do not rush to pay the ransom because this might be a scam to get your money. First, look into third-party decryption tools and check your backups.Czech Ransomware Removal GuideCzech Ransomware screenshot
Scroll down for full removal instructions

The main purpose behind Czech Ransomware is to get your money. This ransomware infection locks down your screen and feeds you false information about the encryption of your files just to convince you that you need to pay a ransom. According to the ransom note that takes over your screen, you have two days to pay the ransom of 200 CZK. Obviously, this amount is very little, and you might be tempted to pay it just to take the control of your PC back into your own arms, but we do not recommend doing that. When you use Paysafecard, your money will be lost for good, and you will not be able to get it back, and why should you “support” cyber criminals when you can remove Czech Ransomware completely free of charge! On top of that, who’s to say that your PC would be unlocked if you paid the ransom? We recommend following our removal guide instead.

If you want to delete Czech Ransomware manually, you need to erase the malicious .exe file that is responsible for locking down your screen. This file is located in a folder with a random name, but it should not take long for you to recognize the threat. You also need to eliminate a RUN key via the Registry Editor. This part of the removal might seem more complicated if you are inexperienced, but we can assure you that it is not. The most complicated part is rebooting your PC in Safe Mode, as not all users manage this right away. If you fail the first time, repeat the process again, until you reboot your computer. When you do, all you need to do is erase the malicious components, and that is it. Of course, after all this, you should also implement anti-malware software to clean your PC from any remaining threats and to keep it guarded in the future. If you want to use this software to erase the ransomware, download it after rebooting your PC in Safe Mode with Networking.

Removal step 1: reboot into Safe Mode

Windows 10

  1. Click the Windows logo and choose Power.
  2. Tap the Shift key and click Restart simultaneously.
  3. Go to Troubleshooting and click Advanced options.
  4. Navigate to Startup Settings and click Restart.
  5. Tap F4 for the 4) option, which represents Safe Mode.
  6. Move to step 2.

Windows 8/Windows 8.1

  1. In Metro UI click the Power Options button.
  2. Repeat steps 2-6 represented in the guide above.

Windows 7/Windows Vista/Windows XP

  1. Restart the PC and wait for BIOS to load.
  2. Immediately start tapping F8 to access boot menu.
  3. Use arrow keys to select Safe Mode and then tap Enter.
  4. Move to step 2.

Removal step 2: delete the malware

  1. In Safe Mode tap Win+E keys to launch Explorer.
  2. Enter %APPDATA% into the bar at the top.
  3. Right-click and Delete the folder whose name is made up of 4 random symbols (you should open this folder before deleting it to check if it contains a malicious .exe file with a random name).
  4. Tap Win+R to launch RUN.
  5. Enter regedit.exe into the dialog box and click OK to access Registry Editor.
  6. Move to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
  7. Right-click and Delete the value with a random name (first check if the value data points to the location of the malicious .exe file).
  8. Reboot your PC in Normal Mode.
  9. Install a trusted scanner to check if your PC is clean.

In non-techie terms:

Czech Ransomware is a threat that you need to eliminate. Although it tries to convince you that you need to pay a ransom to get your files back, at the time of research, this threat was not capable of encrypting files at all. To unlock your PC, we recommend deleting malicious components, which you can do after rebooting your PC in Safe Mode. The manual removal guide above explains how to reboot your PC in Safe Mode, and if you are curious about how to reboot it into Safe Mode with Networking, you can check out the guide below. Also, do not forget about our comments section where you can discuss any ransomware-related topic you are interested in.