Ransomware Removal Guide

Do you know what Ransomware is?

The malicious Ransomware is a new variant of the GarrantyDecrypt Ransomware, an infection that was discussed on this website last year. Were these threats created by the same malware creator? That could be the case, but it is also possible that the same malware code has been employed by separate parties. In any case, these threats are dangerous because if they slither in, they encrypt personal files. That means that it can encrypt music files, archives, documents, videos, photos, and so on. If you have copies of these files stored outside the computer, you are safe. If backup copies do not exist, you might be facing a loss of personal files, and that is what might push you into doing exactly what cyber criminals want from you, which is contacting them. We discuss this, as well as the removal of Ransomware in this report.

Although Ransomware is basically identical to its clone, GarrantyDecrypt, there are some key differences. For one, once files are encrypted, the new infection attaches “.decryptgarranty” extension to the corrupted files, while the previous threat added “.garrantydecrypt.” Unsurprisingly, the email addresses are unique in both cases as well. These email addresses are introduced to the victims of malware via a file named “#RECOVERY_FILES#.txt,” and it should be created in a visible location (e.g., the Desktop or the folders containing encrypted files). It is safe to open this file, but do not forget to remove it along with the launcher of the infection. The purpose of the file is to inform you that files were encrypted and that you need to email to learn how to restore them. If you emailed the attackers, they would ask you to pay money (a.k.a., a ransom), and we do NOT recommend doing that, unless you want to waste your Ransomware Removal Ransomware screenshot
Scroll down for full removal instructions

Before you start deleting Ransomware, there is one more thing to think about, and that is your operating system’s security. If your system was safe, you would not need to worry about the removal of malware, and so it is high time for you to rethink and transform your virtual security. Obviously, you need to practice safe browsing because malware like Ransomware can use spam emails and malicious downloaders to get in. If you are careful about the emails you click or the files you download, you can minimize your chances of attracting threats. That being said, protecting the entire system manually can be challenging, and we recommend installing anti-malware software to help you out. As you know already, it is also important to backup files. That is your insurance in case malicious threats get in and you fail to remove them in time.

So, how will you remove Ransomware from your operating system? Will you install an anti-malware program that will automatically find and delete malicious components? Or will you find and erase them all on your own? Manual removal can be difficult, and, unfortunately, we cannot help much because the launcher file should have a unique name, and it could be located virtually anywhere on your computer. If you can locate and delete this malicious .exe file manually, go ahead, but do not forget to secure your operating system afterward to ensure full-time anti-malware protection.

Remove Ransomware

  1. Delete recently downloaded files to, hopefully, eliminate the launcher file.
  2. Delete the file named #RECOVERY_FILES#.txt (if copies exist, erase them too).
  3. Empty Recycle Bin and then complete a full system scan to check for leftovers.

In non-techie terms:

The malicious Ransomware is very destructive, and if it finds a security backdoor through which it can enter without permission, it should have no trouble encrypting photos, media files, documents, and similar data. The purpose of the infection is to take your files hostage and then terrorize you into paying a ransom in return for a tool that could, allegedly, decrypt files. After the files are encrypted, a text file that instructs to email is created, and if you send a message, the ransom will be requested. Due to security risks, we do not recommend emailing cyber criminals, and because a decryptor is unlikely to be exchanged for the ransom, we do not recommend paying the ransom either. Instead, focus on removing the threat, which you can do manually or using anti-malware software. Go with the latter option if you also want to have your system secured.