Executioner Ransomware Removal Guide

Do you know what Executioner Ransomware?

Our malware researchers have recently discovered yet another Hidden-Tear-based computer infection called Executioner Ransomware. Like all other Hidden-Tear infections, this new program was designed to encrypt your files with an RSA-2048 encryption algorithm and demand money for a decryption key. Removing this program is highly recommended because its developers might not keep their end of the bargain. Furthermore, Hidden-Tear-based ransomware are notoriously unstable, and they often do not have a connection with the command and control server.

Executioner Ransomware is based on the Hidden-Tear project that has since been abandoned by its original developers. However, the project is now used by other developers to create and distribute new ransomware. Executioner Ransomware is similar to Resurrection Ransomware, Decryption Assistant Ransomware, and Kill Zorro Ransomware. All of these programs work in a similar manner, but their user interfaces can be different, so they may be hard to link you one another.

While there is no concrete information on how Executioner Ransomware is disseminated, we believe that its developers probably use the same distribution tactic that was used for ransomware made previously. Therefore, our malware analysts suggest that this ransomware can be included in malicious emails as an attached file. The emails are sent from a dedicated email server to random email addresses. Note, that this ransomware is in two languages that include English and Turkish, so this ransomware can be distributed in Turkey as well as countries with a significant Turkish population. The text in the emails will most likely point you to the attached file that is this ransomware, in fact. If you download and run or just run the file, then your PC will become infected with Executioner Ransomware, and it will start doing its dirty work.Executioner Ransomware Removal GuideExecutioner Ransomware screenshot
Scroll down for full removal instructions

Executioner Ransomware was configured to encrypt your files using the RSA-2048 encryption algorithm. This one of the strongest encryption algorithms out there, so decrypting it difficult and often next to impossible. There is no free decryption tool for this ransomware at the time of this article, but there might be one later. Executioner Ransomware was configured to encrypt your pictures, audio files, documents, videos, and many other files type. It was also configured to append the files with a custom extension. However, it differs from other Hidden-Tear ransomware in that the extension is random. For example, the added extension can look like “.orrwdy,” “.uwcbhi,” “.yxzs2z.” The extensions serve to indicate that the file was encrypted. Note that changing the extension will not decrypt your files. Once the encryption is complete, this ransomware drops a file named Sifre_Coz_Talimat.html that acts as the ransom note.

The note says that you need to pay 150 USD in Bitcoins. The note also features the Bitcoin address to which you are expected to send the money. After sending the money, you need to send your unique computer ID to executioner.update@protonmail.com in order to receive the decryption key. However, you should not hold your breath as you may not receive the decryption key at all.

In closing, Executioner Ransomware is one dangerous computer infection that, like many ransomware, is set to encrypt your files and demand that you pay money for a decryption key. However, your files may not be worth the money and, also, there is no guarantee that the developers will keep their word and give you the decryption key. Therefore, we recommend that you delete this program. Due to the fact that this ransomware’s files can be dropped anywhere on your PC, we recommend you use SpyHunter, our promoted anti-malware program, to detect this program’s files and then go and remove them manually.

Removal Guide

  1. Go to http://www.spyware-techie.com/download-sph
  2. Download SpyHunter-Installer.exe
  3. Install the program and run it.
  4. Click Scan Computer Now!
  5. Copy the file path of the malware from the scan results.
  6. Press Windows+E keys.
  7. Enter the file path of the malware in File Explorer’s address box.
  8. Press Enter.
  9. Locate, right-click the malicious files and click Delete.
  10. Empty the Recycle Bin.

In non-techie terms:

Executioner Ransomware is yet another ransomware-type computer infection that can cause you many problems. It can encrypt and, thus, ruin your personal files. Its developers demand money in return for a decryption key that is supposed to recover your files. However, you should not put your faith into this decryption key as it might not work or you might not get it at all as the criminals behind this ransomware are only interested in making money. Therefore, we suggest that you remove this program.