Home / Spyware Help / Igotyou Ransomware Removal Guide

Igotyou Ransomware Removal Guide

by 0 Comments

Do you know what Igotyou Ransomware is?

Igotyou Ransomware is a new threat that should be placed under the crypto-malware category because it has been set to encrypt files on compromised machines after the successful entrance. It targets only those files located in C:\Test, which suggests that this ransomware infection is still in development. Most likely, it will be finished one day, i.e. it will start targeting files (e.g. pictures, music, documents, and other valuable files) located in other directories too, so you should do all it takes to prevent Igotyou Ransomware from slithering onto your computer. If it is already too late for prevention, i.e. you have already found this threat on your computer, you should delete it from your system right away too because updates might soon be released, it might get them, and then encrypt files located in all the major directories resulting in the loss of many important files. Since this infection places its window on Desktop, you will need to kill the malicious process first to close it and then delete the malicious executable file to disable this threat. Before you go to erase this malicious application from your system, you should first read what our specialists have to say about its removal, so continue reading this report.

If you encounter the version that encrypts files in the Test folder only, the chances are high that you will not find any of your files encrypted because it is not very likely that you will have a folder named Test in C:\. As mentioned in the first paragraph, it might be updated one day, so we cannot promise that all users will find their files intact after encountering this nasty ransomware infection. No doubt your files have been encrypted if they all have a new extension .iGotYou appended to them. You could check your files only after removing the screen-sized window opened by this threat – you need to kill the malicious process to do this. This opened window contains a message for users. It informs users why their files can no longer be accessed and, on top of that, they are told what they need to do to get them back. Victims are told to send 10 000 INR (~155 USD) via payTM to crooks. It goes without saying that there is no point in sending money to malicious software developers behind Igotyou Ransomware if your files have not been encrypted. It is not the best idea to send them money even if some files have really been locked too because you cannot know whether you will get “the authentic private key” from them in return. Also, a free tool for decrypting files locked by this infection has already been released by specialists – it can be downloaded from the Internet.Igotyou Ransomware Removal GuideIgotyou Ransomware screenshot
Scroll down for full removal instructions

Since Igotyou Ransomware is still in development, our specialists suspect that it is not distributed actively either. Of course, it does not mean that you will never encounter this threat. To prevent ransomware infections from entering your computer, you should stop opening attachments you find inside spam emails. Second, you should be very careful with software you download from third-party pages because you might download malicious software yourself. It is not always easy to prevent suspicious software from entering the system, so we also recommend acquiring a powerful antimalware tool for all users whose computers are connected to the Internet. You must update your security software periodically so that it could protect you from all the latest infections.

You need to remove Igotyou Ransomware from your computer as soon as possible even if your files have not been locked. The first thing you need to do is to unlock your Desktop, i.e. remove the window opened by the ransomware infection from it. You can do this by killing the malicious process via Task Manager and deleting the malicious file directly associated with Igotyou Ransomware. Feel free to use the manual removal guide you will find below, or use an automated malware remover if you find the manual removal of this infection quite a challenge.

How to delete Igotyou Ransomware

  1. Press Ctrl+Shift+Esc.
  2. Open Processes.
  3. Locate the malicious process with the description EncryptingRansomware and right-click on it.
  4. Select Open File Location.
  5. Kill the malicious process.
  6. Delete the malicious file from the opened directory.
  7. Empty Recycle bin.

In non-techie terms:

Igotyou Ransomware is a new version of Stupid/FTSCoder Ransomware. Luckily, it is still in development and encrypts files in the Test (C:\Test) folder only, so the chances are high that your files will not be encrypted if you encounter it. You can check your files after closing the window opened by the ransomware infection on Desktop. No matter what you find, you should keep your money to yourself, in our opinion, because you will encourage crooks to continue developing malware by transferring money to them and, on top of that, the special decryptor that can unlock files with the .iGotYou extension (encrypted ones) is available and can be downloaded for free.