Meds Ransomware Removal Guide

Do you know what Meds Ransomware is?

Meds Ransomware might be the reason why your files suddenly got marked with .meds extension. The truth is that the malware does not encrypt files out of sudden as it works silently in the background, and so many users do not realize what is happening. After locking all the victim’s data, the malicious application should reveal itself by showing a ransom note. This message shows a text from the threat’s developers through which they demand their victims to pay a ransom. The sum is rather large as cybercriminals as for almost 500 US dollars. Needless to say, these people cannot be trusted, and so there is a risk your money could be lost in vain. For those who do not want to risk their money we advise not to put up with any demands. Once you erase Meds Ransomware, you could replace encrypted files with backup copies that you might have in removable media devices, cloud storage, or elsewhere. To delete the threat manually, you could follow the removal guide available below this article.

If you are still in doubt and have no idea what you should do, perhaps you ought to learn more about the malicious application. The first thing we would like to explain about Meds Ransomware is how it might enter a system. According to our computer security specialists, the threat could be spread with software installers and email attachments or chat messages. You may wonder where you could receive such material from? The answer is malicious file-sharing web pages, suspicious advertisements, unknown senders, and Spam emails.

It may not be easy to avoid files carrying threats like Meds Ransomware or other dangerous material all the time, but there is a couple of things you could do. For instance, you could scan all data received from unknown or suspicious sources with a reliable antimalware tool. Also, we recommend stopping downloading installers or other files from torrents web pages and other unreliable sources. Lastly, you should be cautious when interacting with links or suspicious ads. First, you should ask yourself if you know where the content is coming from and if you are sure it is one hundred percent safe to interact with it.Meds Ransomware Removal GuideMeds Ransomware screenshot
Scroll down for full removal instructions

Meds Ransomware should create some data in the C:\SystemID and %LOCALAPPDATA% directories. Afterward, it should hide in the background and start encrypting a victim’s files. The malware ought to target data that is considered to be valuable, for example, photos, videos, and various documents. During this process, all affected files should become locked and marked with the .meds extension, for example, flowers.jpg.meds. Next, a victim should receive a ransom note that explains how to contact Meds Ransomware’s developers and pay a ransom to receive decryption tools. As mentioned at the beginning of this article, there are no guarantees the hackers will hold on to their word. Therefore, paying the ransom is risky.

We advise not to pay the ransom if you do not want to risk losing your money in vain. Another thing we recommend is not to leave Meds Ransomware on your system as it can auto start with Windows and might cause you more problems. To erase it manually, you could use the removal guide placed at the end of this text. The other way to get rid of the malware is to perform a system scan with an antimalware tool. It is advisable to keep a reputable antimalware tool installed on your system as it could protect your computer from threats you may yet encounter.

Erase Meds Ransomware

  1. Press Ctrl+Alt+Delete.
  2. Pick Task Manager and check the Processes tab.
  3. Locate a process belonging to the malware.
  4. Choose the process and click End Task.
  5. Exit Task Manager.
  6. Click Windows Key+E.
  7. Navigate to the suggested paths:
  8. Find a file opened when the device got infected, right-click the malicious file, and select Delete.
  9. Find this directory: %LOCALAPPDATA%
  10. Look for a malicious folder with a long and random name, for example, 0115174b-bd55-4caf-a89a-d8ff8132151f.
  11. Right-click the malicious folder and press Delete.
  12. Navigate to: C:\SystemID
  13. Look for a file titled PersonalID.txt.
  14. Right-click it and choose Delete.
  15. Exit File Explorer.
  16. Empty Recycle bin.
  17. Restart the computer.

In non-techie terms:

Meds Ransomware is a harmful file-encrypting application that was designed for money extortion. As you see, it takes a victim’s files as hostages by encrypting them with a robust encryption algorithm. As a result, only those who have special decryption tools can decrypt affected files and access them. Needless to say, the malware’s developers are the ones who claim to have them, and they offer such tools for a particular price. The problem is that there are no guarantees the hackers will deliver decryption tools as they promise. If you do not believe them and do not want to risk your money, we advise against paying the ransom. Of course, if you have backup copies and can easily restore your data, you should ignore the ransom note and eliminate Meds Ransomware. It can be deleted manually if you follow the instructions provided above this paragraph. However, if this process looks too complicated, we recommend using a reputable antimalware tool instead.