Home / Spyware Help / Reco Ransomware Removal Guide

Reco Ransomware Removal Guide

by 0 Comments

Do you know what Reco Ransomware is?

Reco Ransomware is a Windows-compatible infection that, in most cases, attacks unguarded operating systems. According to the information gathered by our research team, the infection is most likely to invade operating systems using misleading spam emails or existing system vulnerabilities. So, if you do not secure your system, patch all vulnerabilities, and keep an eye on the emails you receive, your chances of facing ransomware are pretty high. Also, note that there are plenty of other infections that could stand in the place of the infection we are discussing in this report. In fact, it comes from the STOP Ransomware family, and it is a clone of Boot Ransomware, Karl Ransomware, Kuub Ransomware, and many other infections alike. All of them require removal, but, in this report, we focus on removing Reco Ransomware. If you want to learn about it, please continue reading.

Some victims of Reco Ransomware figure out that something happened when they notice the “.reco” extension attached to their files’ names and when they discover that these files cannot be read. Others first learn about the infection via the “_readme.txt” file created in the %HOMEDRIVE% directory. The file represents a message from the attackers, and they alert the victims that their files can be “returned” to them if they follow specific instructions. It is suggested that a decryption tool and a unique key are needed, but they can be obtained only if the victim pays $490. Basically, the attackers request a ransom, and that is why the infection is classified as ransomware. The sum of the ransom is big, but even if the attackers demanded a $10 payment, we would not recommend paying it. Where’s the proof that you would get a decryptor if you paid the ransom? The attackers might convince you that files can be restored by decrypting one file for free, but that is no proof. That is bait. Unfortunately, if you pay the ransom demanded by Reco Ransomware, it is most likely that you will end up gaining nothing in return.Reco Ransomware Removal GuideReco Ransomware screenshot
Scroll down for full removal instructions

Even if you want to take the risk of paying the ransom, you cannot jump into that right away. First, you need to email gorentos@bitmessage.ch or gerentosrestore@firemail.cc to get information on how to pay the ransom. Communicating with cybercriminals is a terrible idea because you never know what they could send you. For all we know, they could send you more fake emails containing malware launchers in the future. The good news is, you do not need to contact the attackers behind Reco Ransomware because paying the ransom is unnecessary. A tool called “Stop Ransomware Decryptor” was created, and, hopefully, you can use it to restore files for free. According to our research team, at the time of analysis, the tool was only able to decrypt files corrupted with an offline key, but the tool could have been upgraded by the time you are reading this. Also, you might have backups, in which case, you should have no trouble replacing the files corrupted by Reco Ransomware.

Hopefully, you can restore or replace the personal files corrupted by the malicious Reco Ransomware. Before you take care of that, we suggest that you remove this malicious infection. Doing that manually can be difficult and confusing, but if you employ a legitimate anti-malware program, you will have Reco Ransomware deleted in no time. The program will also help you protect your entire operating system, and if you also update your system to patch vulnerabilities, we hope that you will not need to face ransomware again. Of course, just to be safe, you should always backup your files outside the computer.

Remove Reco Ransomware

  1. Tap Win+E keys to launch Explorer.
  2. Enter %HOMEDRIVE% into the field at the top.
  3. Delete the file named _readme.txt.
  4. Delete the folder named SystemID (should have the PersonalID.txt file inside).
  5. Enter %LOCALAPPDATA% into the field at the top.
  6. Delete the folder created by ransomware (name example: 0115174b-bd55-4caf-a89a-d8ff8132151f).
  7. Close the Explorer and then Empty Recycle Bin.
  8. Quickly install a trusted malware scanner.
  9. Perform a full system scan and erase any leftovers that might be discovered.

In non-techie terms:

The malicious Reco Ransomware was created to invade your system, encrypt your personal files, and then extort money from you. The attackers behind this infection do not need to do much, and they come into play only if the ransom note convinces you to email them. Hopefully, you have not done that because exposing yourself to the attackers via email could lead to more problems. We hope that you can restore files for free using a legitimate file decryptor, and if the tool does not work for you, using backups as replacements. Of course, you should handle recovery and replacements only after you delete Reco Ransomware from your operating system. The instructions you can see above show how to remove the infection manually, but if you want to erase the threat and have your system secured at the same time, we advise employing reliable anti-malware software.