Retis Ransomware Removal Guide

Do you know what Retis Ransomware is?

Retis Ransomware attacks French speakers and encrypts their main personal files in a couple of default save folders. Our researchers believe that this threat may be just the beginning as a new, fully functional version may hit the web in the near future. This ransomware does not actually disclose any information about the payment, without which it is impossible to pay the ransom fee and get yours files decrypted. So it is possible that this is just a test run. In any case, this malicious program encrypts your files and leave them inaccessible until you can decrypt them yourself. As a matter of fact, there may be a way for you to recover your files, which we will reveal at the end of this report. But first, let us tell you how this severe threat may have sneaked onto your system and why you must remove Retis Ransomware immediately after you recover your files.

If your computer has been infected with this nightmare, it is quite likely that you have received a spam mail lately that you opened. What's more, you also had to click to view the attached file because that is the malicious executable in disguise. Thus, it may look like a picture or a text document, and this is quite misleading. Just like the spam itself, which may make you believe that you are dealing with an urgent mail. This is why victims decided to open it even if it ends up in the spam folder. Many users know already that spam filters may apply too strict policies to distinguish between legitimate and possibly spam mails. This is why it is possible that you can find important and legitimate mails in your spam folder, and this is why users tend to check this folder for possibly misplaced mails. Please note that once you open the attached file in this spam, you cannot delete Retis Ransomware in time to stop encryption.

But if you want to avoid infecting your computer with such dangerous threats, you need to do more than just being more cautious around your mails. It is also essential that you do not use shady file-sharing websites to download free stuff because these torrent and freeware pages usually promote malicious software bundles, which may also contain ransomware programs along with adware programs, browser hijackers, and Trojans. You should also update all your browsers and drivers as well not to end up on a malicious page with Exploit Kits dropping such an infection behind your back.Retis Ransomware Removal GuideRetis Ransomware screenshot
Scroll down for full removal instructions

This malware infection targets French computer users and applies the AES algorithm to encrypt major media files and databases in these default save folders: %USERPROFILE%\Desktop, %USERPROFILE%\Documents, and %USERPROFILE%\My Pictures. This infection append ".crypted" to the original extension of the encrypted files. Once your files have been encrypted, this infection replaces your desktop wallpaper with its own image created as "%APPDATA%\RANSOM.png," which is the ransom note in fact. This image displays a skull and bones picture made mostly from "$" symbols and to its right the note; all this, in red letters over black background. The strange thing is that although this note tells you that you have 24 hours to pay the ransom, there are no further instructions revealed; not even an e-mail address to contact. This makes it virtually impossible for you to pay even if you wanted to. But, of course, we do not encourage you to pay anyway since there is no guarantee for victims to get anything when attacked by cyber criminals. It is more likely to get infected with other dangerous threats. No wonder why we advise you to remove Retis Ransomware from your system right after you manage to decrypt your files, if at all.

Our researchers have found that in the case of this particular version, it is possible to decrypt your files if you create a shortcut for the malicious executable files that may be located in the folder or location where you saved it from the spam. If this file is on your desktop, for example, you should add an argument ("/dechiffre") at the end in the Target line of the shortcut. So it should look something like '"C:\Users\user\Desktop\Retis Ransomware.exe" /dechiffre'. This should recover your files and then, you can finally use our guide below to delete Retis Ransomware from your system. As you can see, it is quite easy to infect your computer even with such a dangerous program. Therefore, you may want to start protecting your PC with professional anti-malware software, such as SpyHunter.

Remove Retis Ransomware from Windows

  1. Tap Win+E.
  2. Find and delete all suspicious executable files you have saved lately, which have the description "RANSOMWARE".
  3. Bin "%APPDATA%\RANSOM.png", the ransom note image file.
  4. Empty your Recycle Bin.
  5. Reboot your computer.

In non-techie terms:

Retis Ransomware is a new threat that can encrypt your main media files and more, and extort money for their decryption. However, our researchers say that it is not even possible to pay these attackers since there is no contact and no Bitcoin address either provided in the ransom note. This can indicate that this version may not be the last one you may see. Although this ransomware program does encrypt your files, there may be a way to decrypt them. So you should not remove Retis Ransomware until you do so because otherwise, it would be impossible. If you would like to protect your computer against future attacks, it may be time to install a reliable anti-malware program.