Home / Spyware Help / RIP Ransomware Removal Guide

RIP Ransomware Removal Guide

by 0 Comments

Do you know what RIP Ransomware is?

RIP Ransomware is a malicious computer infection that will try its best to swindle you out of your money. It belongs to the currently growing group of encrypting ransomware applications. These malicious programs slither into target systems uninvited and then encrypt user’s files, successfully blocking them from accessing their data. In this description, we will tell you more about what this program can do. You will also find the manual removal instructions below the description. However, when it comes to such dangerous infections, it is strongly recommended that you acquire an antispyware tool to deal with them.

There are quite a few ransomware programs out there that have been researched by security specialists, and they came up with free decryption tools. Unfortunately, this does not apply to RIP Ransomware. At the time of writing, there is no public decryption tool that would help you restore your files. On the other hand, that should not push you into paying the ransom. It is not just about your files. It is also about succumbing to the malicious schemes that have been devised to help these criminals make easy money out of innocent computer users like you.

We are lucky that RIP Ransomware does not lock your screen when it is done encrypting your files. There are programs that also lock users out of their desktops, saying that unless they pay, the computer would remain locked. In fact, you can restore your files if you keep a system backup. For example, it might be an external hard drive or some online storage. You should save copies of your files on a regular basis, so that you would be able to retain them even if your computer crashes. This is where the saying “Don’t keep your eggs in one basket” rings true to life.RIP Ransomware Removal GuideRIP Ransomware screenshot
Scroll down for full removal instructions

Now, how about the ransomware distribution? How does it manage to enter your system? Although RIP Ransomware uses stealthy methods to come in, it still requires user’s participation. In other words, you install this malicious infection yourself. Of course, you do not know that the file you launch is associated with this program; otherwise, you would not do that. But RIP Ransomware installer can pretend to be an official document, an online shopping invoice, or anything that might come attached with an official email. This is where we encounter the most common ransomware distribution method: spam.

Normally, spam email messages get filtered into the Junk folder, but sometimes they might land in the Main or Advertising folders, and users who diligently check every single email they receive might feel inclined to open the attachments that come with such emails. Of course, the moment you do open a file like that, you infect your PC with RIP Ransomware or any other similar application.

Upon the infection, the program will scan your computer looking for the files it can encrypt. RIP Ransomware uses the AES-256 encryption key to scramble your files, and every single file that gets affected by the encryption ends up having the .R.I.P extension attached to it. Once the files are encrypted, the infection will also display a ransom note.

The note will say that you need to pay 0.2BTC (~ $150USD) to receive the decryption code. You will also find an email address in the notification. It says that you have to “send a message in this email address: dj.elton@hotmail.co.uk” once you pay the ransom. Supposedly, then the people behind this infection would issue the decryption key, and you will be able to resume operating your PC as before.

Needless to say, this is very doubtful because cyber criminals cannot be trusted. For all its worth, the people behind this infection might just make a run for it with your money, without even bothering to provide the decryption key for you. Thus, the best way to avoid it would be removing RIP Ransomware from your PC and then restoring your files from a backup.

Please note that the files associated with this infection could be placed in various directories within your system. Also, the filenames will be random. So when you look for the files to remove, be sure to remain attentive. What’s more, if you find this task too challenging, do not hesitate to terminate the infection with a security application.

How to remove RIP Ransomware

  1. Press Win+R and the Run prompt will open.
  2. Type %AppData% into the Open box and click OK.
  3. Navigate to Microsoft\Windows\Start Menu\Programs\Startup.
  4. Delete the random-name .exe file from the folder. Press Win+R.
  5. Type %ALLUSERSPROFILE% into the Open box and click OK.
  6. Navigate to Microsoft\Windows\Start Menu\Programs\Startup.
  7. Remove the random-name .exe file from the folder. Press Win+R.
  8. Type %WINDIR% and press Enter. Open the SysWOW64 folder.
  9. Delete the random-name .exe file and go back to the %WINDIR% directory.
  10. Open the System32 folder and delete the same file.
  11. Press Win+R and type regedit. Click OK.
  12. Open HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.
  13. On right, right-click and remove the values with this data:
    %WINDIR%\Syswow64\[random-name].exe
    %WINDIR%\System32\[random-name].exe

In non-techie terms:

The first impression of the RIP Ransomware infection could be pretty spooky. But do not panic because there is always a way out. You can use the instructions above to terminate the infection, but computer security experts always recommend acquiring a security tool that would delete the infection and protect your PC from similar threats. Should you need any assistance with the program’s removal, do not hesitate to leave us a comment below.