Home / Spyware Help / Russian Eda2 Ransomware Removal Guide

Russian Eda2 Ransomware Removal Guide

by 0 Comments

Do you know what Russian Eda2 Ransomware is?

Russian Eda2 Ransomware can be your worst fear come true if you do not have a recent backup copy of your files. This ransomware can enter your computer behind your back and encrypt most of your pictures, videos, music files, documents, and more in a few minutes. It is almost impossible to catch this beast in the act unless you notice that you cannot access your files or that their extensions have changed to “.locked.” But it is most likely that you will only realize its presence when the ransom note picture hits your screen. This ransomware infection is built on an open-source project (Eda2 Ransomware) and mainly targets Russian computer users. You have to pay a relatively low fee to these criminals to get the decryption key without which it could be impossible to recover your files. As a matter of fact, you might get lucky because the original version has functioning decryption tools; thus, you might find websites or specialists who can offer you help. What we can provide you with is a detailed description and a way to remove Russian Eda2 Ransomware if you want to protect your computer.

According to our researchers, this ransomware may infiltrate your system in two main ways. First, the most likely way for you to let this threat onto your computer is through spam e-mails. Most ransomware are actually spread using spam. Such a malicious mail can be very deceiving. This is, in fact, one of the most common traits of ransomware: To appear something it is not. In order to deceive unsuspecting users, this infection may come as a malicious file attachment in a mail that seems very important for you to open and download its attachment. Otherwise, no one would bother to run the executable so there would be no infection, which means no income for the crooks. So, obviously, they try to fool you in a sophisticated way. For example, this spam may seem to come from a well-known institution, a reputable company, or an authority. The subject of this spam is also tricky and makes you believe that you must check it out right now. You may not even realize that the attached file is disguised as a document, an image, or a video because its icon will not show that “I am a malicious ransomware executable.”

Most users run this file right after download in order to see what kind of invoice, parking ticket, or other important-looking issue they have to face. This is the moment that they actually let this beast loose and the infection starts its vicious mission. The second way is similar in the sense that you have to click on content again to drop this malicious .exe file onto your system. In this case, this ransomware may be disguised as a driver updater. It is a common trick to present dialog boxes resembling Windows system messages to users, which are indeed malicious third-party ads promoting malware. This means that instead of installing the latest Flash player, you may end up with Russian Eda2 Ransomware instead. It is also possible that you do install a legitimate driver as well but that is just the icing on the cake, the cover story. You need to understand that even if you delete Russian Eda2 Ransomware after noticing its presence, it may be too late to save your files. That is why it is so important for you to think twice before clicking on any content while surfing the web.

This ransomware uses the AES-256 encryption algorithm to encrypt your files, including the following extensions: .txt, .doc, .docx, .xls, .xlsx, .pdf, .pps, .ppt, .pptx, .odt, .gif, .jpg, .png, .db, .csv, .sql, .mdb, .sln, .php, .asp, .aspx, .html, .xml, .psd, .frm, .myd, .myi, .dbf, .mp3, .mp4, .avi, .mov, .mpg, .rm, .wmv, .m4a, .mpa, and .wav. All these files are given a “.locked” extension; therefore, they will look something like “myimage.jpg.locked.” This whole process can take as little as 5 minutes. Once it is done, your desktop wallpaper changes to a warning picture in Russian language. This instructs you to open the “README.html” file that was created on your desktop. This file has further instructions, including the Bitcoin address you have to transfer 0.1 BTC to and the e-mail address you have to contact these criminals by. It is your decision and responsibility whether you pay or not. This amount is quite low indeed but even if you pay it, there is no guarantee that you will get the decryption key. Our researchers say that you should remove Russian Eda2 Ransomware if you want to put an end to this threat.

As a matter of fact, it is not too difficult to delete Russian Eda2 Ransomware from your computer since it does not lock your screen and does not block your system files either. Therefore, you just need to bin a few files. Please use our guide below if you want to manually clean your system of this infection. Nevertheless, it is possible that there are more malware threats on board that require your attention. We suggest that you use a trustworthy anti-malware application, such as SpyHunter, if you do not want to go into battles against all of them manually. If you need assistance with the removal of Russian Eda2 Ransomware, please leave us a comment below.

Remove Russian Eda2 Ransomware from Windows

  1. Press Win+E to launch the File Explorer.
  2. Bin the malicious .exe file (random name) you downloaded. Find the same file in the %Appdata% folder and delete it. (It is possible that some variants may automatically remove themselves after encryption.)
  3. Remove "Decrypter.exe" and "ransom.jpg" from %USERPROFILE% if you do not want to pay the ransom.
  4. Delete “README.html” from your desktop.
  5. Empty your Recycle Bin and reboot your system.

In non-techie terms:

Russian Eda2 Ransomware is a dangerous malware infection that can slither onto your system without your knowledge and encrypt your files in a matter of a few minutes. This infection is based on the open-source project called Eda2 Ransomware and may not be the only variant. Our researchers have found that this particular version is aimed at the Russian computer users. After the damage is done, this ransomware changes your desktop background and displays its notice. You are supposed to pay 0.1 BTC (approximately 58 US dollars) to a specified Bitcoin address if you want to get the decryption key. Unfortunately, experience shows that criminals rarely keep their word and there may also be technical issues that could intervene. We believe that it is important that you remove Russian Eda2 Ransomware as soon as possible. Keep in mind that this will not decrypt your files. If you want to clean your PC of all existing infections and keep it protected, you should employ a professional anti-malware program.