Home / Spyware Help / Skeleton Ransomware Removal Guide

Skeleton Ransomware Removal Guide

by 0 Comments

Do you know what Skeleton Ransomware is?

Skeleton Ransomware is a harmful malicious application our researchers have detected recently. It has turned out that it is a new version of Blind Ransomware and Napoleon Ransomware. Even though it is brand new, it works exactly like older threats that belong to the crypto-malware family. That is, it encrypts users’ files with the AES (Advanced Encryption Standard) cipher and then uses the RSA key to encrypt AES. It does that so that it would be impossible for users to decrypt their files without the special decryption tool. Of course, only cyber criminals have it, and they do not give it to them for free. It should be noted that Skeleton Ransomware does not demand money from victims immediately after encrypting their personal files. Instead, users are told to contact crooks by sending them a unique ID indicated in the ransom note first. Do not even bother writing an email to them because there is no doubt that they will ask you to send money to them. It is unclear whether you could unlock your files after you make a payment, so you should not transfer a cent to cyber criminals behind this ransomware infection. What we expect you to do instead is to remove this malicious application from your computer immediately after you find out about its existence. You are lucky – this ransomware infection is far from sophisticated malware, so you could delete it from your system quite easily. Read the rest of this article to find more.Skeleton Ransomware Removal GuideSkeleton Ransomware screenshot
Scroll down for full removal instructions

Even though Skeleton Ransomware does not drop any additional files and does not make any other modifications on victims’ computers, it is still considered a harmful malicious application because it enters computers illegally so that it could encrypt personal data and, at the same time, help cyber crooks to obtain some money from users. Our researchers who have analyzed this threat say that it encrypts almost all files on affected computers. Luckily, it does not touch the %WINDIR% folder that contains Windows files and web browsers. All encrypted files get the .[skeleton@rape.lol].skeleton extension appended to them, so users soon find out about the successful entrance of Skeleton Ransomware even though it tries to enter systems unnoticed. It is impossible not to notice its entrance also because it creates a new file How_Decrypt_Files.txt in all affected folders. This file is a ransom note that explains to users what has happened to their files and what they need to do next:

Hello !

All your files have been encrypted !

If you want restore your files write on email - skeleton@rape.lol

In the subject write – {Unique ID}

In our opinion, there is no point in writing an email to the provided email address because we are sure you will receive an answer from cyber criminals telling you to send a ransom to them in exchange for the decryption tool. The chances are high that you will not even get it from them. They just want your money, so you risk making a payment for nothing if you decide to purchase the decryptor. We are not going to lie – it might be impossible to unlock files without the decryptor because Skeleton Ransomware uses a strong encryption algorithm to lock data on compromised machines. There is only one way to restore data for free we know about – you can replace those encrypted files with unencrypted data located in a backup outside your machine. Do this only after you clean your system.

No matter you decide to pay money to crooks or not, you must delete Skeleton Ransomware from your computer so that you could not launch it again. Since it is not one of those infections that drop files, create registry entries, or make other changes, its removal is quite easy – you just need to delete the malicious file you have launched and then eliminate ransom notes (How_Decrypt_Files.txt) from all affected directories. If you wish to delete Skeleton Ransomware quicker or do not think that you are experienced enough to erase malware from the system all alone, you should use a powerful automatic malware remover.

Delete Skeleton Ransomware

  1. Press Win+E.
  2. Go to find the malicious file launched (it should be located in %USERPROFILE%\Desktop, %USERPROFILE%\Downloads, or %APPDATA%) and delete it.
  3. Remove How_Decrypt_Files.txt from all affected directories.
  4. Empty Trash.

In non-techie terms:

Skeleton Ransomware is quite a simple but harmful infection that is distributed by cyber criminals seeking to obtain money from users. It is the reason it goes to encrypt all users’ files right away following the successful entrance as well. If your files have already been locked, you should know that paying money to cyber crooks is not an option because there are no guarantees that they will give you the working decryptor. Also, they will continue developing new threats which you might encounter in the future if you support them.