Home / Spyware Help / Snake Ransomware Removal Guide

Snake Ransomware Removal Guide

by 0 Comments

Do you know what Snake Ransomware is?

You do not want to face any file-encrypting infection, but you certainly do not want to face Snake Ransomware, also known as Ekans Ransomware. This malware encrypts personal files, just like most infections of this kind, but it also encrypts system files. Therefore, once the infected machine is rebooted, it does not start normally, and the victim has to perform Windows reinstallation. Needless to say, files are lost in the process. Even if you do not reboot the system after the attack, you are unlikely to salvage your files, and that is why this threat is so dangerous. If you have restarted your computer, you do not need to worry about the removal of Snake Ransomware per se. However, if you are still facing the ransom note introduced by the infection, you might be thinking about contacting the attackers before deleting the threat. Continue reading this report to learn why that is a bad idea.

You could have let Snake Ransomware in by clicking the wrong file attached to a spam email message. You could have let it in by executing a malicious bundled downloader. Once the threat invades the operating system, it starts encrypting files immediately. As we revealed already, Snake Ransomware encrypts both personal and system files, which makes it extremely dangerous. Besides corrupting files, it also drops one file. It is named “Fix-Your-Files.txt,” and there should be two copies of it dropped to %HOMEDRIVE% and %USERPROFILE%\Desktop directories. The message inside is pretty generic, and we have seen similar statements made by the attackers behind Dever Ransomware, Chch Ransomware, Gesd Ransomware, and many other threats alike. The main point of the message is that victims of the infection need to communicate with the attackers, but that is extremely risky.Snake Ransomware Removal GuideSnake Ransomware screenshot
Scroll down for full removal instructions

The Snake Ransomware ransom note declares that all data was encrypted using AES-256 and RSA-2048 algorithms and that it can be fully restored. It is stated that if victims purchase a “decryption tool loaded with a private key,” all files will be successfully decrypted. To learn how to pay for the tool, victims are instructed to email bapcocrypt@ctemplar.com. The attackers are even willing to decrypt three files for free just to prove that that is possible. Well, unfortunately, that is no indication of what is possible. We are sure that the attackers have a decryptor, but that certainly does not mean that they would give it to you if you paid the ransom. Unfortunately, most victims of such malware end up with nothing in their hands if they obey the demands of cybercriminals. Sometimes, free decryptors can be downloaded, but a decryptor that would crack the Snake Ransomware encryptor did not exist at the time of research.

While you cannot decrypt the files corrupted by Snake Ransomware, if you have backups, you might be able to replace the files. That is, of course, if your backups are stored outside the computer. We advise using external drives and cloud storage systems. Of course, you can only perform replacement after you reinstall Windows. Should you delete Snake Ransomware before that? There is no point in doing that because your entire operating system has been corrupted, and you would be wasting time by performing removal. After you reinstall Windows, the first thing you should do is install legitimate anti-malware software. It will secure the system to prevent new infections from attacking. Only then should you use backups to place personal files back onto your computer.

Reinstall Windows using CD/DVD/USB

  1. Insert the installation disk or USB drive.
  2. Restart the computer.
  3. Choose appropriate settings (language/time/keyboard) and click Next.
  4. Click the Install now button.
  5. Enter a product key and click Next.
  6. Select the right operating system and click Next.
  7. Check the I accept the license terms box and click Next.
  8. Select the type of installation you are following (Upgrade/Custom) and follow on-screen instructions.
  9. Once the system is reinstalled, open the Start menu.
  10. Click Settings, move to Update and Security, and click Windows Update.
  11. Click Check for updates and install all available updates.
  12. Install a trusted anti-malware program to secure your reinstalled Windows system.

In non-techie terms:

Snake Ransomware is a threat that you need to avoid because it can encrypt everything on your PC. After that, you will be left with no other option but to reinstall Windows, and if you do not have copies of your personal files saved someplace outside the computer, they will be lost too. Before you realize this, the attackers behind the threat might try to convince you to pay a ransom, but, of course, that is a waste of time and money. We do not even recommend sending an email to the attackers because we do not want you having to deal with misleading spam emails in the future. While you do not need to delete Snake Ransomware, you need to take care of a few things. First, reinstall Windows. Second, choose the right security software to protect your operating system in the future. Third, if you have not done this already, figure out the best way to backup personal files to keep them safe at all times.