Home / Spyware Help / Taargo Ransomware Removal Guide

Taargo Ransomware Removal Guide

by 0 Comments

Do you know what Taargo Ransomware is?

Are you always careful when online? Is your Windows operating system is protected? If you are not and if it is not, Taargo Ransomware can invade your computer and take a hold of your files without you even knowing about it. When this malicious infection slithers into your operating system, it encrypts personal files, which means that the data of documents – including DOCs or PDFs – photos and media files is jumbled. This mess can be read by the attackers using a decryptor, and that is what they are holding over the heads of their victims. They use an intimidating message to convince victims that they can purchase a decryptor, but we hope that you know better than to trust cybercriminals. We do not recommend paying the ransom. Instead, we recommend removing Taargo Ransomware.

GlobeImposter Ransomware is the predecessor of Ox4444 Ransomware, Pig4444 Ransomware, as well as many other file-encrypting threats, including Taargo Ransomware itself. We do not know who exactly created this threat, but these days, it does not take much for even amateurs to build their own versions of file encryptors. In most cases, all threats from this group rely on spam email attachments, malicious downloaders, and system vulnerabilities to slither in. Do you know how Taargo Ransomware got into your operating system? This is important to figure out because that might help you locate the launcher of the threat. If you cannot locate it, removing the ransomware manually might become impossible. Luckily, there are other options besides the manual removal. Of course, before you can even start thinking about it, you are likely to worry about the fate of your personal files.

When Taargo Ransomware encrypts files, “.[taargo@olszyn.com].taargo” is added to their names to mark them. Due to this, you do not need to try opening every personal file you have to see whether or not it was encrypted. Unfortunately, this malware can autostart with Windows, and so it can start the encryption process again and again, for as long as it is present on your operating system. Due to this, you do not want to download any important files on your computer or even replace the corrupted files with backups. Speaking of backups, do you have copies of personal files stored online/on external drives? If you do, once you delete Taargo Ransomware, you will be able to replace the corrupted files without much trouble. If that is not an option, can you use third-party decryptors? At the time of analysis, there were no legitimate decryptors that could restore the files corrupted by this ransomware.Taargo Ransomware Removal GuideTaargo Ransomware screenshot
Scroll down for full removal instructions

Although the attackers behind Taargo Ransomware use a file named “how_to_back_files.html” to convince victims that they would obtain a legitimate decryptor as soon as they emailed taargo@iran.ir, taargo@feecca.com, or taargo@olszyn.com and then also paid the ransom, we want to warn you. The attackers are ready to promise you anything to get your money and trap you in a scam. Note that once you expose yourself and pay the ransom, you will not be safe unless you change your email address, and you will not get your money back either. This is why you want to focus on the removal of the infection. If you can locate the launcher of the threat, you can try deleting Taargo Ransomware yourself using the guide below. If you cannot get rid of the infection manually, employ a legitimate anti-malware program. It will automatically find and erase every single malware component.

Remove Taargo Ransomware

  1. Launch File Explorer by tapping Win+E keys together.
  2. Enter %LOCALAPPDATA% into the quick access bar at the top.
  3. Identify and Delete the [unknown name].exe file that belong to the ransomware.
  4. Launch Run by tapping Win+R keys together.
  5. Enter regedit into the Open dialog box and click OK to access the Registry Editor.
  6. Go to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce.
  7. Delete the value named BrowserUpdateCheck (the value data reveals the name of the file in step 3).
  8. Finally, Delete every single copy of the ransom note file named how_to_back_files.html.
  9. Exit Registry Editor and File Explorer and then Empty Recycle Bin.
  10. Immediately install a legitimate malware scanner to check for leftovers of the threat.
  11. If any threats are found, delete them ASAP.

In non-techie terms:

Taargo Ransomware is a malicious infection. There is no other way to look at this threat. Unfortunately, this is not the kind of infection that you can just forget about once you delete it. Whether you delete this malware manually (see the guide below) or using an automated anti-malware tool, your personal files will remain decrypted. The attackers suggest contacting them and paying a ransom for an alleged decryptor, but if there is one thing we know for sure it is that trusting cybercriminals and their promises is a mistake. Hopefully, you have copies of all corrupted files and can use them as replacements after you delete Taargo Ransomware. In the future, do not forget to create copies for all important files, and also remember that even the most convincing spam emails and unfamiliar downloaders can be used by cybercriminals.