Taka Ransomware Removal Guide

Do you know what Taka Ransomware is?

Taka Ransomware is a new file-encrypting infection that uses an .xxx extension. The entrance of this infection means that all the files will be encrypted by adding the new extension to them. After this threat finishes doing that, a window with the information for users will be opened. It can be closed easily, but it will be opened for you again when you log in to Windows. It can do that because it creates a task called enc in the Task Scheduler. The presence of the new filename extension and a strange window covering the screen is not the only symptom that will tell you about the entrance of malicious software. What you will also notice on your Desktop is a new .txt file help_dcfile.txt after Taka Ransomware finishes encrypting files it finds stored on the computer. This file is a ransom note. If you have already checked the .txt file as instructed, you probably already know that the decryption tool will cost 0.5 Bitcoin (~$300) for you. Even though it seems that paying this amount of money to cyber criminals is the only way to unlock those personal files, we suggest that you do not hurry to make a payment. First of all, you need to know that there are no guarantees that you will get the decryptor even though cyber criminals promise to send an email to a public email account on mailinator.com with a link to download the tool for unlocking files shortly after they receive your money. Secondly, you should know that it might be possible to unlock those files without the special tool. It is very true if you have copies of all your files. Of course, you should focus on the deletion of Taka Ransomware first.

Even though Taka Ransomware is a recently developed ransomware infection, it does not differ from threats created by cyber criminals some time ago, i.e. it also locks files it manages to find on the computer and then tries to obtain money from people. As we have already mentioned, it opens a window saying that all personal files are encrypted and users have to check the help_dcfile.txt to get further instructions. You can find this file on Desktop. Users who open it immediately find out that Taka Ransomware has encrypted their files using “a unique public key AES and RSA generated for this computer.” It is said that the private key that can help to unlock files can be purchased for 0.5 Bitcoin, and the payment has to be made within 72 hours if a user does not want it to be destroyed permanently. To be frank, it does not mean that you could decrypt your files if you make a payment and validate it. Yes, the decryptor might not even be sent to you, so you risk losing money in exchange for nothing. Users who are not going to transfer the money cyber criminals require should remove Taka Ransomware immediately. Once you are done with it, you should then try to recover files using third-party software or wait for specialists to develop a free decryptor.Taka Ransomware Removal GuideTaka Ransomware screenshot
Scroll down for full removal instructions

Taka Ransomware always enters computers without a user’s consent. It is distributed exactly like other ransomware infections – it comes as an attachment in spam emails. To fool users into believing that the attachment is harmless, the malicious file has the icon of Java. Once you open such an attachment, the executable file of the ransomware is dropped into %PROGRAMFILES(x86)% with a random name, e.g. 8II21E.exe. Do not open spam emails ever again if you do not wish to encounter another ransomware infection. Hundreds of new threats have been developed recently by cyber criminals, so you should also install a security tool on your computer. You will be safe as long as you keep it active.

Fortunately, Taka Ransomware does not block system utilities and Desktop, so it is not that hard to delete it from the system manually. What you need to do to erase it is to remove the .exe file that has been dropped into the Program Files folder, remove the task from the Task Scheduler, and delete the .txt file from Desktop. If it is the first time you are going to get rid of the ransomware infection yourself, we suggest using our step-by-step manual removal guide. If you do not find our instructions very helpful, acquire a trustworthy automatic scanner, such as SpyHunter and then scan your system with it once.

How to remove Taka Ransomware

  1. Tap Win+E.
  2. Type %PROGRAMFILES(x86)% in the URL bar and tap Enter.
  3. Delete the file with a random name (6 characters) having the Java icon (another icon might be used in future versions).
  4. Go to %WINDIR%\Tasks.
  5. Remove the enc task.
  6. Locate and delete the text file help_dcfile.txt from Desktop.
  7. Empty the Recycle bin.

In non-techie terms:

If you have a ransomware infection on your computer, it means that your computer is unprotected, and there might be other threats hiding on it and working in the background. Users who delete Taka Ransomware automatically take care of all those threats too; however, if you have erased Taka Ransomware manually, these infections are left untouched. Therefore, it would be smart to scan the system with a diagnostic scanner and then remove all of them (if the scanner really detects untrustworthy software).