The Magic Ransomware Removal Guide

Do you know what The Magic Ransomware is?

The Magic Ransomware is one of the newest HiddenTear-based ransomware infection detected by our malware researchers. A ransom note it drops on users’ PCs after encrypting their files is almost all in Italian, so specialists suspect that this infection targets computer users living in Italy primarily. Although users living in this region should be the most careful, it does not mean that other users cannot encounter this infection as well. If you have already become a victim of this nasty malicious application, our one and only recommendation for you would be to delete it as soon as possible and only then find a way to unlock those files it has encrypted. We cannot promise that it will be possible to restore the encrypted data without the decryption key, but you should not rush to pay money to cyber criminals because they might not send you the key you need either. On top of that, by paying money to malicious software developers, you encourage them to continue developing malicious applications.

The first activity The Magic Ransomware performs on users’ computers when it enters them successfully is the encryption of their personal files. Once pictures, documents, music, videos, and other valuable files become encrypted, it deletes itself but creates a copy in %HOMEDRIVE%\user\rand123. All those files it locks following the successful entrance get a new extension .locked, but their original names are not changed. It is not the only sign showing that this ransomware infection has affected the computer. You will also find on your Desktop a new .txt file READ_IT.txt. It is the ransom note. It contains only one sentence in English: “This computer has been hacked.” The rest of the text is in Italian. Users are told that they must send the ransom in Bitcoin to the provided Bitcoin address to get the key that can unlock their files. Last but not least, this ransomware infection might change your Desktop background, so we are sure you will find out about its successful entrance in no time.The Magic Ransomware Removal GuideThe Magic Ransomware screenshot
Scroll down for full removal instructions

As mentioned in the first paragraph of this article, you should not send a cent to cyber criminals even though they claim that it is the only way to unlock the encrypted data because the chances are high that you will get nothing from them even if you pay money. On top of that, we know how you can get your files back for free. You just need to have a backup on a USB flash drive or another external device – you could easily restore your files from a backup after you delete The Magic Ransomware fully. It is very important to remove the ransomware infection first because it might strike again and encrypt those restored files.

As for the distribution of The Magic Ransomware, it does not differ much from other ransomware infections. Research has shown that it might also be spread as an attachment in spam emails and, additionally, enter PCs illegally due to unsafe RDP configuration. Theoretically, users might also infect their PCs with it by downloading random software from the web. Yes, it might pretend to be a useful application or enter users’ computers together with third-party software. Either way, the ransomware removal is mandatory. Its successful entrance on your PC does not mean that you will necessarily encounter similar infections in the future. You can protect your PC by installing security software on it – do this right after the full The Magic Ransomware removal.

It would not be truth if we told you that The Magic Ransomware is very sophisticated. Because of this, we believe that its removal will not be very challenging either. What you will need to do yourself if you decide to erase it manually is to delete all suspicious recently downloaded files and remove two files belonging to this malicious application. We hope that our manual removal instructions will make it considerably easier to remove it, but if you still do not know where to start, you should acquire the automatic scanner and then launch it to remove malware from your computer automatically.

N.B Your files will not be automatically unlocked no matter you erase The Magic Ransomware manually or automatically.

The Magic Ransomware removal guide

  1. Open Explorer (tap Win+E on your keyboard).
  2. Open %HOMEDRIVE%\user\rand123.
  3. Delete local.exe.
  4. Remove ransom.jpg from %HOMEDRIVE%\user.
  5. Check %USERPROFILE%\Desktop, %USERPROFILE%\Downloads, and %TEMP%.
  6. Remove all recently downloaded files.
  7. Delete READ_IT.txt from Desktop.
  8. Empty Recycle bin.

In non-techie terms:

The Magic Ransomware is one of the nastiest infections our specialists have recently detected because it encrypts users’ personal files right away following the successful entrance. Like other ransomware-type infections, it only wants users’ money. You should not give cyber criminals a cent because it is very likely that they will still not give you the decryption key. Instead, go to eliminate the ransomware infection from your system and then go to restore your files from a backup.