‘[email protected]’ Ransomware: Information
‘[email protected]’ Ransomware has come to the attention of researchers as new variant of Globe Ransomware. This ransomware has been found equipped with various layered packages which leads to successful penetration inside PC. Thereafter it reads all the existing drives and decide accordingly to carry on encryption process. ‘[email protected]’ Ransomware takes help of AES-256 and RSA-2048 ciphers to encrypt targeted files. Mostly the files related with programs like Adobe Photoshop, WPS office, Libre office, Mandriva, AutoCAD, Sony Vegas PRO and GIMP get infected. The encrypted data carries the ‘.happydayzz’ extension. The encoded files gets altered as black icon and a ransom demanding text is dropped on desktop as ‘How to recover encrypted files.hta’. Users are asked to make payment of 1 Bitcoin and to make installation of TOR browser. Besides the operators assures users for chat support who gets ready to obey them.
How ‘[email protected]’ Ransomware infects PC ?
‘[email protected]’ Ransomware infects PC through the common mechanism of malicious attachments being carried by spam emails, infected documents that seems as some important information from certified companies and other financial or bank institutions. It has been observed that people who are making use of spreadsheets regularly don’t pay attention towards making Macros functionality disabled due to which their PC falls under high risk of getting victimized by ‘[email protected]’ Ransomware.
Malicious properties of ‘[email protected]’ Ransomware
- ‘[email protected]’ Ransomware upon getting inside PC inspect all the available drives and carries the encryptions process accordingly.
- It encodes the targeted files by making use of AES-256 and RSA-2048 ciphers and adds ‘.happydayzz’ extension with all those.
- Thereafter it publishes a ransom demading text as ‘How to recover encrypted files.hta’ and users are asked to pay 1 Bitcoin as ransom to get their files back.
- It also convinces users to make download of TOR browsers and make access to hidden payment portal.
Now Researcher’s Statement
Researchers state that ‘[email protected]’ Ransomware has been developed with a view to make illegal earnings by terrifying victimized users. Therefore it is better to get an idea for most reliable anti malware utility rather than thinking of making payment to cyber crooks. The surveyed report of so far has witnessed that it is totally useless to obey the instructions of hackers because they usually ignore to fulfill their commitment of providing decryption key. This is the reason why users are not insisted to move according to flashed ransom message. Apart from this, researchers always say to backup all the files in an external drive, saved inside PC.
Follow Steps to Remove ‘[email protected]’ Ransomware from PC
Step 1: Know How to Reboot Windows PC in Safe Mode (This guide is meant for novice users)
Step 2: ‘[email protected]’ Ransomware removal Using System Restore
Still, if you are facing problem in rebooting PC in Safe mode, opt for System Restore. Follow the steps given below.
Prss F8 continously until you get Windows Advanced Options Menu on Computer Monitor. Now Choose Safe Mode with Command Prompt Option and Tap enter
In the Command Prompt Windows, you need to type this command : cd restore and Select Enter
Now type rstrui.exe as command and press on Enter
This will open a new window to Restore System Files and Settings. Click on Next to proceed.
Kindly select the Restore Point from the date you want to restore back your system as it was earlier to ‘[email protected]’ Ransomware attack
Step 3 Use ShadowExplorer to Restore ‘[email protected]’ Ransomware Encrypted Files
Alternatively, you can also use ShadowExplorer to Restore Encrypted files due to ‘[email protected]’ Ransomware Attack.
When ‘[email protected]’ Ransomware attacks it generally tries to delete all shadows copies which is stored in your computer. But there are chances that ‘[email protected]’ Ransomware is not able to delete the shadow copies everytime. So you need to restore the original files using shadow copies.
Follow these simple steps to restore original files through shadowexplorer
- you need to download shadowexplorer link from http://www.shadowexplorer.com/downloads.html
- Install it on your system
- Now you need to open shadowexplorer and select c: drive on left panel
Another method for recovering your decrypted files are file recovery software
If above methods are not successful you can go for file recovery software. It can be helpful in recovering your encrypted files as ‘[email protected]’ Ransomware first makes a copy of original files and then encrypt it. After encryption it deletes the original files. So there is high probability that these file recovery software can help you in recovering your original files.