CSGO Ransomware - How to remove

CSGO virus features a name that is well known for gaming community – probably one of the most popular online game right now is named exactly the same. It seems like it is a new trend to name ransomware viruses after popular online games, as we have already seen PUBG ransomware. You might think that CSGO virus and PUBG ransomware were developed by the same person or hackers team, yet it is not true – PUBG was developed by someone that goes by the nickname NATroutter.

Usually, ransomware infections are plain simple – they infect computers, encrypt data stored on the hard drive and then ask for a ransom to be paid in order to unlock those files. PUBG ransomware is much more advanced and features other abilities. Fors instance, it can tell whether you have CSGO (the game) installed on your computer or not, detect most of anti-malware and anti-virus software that is running on your computer or even tell if it is running on a virtual drive on your computer.

How to tell if your computer is infected with CSGO virus? It’s pretty obvious because a new desktop picture informing you about that will be set automatically. If you are suffering from this virus, please continue reading this article and learn how did it infected your system and how to remove it.

Game playing time instead of a ransom

CSGO ransomware definitely stands out of a crowd regarding “the payment” of the ransom. Most of the time ransomware viruses requires a ransom to be paid in one of the cryptocurrencies or PayPal, yet in this case, you will be asked to play Counter-Strike Global Offensive first-person shooter game for 5 hours.

It sounds funny and absurd at the same time. It’s obvious that cybercriminals are creating and distributing malware in order to make money out of it or steal some private data and sell it later on, but in this case, playing an online game as a way to get your files back just doesn’t make any sense.

The most logical explanation for this situation is that cybercriminals just want to entertain themselves and this seems to be funny to them. However, it isn’t that funny when you are the one suffering from the virus. Even though you won’t be forced to actually pay the ransom and lose your money, your personal files will be locked and inaccessible.

CSGO virus is capable of infecting all most common file types, so your photos, text documents, audio and video files will be definitely locked. After that, the image on your screen will be automatically changed to default CSGO ransomware image with a short message and a clock that tracks the time you have played CSGO. Original text:

OOPS. All your important data is encrypted

How this happens???
This happens because your computer has been infected by CSGO Ransomware

How can i get my files back???
If you want to get your files back you need to play 5 hours of csgo and then you get your exclusive decrypting key waht you can use to decrypt your files

Who is behind all this???
Behind of all this madness is BeaverSquad group of professional coders and gamers

Played Time: 00:00:00:00
Status: Waitting for CSGO

Even though they claim that this virus was developed by BeaverSquad, more reliable sources claim that someone with a nickname NATroutter stands behind it. In case you have nothing to do with gaming and CSGO game is something you have never heard about before, they will automatically install it on your computer and force you to play it. What’s more interesting – the play time clock displayed on a screensaver actually works and counts the time you have played the game.

How to eliminate CSGO Ransomware?

Obviously, you have two choices in front of you – you can “play” the game for 5 hours and then retrieve your files, or you can remove the virus and try to recover your files manually. It is not known if CSGO ransomware will unlock your files even after you play the game for 5 hours, but it’s definitely worth a try. You don’t have to actually play it – just open the game and leave it running while you are not using your computer.

However, if you need your files right now and 5 hours is too long for you to wai, please scroll down below this article and follow manual instructions that will help you to restore your files.

Either way, you need to remove CSGO ransomware from your computer. Just the fact that it somehow managed to get into your system is an alarm signal that you should strenghten overall security of your computer. To do that and remove the virus you should get yourself a decent anti-malware application, such as Spyhunter. Scan your computer with either one of them and the virus will be removed immediately.

How to recover CSGO Ransomware encrypted files and remove the virus

Step 1. Restore system into last known good state using system restore

1. Reboot your computer to Safe Mode with Command Prompt:

for Windows 7 / Vista/ XP

• Start → Shutdown → Restart → OK.
• Press F8 key repeatedly until Advanced Boot Options window appears.
• Choose Safe Mode with Command Prompt.

for Windows 8 / 10

• Press Power at Windows login screen. Then press and hold Shift key and click Restart.
• Choose Troubleshoot → Advanced Options → Startup Settings and click Restart.
• When it loads, select Enable Safe Mode with Command Prompt from the list of Startup Settings.

 

2.Restore System files and settings.

• When Command Prompt mode loads, enter cd restore and press Enter.
• Then enter rstrui.exe and press Enter again.
• Click “Next” in the windows that appeared.
• Select one of the Restore Points that are available before CSGO Ransomware has infiltrated to your system and then click “Next”.
• To start System restore click “Yes”.

 

Step 2. Complete removal of CSGO Ransomware

After restoring your system, it is recommended to scan your computer with an anti-malware program, like Spyhunter and remove all malicious files related to CSGO Ransomware. You can check other tools here.  

Step 3. Restore CSGO Ransomware affected files using Shadow Volume Copies

If you do not use System Restore option on your operating system, there is a chance to use shadow copy snapshots. They store copies of your files that point of time when the system restore snapshot was created. Usually CSGO Ransomware tries to delete all possible Shadow Volume Copies, so this methods may not work on all computers. However, it may fail to do so. Shadow Volume Copies are only available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8. There are two ways to retrieve your files via Shadow Volume Copy. You can do it using native Windows Previous Versions or via Shadow Explorer. a) Native Windows Previous Versions Right-click on an encrypted file and select Properties → Previous versions tab. Now you will see all available copies of that particular file and the time when it was stored in a Shadow Volume Copy. Choose the version of the file you want to retrieve and click Copy if you want to save it to some directory of your own, or Restore if you want to replace existing, encrypted file. If you want to see the content of file first, just click Open.

b) Shadow Explorer It is a program that can be found online for free. You can download either a full or a portable version of Shadow Explorer. Open the program. On the left top corner select the drive where the file you are looking for is a stored. You will see all folders on that drive. To retrieve a whole folder, right-click on it and select “Export”. Then choose where you want it to be stored.

Step 4. Use Data Recovery programs to recover CSGO Ransomware encrypted files

There are several data recovery programs that might recover encrypted files as well. This does not work in all cases but you can try this:

• We suggest using another PC and connect the infected hard drive as slave. It is still possible to do this on infected PC though.
• Download a data recovery program.
• Install and scan for recently deleted files.

Note: In many cases it is impossible to restore data files affected by modern ransomware. Thus I recommend using decent cloud backup software as precaution. We recommend checking out Carbonite, BackBlaze, CrashPlan or Mozy Home.

Manual removal