File Spider ransomware - How to remove

File Spider ransomware virus is a new threat from the crypto-malware group which was discovered on 10th of December, 2017. Security researchers found two main samples of this infection and both of them are created as .doc files: BAYER_CROPSCIENCE_OFFICE_BEOGRAD_93876.doc and CUMMINS_SERBOMONTE_DOO_72225.doc. The infection appears to run a PowerShell, just like OhNo! Ransomware we discussed back in August of 2017.

The File Spider crypto-virus consists of two parts: a file for encryption called enc.exe and one for decryption, created as dec.exe. This latter file is the main GUI. Victims will be urged to read ransom notes that will launch, informing that that files are encrypted and they have to enter the recommended TOR website. Many crypto-viruses feature TOR domains: My Decrypter is one of them. If they attempt to decrypt files in other ways, all of their data might be lost forever. People wil; expect to launch one of the ransom notes by clicking on HOW TO DECRYPT FILES.url. However, this will actually run an enc.exe file. Here is original text of the ransom note:

As you may have already noticed, all your important files are encrypted and you no longer have access to them. A unique key has been generated specifically for this PC and two very strong encryption algorithm was applied in that process. Original content of your files are wiped and overwritten with encrypted data so it cannot be recovered using any conventional data recovery tool.

The good news is that there is still a chance to recover your files, you just need to have the right key.

To obtain the key, visit our website from the menu above. You have to be fast, after 96 hours the key will be blocked and all your files will remain permanently encrypted since no one will be able to recover them without the key!

Remember, do not try anything stupid, the program has several security measures to delete all your files and cause the damage to your PC.

To avoid any misunderstanding, please read Help section.

Automatic Malware removal tools

Download Spyhunter for Malware detection
(Win)

Note: Spyhunter trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions,

Download Combo Cleaner for Malware detection
(Mac)

Note: Combo Cleaner trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions, Refund Policy ,

File Spider crypto-virus encrypts files, has a Tor website and features a graphical interface

File Spider ransomware

Not surprisingly, File Spider crypto-malware appends .spider extension to damaged digital data. When users download the malicious .doc file and “Enable Editing”, powershell.exe will run. As a consequence, the ransomware will now have left an enc.exe. Then, the infection contacts Yourjavascript.com website and downloads a malicious Java Script. This is not a surprising infection as the activity of (Crypto-malware threats has significantly increased).

The technique of using malicious macros is often abused by hackers. As a result, crooks are able to perform malicious tasks, shell commands and applications. Therefore, you should always be careful when downloading .doc files. There are quite a few malicious tricks hackers can exploit when it comes to Microsoft Office files: learn more here.

By enabling editing feature, you are allowing malicious task to be accomplished automatically (without your knowledge). Consider this you find a .doc file as an attachment to one of the email letters. Before downloading the file, make sure that its sender is reliable (even Mac users should be worried).

If victims have any questions, hackers are instructing them to contact [email protected] email address. To not negotiate with creators of File Spider crypto-malware because there is no point in doing so. Hackers are still going to require ransoms for file-decryption and there is very little that you can do. Obviously, do not pay the demanded fee as crooks might not even be capable of decrypting files (https://blog.avast.com/ransomware-top-3-reasons-you-should-never-pay). On the other hand, they might be tricking users and abandoning them after the ransoms are paid.

File Spider virus

No decryption tool for the File Spider virus yet: try alternative methods

For now, security researchers cannot offer you a guaranteed fix for the encryption. However, File Spider ransomware appears to be spreading at the moment. This means that security researchers could obtain enough information to generate a free file recovery tool. Until then, victims should not pay the demanded sums of money as this will only support ransomware projects in the future. Please try universal file recovery tools that might also be capable of helping you restore data to their original form.

Furthermore, you could take a look at the Shadow Volume Copies. To be more specific, you should check whether ransomware deleted them during the process of encryption. It could be that the authors of this ransomware infection are from Germany, but this is very difficult to fully confirm.

Things to do in order to get rid of File Spider crypto-malware

Before you try any of the file-recovery options, we suggest you to get rid of the malicious files first. If you find a successful technique and recover your data, ransomware could re-encrypt data. Therefore, you can follow the guidelines bellow to get rid of the crypto-virus manually. On another hand, keeping computers malware-free is the main mission of Spyhunter. Consider installing this extremely reliable anti-malware tool and enjoy a safer browsing experience.

As for the distribution of ransomware, we are to remind you of the two most popular techniques. First of all, these infections that spread via malicious spam campaigns. In other cases, improperly protected RDPs can become the reasons for a ransomware. Lastly, some ransomware infections can end up in operating systems after users interact with malicious online advertisements.


How to recover File Spider ransomware encrypted files and remove the virus

Step 1. Restore system into last known good state using system restore

1. Reboot your computer to Safe Mode with Command Prompt:


for Windows 7 / Vista/ XP
  • Start Shutdown RestartOK.
  • Press F8 key repeatedly until Advanced Boot Options window appears.
  • Choose Safe Mode with Command Prompt. Windows 7 enter safe mode

for Windows 8 / 10
  • Press Power at Windows login screen. Then press and hold Shift key and click Restart. Windows 8-10 restart to safe mode
  • Choose TroubleshootAdvanced OptionsStartup Settings and click Restart.
  • When it loads, select Enable Safe Mode with Command Prompt from the list of Startup Settings. Windows 8-10 enter safe mode
 

2.Restore System files and settings.

  • When Command Prompt mode loads, enter cd restore and press Enter.
  • Then enter rstrui.exe and press Enter again.CMD commands
  • Click “Next” in the windows that appeared. Restore point img1
  • Select one of the Restore Points that are available before File Spider ransomware has infiltrated to your system and then click “Next”. Restore point img2
  • To start System restore click “Yes”. Restore point img3
 

Step 2. Complete removal of File Spider ransomware

After restoring your system, it is recommended to scan your computer with an anti-malware program, like Spyhunter and remove all malicious files related to File Spider ransomware. You can check other tools here.  

Step 3. Restore File Spider ransomware affected files using Shadow Volume Copies

If you do not use System Restore option on your operating system, there is a chance to use shadow copy snapshots. They store copies of your files that point of time when the system restore snapshot was created. Usually File Spider ransomware tries to delete all possible Shadow Volume Copies, so this methods may not work on all computers. However, it may fail to do so. Shadow Volume Copies are only available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8. There are two ways to retrieve your files via Shadow Volume Copy. You can do it using native Windows Previous Versions or via Shadow Explorer. a) Native Windows Previous Versions Right-click on an encrypted file and select PropertiesPrevious versions tab. Now you will see all available copies of that particular file and the time when it was stored in a Shadow Volume Copy. Choose the version of the file you want to retrieve and click Copy if you want to save it to some directory of your own, or Restore if you want to replace existing, encrypted file. If you want to see the content of file first, just click Open.
Previous version
b) Shadow Explorer It is a program that can be found online for free. You can download either a full or a portable version of Shadow Explorer. Open the program. On the left top corner select the drive where the file you are looking for is a stored. You will see all folders on that drive. To retrieve a whole folder, right-click on it and select “Export”. Then choose where you want it to be stored.
Shadow explorer

Step 4. Use Data Recovery programs to recover File Spider ransomware encrypted files

There are several data recovery programs that might recover encrypted files as well. This does not work in all cases but you can try this:
  • We suggest using another PC and connect the infected hard drive as slave. It is still possible to do this on infected PC though.
  • Download a data recovery program.
  • Install and scan for recently deleted files. Data Recovery Pro
Note: In many cases it is impossible to restore data files affected by modern ransomware. Thus I recommend using decent cloud backup software as precaution. We recommend checking out Carbonite, BackBlaze, CrashPlan or Mozy Home.

Removal guides in other languages

Leave a Reply

Your email address will not be published. Required fields are marked *