RansomAES ransomware infection is a newly-detected crypto-malware, and researchers first spot it in May, 2018. It encrypts file using AES algorithm, and adds .RansomAES extension to the damaged digital data. According to researchers, the virus encrypts files from the desktop and every drive’s root folder. After looking closer into the ransomware, we found out that RansomAES crypto-virus could be related to an older version named Wcry.
RansomAES crypto-malware targets Koreans and instructs people to contact
In the case of the new variant, it is potentially designed to infect people from Asian-speaking countries because the ransom note READ ME.txt and the new desktop background contain information in the Korean language. People whose digital files have been scrambled by the RansomAES Ransomware are supposed to send email letters to hackers thru [email protected] or [email protected] email addresses.
Of course, we never recommend contacting the hackers as they are only going to try to intimidate into thinking that paying the ransom is the only choice (Ransomware: Why You Should Never Pay). While engaging in a conversation with crooks is bad idea, purchasing bitcoins and sending them to extortionists is even worse. There are no guarantees that hackers are actually going to provide you with functional decryption key. In reality, you might pay the ransom, and never receive the promised good.
In the e-mail, victims will also have to include their personal ID number (this will probably determine the demanded ransom). However, we do not recommend contacting extortionists: they will continue to intimidate you and will also inform you of a ransom. The detected sample is RansomAES.exe, and the ransomware has been named accordingly. According to research, the virus deletes all Shadow Volume Copies. Therefore, people won’t be able to restore their files using the Shadow Volume option. The RansomAES crypto-virus is said to be capable of encrypting 41 file types.
How to protect your files from this RansomAES virus?
This section this relevant to you if you have not become a victim of ransomware, but simply wish to protect your files as a precaution. Do this by placing important data in backup storages. In case the original files are going to get encrypted by ransomware, you will be able to retrieve them from reliable sources. On the other hand, you might also protect some of your files by placing them on USB flash drives.
Currently, there is no known way to decrypt files that have been encrypted by RansomAES crypto-malware. If security researchers come up with a free decryptor for this ransomware, we will sure to inform you. Until then, you can try using third-party decryption programs, but make sure to make copies of encrypted files in cases third-party programs ruin them.
How is the RansomAES crypto-virus distributed?
First of all, many of the ransomware variants are distributed thru spam emails. If you receive an email letter from a suspicious source, do not forget to check whether the message is really legitimate, and originates from a source you can trust. If the email letter seems to be too good to be true (offers free stuff) or warns you of compromised credit cards or problems with your task refunds.
We provide specific guidelines for the removal of ant type of ransomware virus. However, in order to be able to get rid of the virus effectively, you should run a scan with Spyhunter. They will detect all potentially dangerous files in your computer and will offer their immediate removal. For the manual guidelines, read this article. Take a look at the initial steps you have to:
The manual removal includes these steps:
- Rebooting your computer in Safe Mode (Enable Safe Mode with Command Prompt)
- Once Command Prompt launches, type in cd restore and press enter.
- Enter rstrui.exe and press enter again.
- Click “Next” in the Window which appeared.
- Select one of the Restore Points which would suggest a date before Magniber ransomware infected your device.
- Click “yes” to start a system restore.
Automatic Malware removal tools