SnowPicnic Ransomware - How to remove

SnowPicnic is a recently discovered computer virus that is officially listed as ransomware. Various cyber security experts believe that it is a clone of EnybenyCrypt virus, but it’s not known whether it is distributed by the same cyber criminals. Also, SnowPicnic ransomware employs different extension to lock files, so the same decryptor can’t be used for EnybenyCrypt and SnowPicnic.


Unfortunately, if you got infected with SnowPicnic, this might result in very severe consequences. Your computer will be completely paralyzed and all personal files will be locked using strong cryptography – a special tool is needed in order to reverse the process and make them usable once again. This special tool is in the hands of cyber criminals distributing SnowPicnic virus and they want you to pay for it, this is how most of the ransomware infections work. Luckily, SnowPicnic won’t touch your systemic files, so you will be able to continue using your Windows operating system.

The priority in this kind of situation is to remove the virus itself and then unlock files that have been affected by this infection. We will help you to do that successfully and guide you through the removal of SnowPicnic. Also, we will provide you instructions on how to unlock files decrypted by SnowPicnic.

Malicious Features of SnowPicnic

Snowpicnic ransomware remove

Since SnowPicnic is categorized as a ransomware, it’s clear that they have one goal – infect as many computers as possible and then demand to pay a ransom. To distribute malicious files SnowPicnic employs spam emails. You should already know that it’s not recommended to open emails from Spam category, especially files attached to them. Email service providers nowadays are pretty good in filtering possibly dangerous emails, so you should trust the algorithm and don’t browse the spam folder.

It’s relatively easy to get a computer infected with SnowPicnic virus – if you download files attached to the spam email to your computer, infections process starts automatically and all necessary assets are uploaded to your system. It’s very difficult to stop the virus at this point. However, it’s not impossible if you have trustworthy anti-malware software with real-time protection feature operating on your computer. We suggest to take a look at IObit Malware Fighter – this anti-malware program has a feature dedicated to fighting against ransomware. They block any unauthorized attempts to make changes to files stored on the system, so even if the ransomware is already inside of your computer, it can terminate it and prevent the encryption.

However, if the virus successfully entered and encrypted your personal files, you should notice that every single encrypted file now features a unique .snowpicnic extension at the end. You should also notice a new text file called “Read.TXT” on your desktop. It’s a ransom note with the information about ransom payments. Original text from SnowPicnic ransom note:

Your files has been encrypted with Millitary Grade Algorithm AES-256 (Advanced Encrypting Standard) h[tt]ps://en.wikipedia[.]org/wiki/Advanced_Encryption_Standard,
And for decrypt: Buy to my wallet 0 bitcoins, not 0.5, not 1, not 2,0 bitcoins!ator will be crypted, obfuscated, and encoded with ASCII chars. Abort – spread to all computers. Retry – Record to BIOS and Hard Disk for installation and spreading before reinstalled:***
Good luck!
Good bye!’

It’s tough to say if cyber criminals behind this ransomware are only messing around or just testing the system because at the moment they don’t require the money. Eventually, even if you are willing to pay them, it is not possible to receive working decryptor.

snowpicnic virus files

It might look like a joke to them, but it’s not that funny if you are a victim. Even though there is no possibility to buy a decryptor and free decryptor for .snowpicnic file extension is not released yet, there are other options that could help you solve this situation. We have analyzed various ransomware viruses, including but not limited to [email protected]CommonRansomNemesis virus, and there is always a way to remove it and restore encrypted files.

Removal of SnowPicnic Virus

First of all, you need to make sure that no malicious files of SnowPicnic virus are still operating on your computer. To do that, we recommend to scan it with Spyhunter. Just a simple scan should allow detecting and automatically remove the virus.

Now, when the virus is removed, you should take care of your encrypted files. Basically, there are two options – they can be either restored from a backup or you can use files recovery tool to do this job. If you have a valid backup file that was created before the infection and that wasn’t damaged by SnowPicnic Ransomware, you can perform a full system restore. However, if that is not available, try to download and use the ’free. Also, you can ask us for assistance in the comments section below.

Automatic Malware removal tools

Download Spyhunter for Malware detection
(Win)

Note: Spyhunter trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions,

Download Combo Cleaner for Malware detection
(Mac)

Note: Combo Cleaner trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions, Refund Policy ,



How to recover SnowPicnic Ransomware encrypted files and remove the virus

Step 1. Restore system into last known good state using system restore

1. Reboot your computer to Safe Mode with Command Prompt:


for Windows 7 / Vista/ XP
  • Start Shutdown RestartOK.
  • Press F8 key repeatedly until Advanced Boot Options window appears.
  • Choose Safe Mode with Command Prompt. Windows 7 enter safe mode

for Windows 8 / 10
  • Press Power at Windows login screen. Then press and hold Shift key and click Restart. Windows 8-10 restart to safe mode
  • Choose TroubleshootAdvanced OptionsStartup Settings and click Restart.
  • When it loads, select Enable Safe Mode with Command Prompt from the list of Startup Settings. Windows 8-10 enter safe mode
 

2.Restore System files and settings.

  • When Command Prompt mode loads, enter cd restore and press Enter.
  • Then enter rstrui.exe and press Enter again.CMD commands
  • Click “Next” in the windows that appeared. Restore point img1
  • Select one of the Restore Points that are available before SnowPicnic Ransomware has infiltrated to your system and then click “Next”. Restore point img2
  • To start System restore click “Yes”. Restore point img3
 

Step 2. Complete removal of SnowPicnic Ransomware

After restoring your system, it is recommended to scan your computer with an anti-malware program, like Spyhunter and remove all malicious files related to SnowPicnic Ransomware. You can check other tools here.  

Step 3. Restore SnowPicnic Ransomware affected files using Shadow Volume Copies

If you do not use System Restore option on your operating system, there is a chance to use shadow copy snapshots. They store copies of your files that point of time when the system restore snapshot was created. Usually SnowPicnic Ransomware tries to delete all possible Shadow Volume Copies, so this methods may not work on all computers. However, it may fail to do so. Shadow Volume Copies are only available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8. There are two ways to retrieve your files via Shadow Volume Copy. You can do it using native Windows Previous Versions or via Shadow Explorer. a) Native Windows Previous Versions Right-click on an encrypted file and select PropertiesPrevious versions tab. Now you will see all available copies of that particular file and the time when it was stored in a Shadow Volume Copy. Choose the version of the file you want to retrieve and click Copy if you want to save it to some directory of your own, or Restore if you want to replace existing, encrypted file. If you want to see the content of file first, just click Open.
Previous version
b) Shadow Explorer It is a program that can be found online for free. You can download either a full or a portable version of Shadow Explorer. Open the program. On the left top corner select the drive where the file you are looking for is a stored. You will see all folders on that drive. To retrieve a whole folder, right-click on it and select “Export”. Then choose where you want it to be stored.
Shadow explorer

Step 4. Use Data Recovery programs to recover SnowPicnic Ransomware encrypted files

There are several data recovery programs that might recover encrypted files as well. This does not work in all cases but you can try this:
  • We suggest using another PC and connect the infected hard drive as slave. It is still possible to do this on infected PC though.
  • Download a data recovery program.
  • Install and scan for recently deleted files. Data Recovery Pro
Note: In many cases it is impossible to restore data files affected by modern ransomware. Thus I recommend using decent cloud backup software as precaution. We recommend checking out Carbonite, BackBlaze, CrashPlan or Mozy Home.

Leave a Reply

Your email address will not be published. Required fields are marked *