SOLO Ransomware - How to remove

SOLO ransomware is the newest cryptovirus discovery, which was spotted by the malware expert @demonslay335 on October 22, 2018. This ransom demanding threat seems to be targeting German-speaking regions since the ransom note is written in German, however, that does not mean that SOLO virus cannot infect your PC if you are located elsewhere. SOLO Verschlüsselungssoftware (SOLO encrypting software) works like any other ransomware – it encrypts all files and asks for a payment in order to decrypt them. Cybersecurity specialist also points out that there is a stat counter included in the ransom note as well.

Although cryptoviruses are becoming less popular compared to crypto miners, understanding SOLO virus and knowing how to deal with it is fairly important and can definitely save your Windows and the wallet. Here in this post, we’ll teach our readers the basic working principles of SOLO ransomware, its spreading methods and possible ways to get rid of it, both – automatically and manually.

What does SOLO ransomware do

SOLO ransomware acts exactly like CharmKatyushaDistrict ransomware or EbolaRnsmwr, except for some features which are only unique to each virus. SOLO uses AES algorithm to encrypt victim’s files, .SOLO extension to mark them, German language, ransom note and asks 0.2 BTC ($1280 USD) ransom amount. These qualities make up a notorious malware which aims to lure out money from innocent people by infecting their computers and then asking for a ransom. 

Overall, by looking at the ransom note and seeing .SOLO string at the end of your every personal file it is not hard to recognize this threat. All the pictures, videos, music and etc. get marked by the virus extension (‘video.mp4’ turns into ‘video.mp4.SOLO’), which together with the note, serve as a scaring factor and information provider to the victim, who is expected to pay the crooks. But this happens in the final infection stages and before that SOLO virus has to complete lots of tasks to successfully present itself to the user. That includes copying itself into various directories and modifying a lot of files for the persistence, control, and invisibility. (Cryptography)

Solo ransomware ransom note

Here is what the ransom note ‘IHRE_DATEIEN_SIND_VERSCHLUESSELT.html’ says:

Alle Ihre Dateien wurden verschlüsselt.
Ihr Computer wurde mit der SOLO Verschlüsselungssoftware infiziert. Ihre Dateien wurden verschlüsselt und können nicht von Ihnen selbst entschlüsselt werden.
Bitte nehmen Sie keine versuche vor, Ihre Dateien selbst zu entschlüsseln, im schlimmsten Fall werden Sie Ihre Dateien beschädigen und somit für immer **unverschlüsselbar machen.**
Um Ihre Dateien zu entschlüsseln, benötigen Sie unsere spezielle Entschlüsselungssoftware:
SOLO Decrypter welche alle Ihre verschlüsselten Dateien sofort entschlüsselt, desweiteren entfernt die Software die SOLO Verschlüsselungssoftware von Ihrem PC.
Der Preis für die Entschlüsselungssoftware beläuft sich auf 0.2 Bitcoin (etwa $1,200).
Bitcoin können Sie auf einen der vielzähligen Krypto-Marktplätzen ganz einfach per Kreditkarte oder Banküberweisung kaufen. Beispiele zu Diensten, wo Sie Bitcoin kaufen können:
Bitpanda – Kreditkarte, SOFORTueberweisung, Giropay, Bankueberweisung
BTC Direct – Kreditkarte, SOFORTueberweisung, Giropay, Bankueberweisung
ANYcoin Direct – SOFORTueberweisung, Giropay, Bankueberweisung
Localbitcoins – Grosse Anzahl an Zahlungsmoeglichkeiten
Coinmama – Kreditkarte
Weitere Möglichkeiten finden Sie mit einer kurzen Google suche nach ‘Bitcoins kaufen’.
Nachdem Sie die benötigte Anzahl an Bitcoins (0.2 BTC) erworben haben, senden Sie diese an die folgende Bitcoin-Adresse:
Adresse: 151oCJ1espbmqya9Vj2xxjxi1APb8zhqYR
Betrag: 0.2 BTC
Nachdem wir den kompletten Betrag erhalten haben, wird ihnen automatisch die Entschlüsselungssoftware zum Download bereit gestellt (bitte nehmen Sie keine modifikationen an dieser Datei vor, damit die ordnungsgemäße Funktionalität sichergestellt ist).
Der komplette Betrag wurde noch nicht bezahlt.
Entschlüsselungssoftware Herunterladen

———————————————————————————————

All your files are encrypted.
Your computer has been infected by the SOLO program. Your files have been encrypted and cannot be decrypted by you.
Please do not try to decrypt your files yourself, in the worst case you will damage your files and thus make them ** undecryptable forever **
To decrypt your files, you need a special program to decrypt:
SOLO Decrypter, which immediately decrypts all your encrypted files, and also removes the SOLO software for encryption from your PC.
The price of decryption software is 0.2 Bitcoin (about $ 1,200).
You can easily buy Bitcoin at one of the many crypt markets with a credit card or bank transfer. Examples of services where you can buy bitcoin:
Bitpanda – Credit Card, Instant Bank Transfer, Giropay, Bank Transfer
BTC Direct – Credit Card, Instant Bank Transfer, Giropay, Bank Transfer
ANYcoin Direct – SOFORT Transfer, Giropay, Bank Transfer
Localbitcoins – a large number of payment options
Coinmama – credit card
You can find more options with a short Google search for “buying Bitcoins”.
After purchasing the required number of bitcoins (0.2 BTC), send them to the following bitcoin address: 151oCJ1espbmqya9Vj2xxjxi1APb8zhqYR
amount: 0.2 BTC
After we receive the full amount, the decryption software will automatically be provided to you for download (please do not make any changes to this file to ensure proper functionality).
Full amount not yet paid.
Download decryption program
Powered by AES.

As you can tell from the SOLO’s note, it expects users to send money to a certain cryptocurrency address and automatically unlock their files, but most likely it is a scam and despite paying a huge amount of money, the victim is less likely to get their data back. We never advise paying the ransom, because as history shows not that many people get their files unlocked by the crooks and get fooled twice.

How does SOLO virus infect Windows

Just like any other ransomware, SOLO virus uses Socially engineered emails to go around the virtual world infecting gullible users that press on malicious ransomware infected attachments. Macros is still the most popular cryptovirus distributing vector because of its simplicity, invisibility, and efficiency. Crooks simply place SOLO ransomware in macros of Word files, which are added to emails, that look like job applications, bills, complaints, court orders, hospital records, reports from bank and etc. Such hacker emails are very plain and short and always try pushing the user to open the attachment for more relevant information.

Once the malevolent document is downloaded and opened, the user is asked to enable the Macros manually in order to see the inside content. This is when the infection happens and after giving the consent, SOLO ransomware starts its background processes to compromise the PC. Because macros are legitimate programs, and not some MS Word exploit, it is undetectable by antivirus prior and can even get into various corporation computers, which have sophisticated protection.

How to remove SOLO ransomware and restore the files

Ransomware viruses damage is one of the hardest to fix because despite removing the threat, the negative consequences will stay. That means that no matter if you will delete SOLO virus, files will stay locked. But before you rush into paying, don’t just do it yet and better try our solution suggestions, which have helped quite a few people. Therefore, let’s get to the first part – termination of SOLO ransomware.

Getting rid of SOLO virus is a crucial first step, which cannot be skipped for the following file recovery. If you will try restoring the data while the ransomware is still in the PC, then we can guarantee that you will not succeed, and possibly double lock the files. That is why clean Windows are really important for the base of the success. In order to achieve it, we suggest getting Spyhunter malware removal tools, that are irreplaceable when it comes to wiping out all the cyber threats. Simply run a scan with either anti-spyware program and they will take care of the rest.

Once the compromised system is clean, you can begin encrypted file restore. At the moment there isn’t an official decryptor tool for SOLO ransomware, but there are some other methods that might help you to access your data. In the instructions, that are below this article, you will find a recovery guide from Shadow Copies and with the help of file recovery programs. If these methods do not seem to work, simply keep .SOLO locked files stored in your PC, and keep an eye on the Nomoreransom.org project to see when the decrypter will be released.

Automatic Malware removal tools

Download Spyhunter for Malware detection
(Win)

Note: Spyhunter trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions,

Download Combo Cleaner for Malware detection
(Mac)

Note: Combo Cleaner trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions, Refund Policy ,

How to clean the system from SOLO virus manually

SOLO ransomware can be successfully removed manually, yet this means that if you do not have the backed up files, you will end up not only deleting the virus but all precious data as well. If you have been a responsible computer owner or have automatic backups, you can follow the recovery guide below, and if you don’t care about the files being deleted, please, check the System Restore, to start your Windows fresh. On the other hand, if you doubt your technical skills, it is always a good idea, to proceed with the automatic removal tools.


How to recover SOLO Ransomware encrypted files and remove the virus

Step 1. Restore system into last known good state using system restore

1. Reboot your computer to Safe Mode with Command Prompt:


for Windows 7 / Vista/ XP
  • Start Shutdown RestartOK.
  • Press F8 key repeatedly until Advanced Boot Options window appears.
  • Choose Safe Mode with Command Prompt. Windows 7 enter safe mode

for Windows 8 / 10
  • Press Power at Windows login screen. Then press and hold Shift key and click Restart. Windows 8-10 restart to safe mode
  • Choose TroubleshootAdvanced OptionsStartup Settings and click Restart.
  • When it loads, select Enable Safe Mode with Command Prompt from the list of Startup Settings. Windows 8-10 enter safe mode
 

2.Restore System files and settings.

  • When Command Prompt mode loads, enter cd restore and press Enter.
  • Then enter rstrui.exe and press Enter again.CMD commands
  • Click “Next” in the windows that appeared. Restore point img1
  • Select one of the Restore Points that are available before SOLO Ransomware has infiltrated to your system and then click “Next”. Restore point img2
  • To start System restore click “Yes”. Restore point img3
 

Step 2. Complete removal of SOLO Ransomware

After restoring your system, it is recommended to scan your computer with an anti-malware program, like Spyhunter and remove all malicious files related to SOLO Ransomware. You can check other tools here.  

Step 3. Restore SOLO Ransomware affected files using Shadow Volume Copies

If you do not use System Restore option on your operating system, there is a chance to use shadow copy snapshots. They store copies of your files that point of time when the system restore snapshot was created. Usually SOLO Ransomware tries to delete all possible Shadow Volume Copies, so this methods may not work on all computers. However, it may fail to do so. Shadow Volume Copies are only available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8. There are two ways to retrieve your files via Shadow Volume Copy. You can do it using native Windows Previous Versions or via Shadow Explorer. a) Native Windows Previous Versions Right-click on an encrypted file and select PropertiesPrevious versions tab. Now you will see all available copies of that particular file and the time when it was stored in a Shadow Volume Copy. Choose the version of the file you want to retrieve and click Copy if you want to save it to some directory of your own, or Restore if you want to replace existing, encrypted file. If you want to see the content of file first, just click Open.
Previous version
b) Shadow Explorer It is a program that can be found online for free. You can download either a full or a portable version of Shadow Explorer. Open the program. On the left top corner select the drive where the file you are looking for is a stored. You will see all folders on that drive. To retrieve a whole folder, right-click on it and select “Export”. Then choose where you want it to be stored.
Shadow explorer

Step 4. Use Data Recovery programs to recover SOLO Ransomware encrypted files

There are several data recovery programs that might recover encrypted files as well. This does not work in all cases but you can try this:
  • We suggest using another PC and connect the infected hard drive as slave. It is still possible to do this on infected PC though.
  • Download a data recovery program.
  • Install and scan for recently deleted files. Data Recovery Pro
Note: In many cases it is impossible to restore data files affected by modern ransomware. Thus I recommend using decent cloud backup software as precaution. We recommend checking out Carbonite, BackBlaze, CrashPlan or Mozy Home.
Leave a Reply

Your email address will not be published. Required fields are marked *