TastyLock ransomware - How to remove

TastyLock ransomware virus belongs to a big family of crypto-malware infections called CryptoMix. Released on January of 2017, CryptoMix virus had frequently resurfaced, but carried a different name. For instance, one of the oldest versions is CryptoShield which was released in February. One of the newest samples has been dubbed as WORK ransomware and its detection dates back to December of 2017. However, TastyLock virus is the freshest version of CryptoMix, having been found on 28th of December.

TastyLock ransomware virus is the newest version of CryptoMix

Mostly all of the visual components of 0000 malware are also included into the TastyLock virus. It only has a few slight differences, the main being the extension (appended to the encrypted data) of .tastylock. Also, the email address to contact is [email protected].

The payload of this TastyLock Ransomware has been analyzed. A file called 1tasty.exe is detected as malicious by many of the anti-malware tools. For instance, the labels shown could be indicating such infections like Mole (as this is also another variant of CryptoMix). The TastyLock virus proceeds very similarly to older versions.

It deletes volume snapshots, disables startup repair, tries to disable the Windows Firewall and does other malicious acts. The strategy of file-encryption remains the same as in other discussed variants.

The creators of this TastyLock virus have mentioned a few ground rules in their ransom note called _HELP_INSTRUCTION.txt. Victims are urged not to exploit other software programs to fix the issues in their computer. This refers to the possibility of decrypting files with third-party tools for file-recovery. Researchers do not mention a guaranteed solution, but the next paragraph will discuss a few possibilities that might restore some of your data.

Is it possible to decrypt files that have .tastylock extension?

For now, our security team has not found a decrypter software for this infection. However, it is not unheard of that certain ransomware infections become decryptable soon after their detection. Until then, please do not pay the demanded ransoms. For the most part, these fees are very steep and some victims could end up spending their last savings. Worst of all, hackers might disappear after receiving the payment and leave victims stranded.

At the end of this article, there are recommendations for the recovery of files, encrypted by TastyLock virus. We have also found some specialists that will Help you battle any of the CryptoMix variants. Therefore, try not to panic and contact reliable researchers for help before your money ends up in hackers’ wallets.

How shall the TastyLock ransomware be completely defeated?

Before trying to restore your files, it is important the malicious software would be eliminated from your operating system. If not, some variants can re-encrypt files. It would be best to use an appropriate security program and trust it with the elimination of TastyLock ransomware. If you want to have a properly-protected computer device, we would suggest having an anti-malware tool at all times. For instance, we recommend trying Spyhunter which will guarantee a safe browsing experience.

Lastly, we should also discuss the main techniques of ransomware distribution. It is known that these type of viruses can be transmitted through malicious email letter (malspam). Such messages usually include some important, urgent or tempting texts. They should contain file attachments or insist that you would click on a link.

Both of these actions can definitely infect you with malware. This technique is most frequently exploited for the transmission of ransomware infections and Trojans. If you are worried about your cyber security, we would recommend keeping your email address private. Furthermore, you should check whether your email account has been included in any data leakages: click this link This link to do so.

How to recover TastyLock ransomware encrypted files and remove the virus

Step 1. Restore system into last known good state using system restore

1. Reboot your computer to Safe Mode with Command Prompt:

for Windows 7 / Vista/ XP

• Start → Shutdown → Restart → OK.
• Press F8 key repeatedly until Advanced Boot Options window appears.
• Choose Safe Mode with Command Prompt.

for Windows 8 / 10

• Press Power at Windows login screen. Then press and hold Shift key and click Restart.
• Choose Troubleshoot → Advanced Options → Startup Settings and click Restart.
• When it loads, select Enable Safe Mode with Command Prompt from the list of Startup Settings.

 

2.Restore System files and settings.

• When Command Prompt mode loads, enter cd restore and press Enter.
• Then enter rstrui.exe and press Enter again.
• Click “Next” in the windows that appeared.
• Select one of the Restore Points that are available before TastyLock ransomware has infiltrated to your system and then click “Next”.
• To start System restore click “Yes”.

 

Step 2. Complete removal of TastyLock ransomware

After restoring your system, it is recommended to scan your computer with an anti-malware program, like Spyhunter and remove all malicious files related to TastyLock ransomware. You can check other tools here.  

Step 3. Restore TastyLock ransomware affected files using Shadow Volume Copies

If you do not use System Restore option on your operating system, there is a chance to use shadow copy snapshots. They store copies of your files that point of time when the system restore snapshot was created. Usually TastyLock ransomware tries to delete all possible Shadow Volume Copies, so this methods may not work on all computers. However, it may fail to do so. Shadow Volume Copies are only available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8. There are two ways to retrieve your files via Shadow Volume Copy. You can do it using native Windows Previous Versions or via Shadow Explorer. a) Native Windows Previous Versions Right-click on an encrypted file and select Properties → Previous versions tab. Now you will see all available copies of that particular file and the time when it was stored in a Shadow Volume Copy. Choose the version of the file you want to retrieve and click Copy if you want to save it to some directory of your own, or Restore if you want to replace existing, encrypted file. If you want to see the content of file first, just click Open.

b) Shadow Explorer It is a program that can be found online for free. You can download either a full or a portable version of Shadow Explorer. Open the program. On the left top corner select the drive where the file you are looking for is a stored. You will see all folders on that drive. To retrieve a whole folder, right-click on it and select “Export”. Then choose where you want it to be stored.

Step 4. Use Data Recovery programs to recover TastyLock ransomware encrypted files

There are several data recovery programs that might recover encrypted files as well. This does not work in all cases but you can try this:

• We suggest using another PC and connect the infected hard drive as slave. It is still possible to do this on infected PC though.
• Download a data recovery program.
• Install and scan for recently deleted files.

Note: In many cases it is impossible to restore data files affected by modern ransomware. Thus I recommend using decent cloud backup software as precaution. We recommend checking out Carbonite, BackBlaze, CrashPlan or Mozy Home.