How to remove CAGO Ransomware and decrypt .CAGO files

How to remove CAGO Ransomware and decrypt .CAGO files

Table of Contents

What is CAGO ransomware

CAGO is a new version of dangerous crypto-virus WDM, that is created with the purpose of blackmailing people. The virus is trying to infiltrate victim’s system with the help of trojans, botnets, exploits and infected spam emails attachments. When the virus successfully infiltrates user’s computer, it will immediately run its malicious processes and start the encryption procedure. It will use AES encryption algorithm to encipher all victim’s data, so that these files can not be used or accessed until they are decrypted. The decryption key may unlock all the data and that is exactly why cyber criminals will offer their deal – money in exchange for decryption key. The cost of decryption may be terrifically huge. If you got this virus on your computer, you may use our tutorial in order to remove CAGO ransomware and decrypt .CAGO files.

remove CAGO ransomware

Once all of victim’s personal data is encoded, it becomes inaccessible. These encrypted files can’t be used anymore until they are decoded. CAGO ransomware adds .CAGO extension to the name of all the encrypted files. When all the data is encrypted, the ransomware will drop HOW TO DECRYPT FILES.txt and HOW TO DECRYPT FILES.hta files with criminals’ demands. Here is HOW TO DECRYPT FILES.txt ransom note:

remove CAGO ransomware

Hello, dear friend.
All your files are encrypted with a unique key.
Are you sure you want to recover all your files ?
Write us an email: popstop@foxmail.com
Enter your unique ID in the message: ***

And HOW TO DECRYPT FILES.hta note:

All your files have been encrypted!
All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail popstop@foxmail.com
Write this ID in the title of your message ***
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files.
How to obtain Bitcoins
The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click ‘Buy bitcoins’, and select the seller by payment method and price.
https://localbitcoins.com/buy_bitcoins
Also you can find other places to buy Bitcoins and beginners guide here:
http://www.coindesk.com/information/how-can-i-buy-bitcoins/
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.

There are two solutions of this problem. First is to use special Removal Tool. Removal Tools delete all instances of malware by few clicks and help user to save time. Or you can use Manual Removal Guide, but you should know that it might be very difficult to remove CAGO ransomware manually without specialist’s help.

CAGO Removal Guide

  1. Download CAGO Removal Tool.
  2. Remove CAGO from Windows (7, 8, 8.1, Vista, XP, 10) or Mac OS (Run system in Safe Mode).
  3. How to restore files
  4. How to protect PC from future infections.

How to remove CAGO ransomware automatically:

NORTON3
Orientation: 1

Download Norton Security Thor Home may help you to get rid of this virus and clean up your system. In case you need a proper and reliable antivirus, we recommend you to try it.

Windows compatible

Manual CAGO Removal Guide

Here is step-by-step instructions to remove CAGO from Windows and Mac computers. Follow this steps carefully and remove files and folders belonging to CAGO. First of all, you need to run system in a Safe Mode. Then find and remove needed files and folders.

Uninstall CAGO from Windows or Mac

Here you may find the list of confirmed related to the ransomware files and registry keys. You should delete them in order to remove virus, however it would be easier to do it with our automatic removal tool. The list:

HOW TO DECRYPT FILES.txt
HOW TO DECRYPT FILES.hta
wdm.exe (setup.exe)
FileCryptor.pdb

Windows 7/Vista:

  1. Restart the computer;
  2. Press Settings button;
  3. Choose Safe Mode;
  4. Find programs or files potentially related to CAGO by using Removal Tool;
  5. Delete found files;

Windows 8/8.1:

  1. Restart the computer;
  2. Press Settings button;
  3. Choose Safe Mode;
  4. Find programs or files potentially related to CAGO by using Removal Tool;
  5. Delete found files;

Windows 10:

  1. Restart the computer;
  2. Press Settings button;
  3. Choose Safe Mode;
  4. Find programs or files potentially related to CAGO by using Removal Tool;
  5. Delete found files;

Windows XP:

  1. Restart the computer;
  2. Press Settings button;
  3. Choose Safe Mode;
  4. Find programs or files potentially related to CAGO by using Removal Tool;
  5. Delete found files;

Mac OS:

  1. Restart the computer;
  2. Press and Hold Shift button, before system will be loaded;
  3. Release Shift button, when Apple logo appears;
  4. Find programs or files potentially related to CAGO by using Removal Tool;
  5. Delete found files;

How to restore encrypted files

You can try to restore your files with special tools. You may find more detailed info on data recovery software in this article – recovery software. These programs may help you to restore files that were infected and encrypted by ransomware.

Restore data with Stellar Data Recovery

Stellar Data Recovery is able to find and restore different types of encrypted files, including removed emails.

  1. Download and install Stellar Data Recovery
  2. Choose drives and folders with your data, then press Scan.
  3. Select all the files in a folder, then click on Restore button.
  4. Manage export location. That’s it!

Download Stellar Data Recovery


Restore encrypted files using Recuva

There is an alternative program, that may help you to recover files – Recuva.

  1. Run the Recuva;
  2. Follow instructions and wait until scan process ends;
  3. Find needed files, mark them and Press Recover button;

How to prevent ransomware infection?

It is always rewarding to prevent ransomware infection because of the consequences it may bring. There are a lot of difficulties in resolving issues with encoders viruses, that’s why it is very vital to keep a proper and reliable anti-ransomware software on your computer. In case you don’t have any, here you may find some of the best offers in order to protect your PC from disastrous viruses.

Malwarebytes

NORTON3
Orientation: 1

Download Norton Security
SpyHunter is a reliable antimalware removal tool application, that is able to protect your PC and prevent the infection from the start. The program is designed to be user-friendly and multi-functional. user-friendly and multi-functional.

Leave a Reply

Your email address will not be published. Required fields are marked *