What is Ryuk ransomware
Ryuk ransomware is a crypto-virus, that is developed by Lazarus Group. This group is notorious for their ransomware distribution, they are mainly targeting corporations that are able to pay huge ransom for decryption of their spoiled data. The ransom cost may be from 15 (100’620$) to 50 BTC (335’500$)! A common user may also be the target of Ryuk ransomware attack, that is why this is essential to have a proper anti-virus. If your computer is infected, learn how to remove Ryuk ransomware and decrypt infected files in this guide.
The way this ransomware works is quite simple – first of all, Ryuk breaks through your system, then starts encrypting procedure with RSA-4096 and AES-256 encryption algorithms. Ryuk ransomware do not add any extensions. Once all the data is encrypted, the ransomware may drop 2 different versions of RyukReadMe.txt ransom note, the first one, judging by its content, is targeting common PC users and small businesses:
All files on each host in the network have been encrypted with a strong algorithm.
Backups were either encrypted or deleted or backup disks were formatted.
Shadow copies also removed, so F8 or any other methods may damage encrypted data but not recover.
We exclusively have decryption software for your situation
No decryption software is available in the public.
DO NOT RESET OR SHUTDOWN – files may be damaged.
DO NOT RENAME OR MOVE the encrypted and readme files.
DO NOT DELETE readme files.
This may lead to the impossibility of recovery of the certain files.
To get info (decrypt your files) contact us at
MelisaPeterman@protonmail.com
or
MelisaPeterman@tutanota.com
BTC wallet:
14hVKm7Ft2rxDBFTNkkRC3kGstMGp2A4hk
Ryuk
No system is safe
The second version of RyukReadMe.txt ransom note is obviously aiming at bigger businesses, where the stakes are higher:
Gentlemen!
Your business is at serious risk.
There is a significant hole in the security system of your company.
We’ve easily penetrated your network.
You should thank the Lord for being hacked by serious people not some stupid schoolboys or dangerous punks.
They can damage all your important data just for fun.
Now your files are crypted with the strongest millitary algorithms RSA4096 and AES-256.
No one can help you to restore files without our special decoder.
Photorec, RannohDecryptor etc. repair tools are useless and can destroy your files irreversibly.
If you want to restore your files write to emails (contacts are at the bottom of the sheet) and attach 2-3 encrypted files
(Less than 5 Mb each, non-archived and your files should not contain valuable information
(Databases, backups, large excel sheets, etc.)).
You will receive decrypted samples and our conditions how to get the decoder.
Please don’t forget to write the name of your company in the subject of your e-mail.
You have to pay for decryption in Bitcoins.
The final price depends on how fast you write to us.
Every day of delay will cost you additional +0.5 BTC
Nothing personal just business
As soon as we get bitcoins you’ll get all your decrypted data back.
Moreover you will get instructions how to close the hole in security and how to avoid such problems in the future
+ we will recommend you special software that makes the most problems to hackers.
Attention! One more time !
Do not rename encrypted files.
Do not try to decrypt your data using third party software.
P.S. Remember, we are not scammers.
We don’t need your files and your information.
But after 2 weeks all your files and keys will be deleted automatically.
Just send a request immediately after infection.
All data will be restored absolutely.
Your warranty – decrypted samples.
contact emails
eliasmarco@tutanota.com
or
CamdenScott@protonmail.com
BTC wallet:
15RLWdVnY5n1n7mTvU1zjg67wt86dhYqNj
No system is safe
There are two solutions of this problem. First is to use special Removal Tool. Removal Tools delete all instances of malware by few clicks and help user to save time. Or you can use Manual Removal Guide, but you should know that it might be very difficult to remove Ryuk ransomware manually without specialist’s help.
Ryuk Removal Guide
- Download Ryuk Removal Tool.
- Remove Ryuk from Windows (7, 8, 8.1, Vista, XP, 10) or Mac OS (Run system in Safe Mode).
- How to restore files
- How to protect PC from future infections.
How to remove Ryuk ransomware automatically:
This removal tool can help you to get rid of this nasty virus and clean up your system. In case you need a proper and reliable solution, we recommend you to download and try it. This anti-ransomware removal tool is able to detect and remove Ryuk ransomware from your system.
Manual Ryuk Removal Guide
Below is step-by-step instructions to remove Ryuk from Windows and Mac computers. Follow this steps carefully and remove files and folders belonging to Ryuk. First of all, you will need to run system in a Safe Mode. Then find and remove needed files and folders.
Uninstall Ryuk from Windows or Mac
Here you may find the list of confirmed related to the ransomware files. You should delete them in order to remove virus, however it would be easier to do it with our automatic removal tool. The list:
RyukReadMe.txt
UNIQUE_ID_DO_NOT_REMOVE
PUBLIC
window.bat
kIUAm.exe
Ryuk.exe
FmoAc.exe
fVHEQ.exe
Windows 7/Vista:
- Restart the computer;
- Press Settings button;
- Choose Safe Mode;
- Find programs or files potentially related to Ryuk by using Removal Tool;
- Delete found files;
Windows 8/8.1:
- Restart the computer;
- Press Settings button;
- Choose Safe Mode;
- Find programs or files potentially related to Ryuk by using Removal Tool;
- Delete found files;
Windows 10:
- Restart the computer;
- Press Settings button;
- Choose Safe Mode;
- Find programs or files potentially related to Ryuk by using Removal Tool;
- Delete found files;
Windows XP:
- Restart the computer;
- Press Settings button;
- Choose Safe Mode;
- Find programs or files potentially related to Ryuk by using Removal Tool;
- Delete found files;
Mac OS:
- Restart the computer;
- Press and Hold Shift button, before system will be loaded;
- Release Shift button, when Apple logo appears;
- Find programs or files potentially related to Ryuk by using Removal Tool;
- Delete found files;
How to restore encrypted files
If you can’t decrypt your files or just don’t want to use those instructions, you can try to restore your files with special tools. You may find these tools below in this section.
Restore data with Stellar Data Recovery
This program can restore the encrypted files, it is easy to use and very helpful.
- Download and install Stellar Data Recovery
- Choose drives and folders with your data, then press Scan.
- Select all the files in a folder, then click on Restore button.
- Manage export location. That’s it!
Restore encrypted files using Recuva
There is an alternative program, that may help you to recover files – Recuva.
- Run the Recuva;
- Follow instructions and wait until scan process ends;
- Find needed files, mark them and Press Recover button;
How to prevent ransomware infection?
It is always rewarding to prevent ransomware infection because of the consequences it may bring. There are a lot of difficulties in resolving issues with encoders viruses, that’s why it is very vital to keep a proper and reliable anti-ransomware software on your computer. In case you don’t have any, here you may find some of the best offers in order to protect your PC from disastrous viruses.
Malwarebytes
SpyHunter is a reliable antimalware removal tool application, that is able to protect your PC and prevent the infection from the start. The program is designed to be user-friendly and multi-functional.