How to remove DeathShadow Ransomware and decrypt .death_of_shadow files

What is DeathShadow Ransomware

DeathShadow ransomware is a ransomware that encrypts user data using a multi-stage algorithm, namely AES+RSA. Almost immediately after penetrating the PC (this may be the result of an unprotected network, lack of adequate anti-virus software, and so on) DeathShadow ransomware makes files unusable. Moreover, this affects the most significant files for the user, including .jpg, .png, .doc(x), .xls, .rar and so on. Of course, cybercriminals know “where to hit”, because few can easily delete all their data by reinstalling the OS. And this is the main lead for scammers.

remove DeathShadow ransomware

There is no reliable and accurate information about the genealogical relationship. It is only known that the cryptovirus can be spread under different names, for example, DeathOfShadow, Death_Shadow, and Malakot. Cryptovirus activity was recorded in mid-August this year and, in just a few days, it has spread to almost all countries. In addition to the encryption itself, DeathShadow ransomware changes the extension of the attacked files to .Death_Of_Shadow, which makes them completely “dead”. The virus creates a text document called (Malakot@protonmail.com).txt, which contains a message from cybercriminals. Here it is:

decrypt .DeathShadow files

All Your File Have Been Encrypted!
For Decrypt Your Files Send Msg In Malakot@protonmail.com
Do not close the program or restart the computer,Otherwise the files will not be decrypted!
Do not try to decrypt the files in any way as it will damage the file and make it unopenable!
Do not rename files in any way and do not edit them
If an email is sent within the next 24 hours, the amount received will be doubled
If you do not receive an email within the next 48 hours, your files will not be returned
You can send a file for decrypting that should not contain important formats such as databases or documents and the file size should eventually be 10 MB
Death Of Shadow Encryptor By Malakot!

The attackers did not indicate the exact amount required to pay the ransom. They only offer to contact them at LLL’s address to find out how much to pay in order to get the data back. Also, they indicate that the ransom amount will be doubled one day after encryption, and after 2 days the data will be lost without a trace. Of course, this is just an attempt to intimidate the user. Moreover, there is no guarantee that the data will be returned, even if the ransom is paid in full. That is why we do not recommend that you take rash actions. No need to pay. You can check out our recommendations below to remove DeathShadow ransomware and decrypt .Death_Of_Shadow files.

Well, there are 2 options for solving this problem. The first is to use an automatic removal utility that will remove the threat and all instances related to it. Moreover, it will save you time. Or you can use the Manual Removal Guide, but you should know that it might be very difficult to remove DeathShadow ransomware manually without a specialist’s help.

If for any reason you need to recover deleted or lost files, then check out our article Top 5 Deleted File Recovery Software

DeathShadow Removal Guide

Warning alert
Remember that you need to remove DeathShadow Ransomware first and foremost to prevent further encryption of your files before the state of your data becomes totally useless. And only after that, you can start recovering your files. Removal must be performed according to the following steps:

  1. Download DeathShadow Removal Tool.
  2. Remove DeathShadow from Windows (7, 8, 8.1, Vista, XP, 10) or Mac OS (Run system in Safe Mode).
  3. Restore .DeathShadow files
  4. How to protect PC from future infections.

How to remove DeathShadow ransomware automatically:

Get Malwarebytes

Malwarebytes antivirus may help you to get rid of this virus and clean up your system. In case you need a proper and reliable antivirus, we recommend you to try it.

If you’re Mac user – use this.

Manual DeathShadow Removal Guide

Here are step-by-step instructions to remove DeathShadow from Windows and Mac computers. Follow these steps carefully and remove files and folders belonging to DeathShadow. First of all, you need to run the system in a Safe Mode. Then find and remove needed files and folders.

Uninstall DeathShadow from Windows or Mac

Here you may find the list of confirmed related to the ransomware files and registry keys. You should delete them in order to remove virus, however it would be easier to do it with our automatic removal tool. The list:

DeathShadow.dll
_readme.txt
readme.txt

Windows 7/Vista:

  1. Restart the computer;
  2. Press Settings button;
  3. Choose Safe Mode;
  4. Find programs or files potentially related to DeathShadow by using Removal Tool;
  5. Delete found files;

Windows 8/8.1:

  1. Restart the computer;
  2. Press Settings button;
  3. Choose Safe Mode;
  4. Find programs or files potentially related to DeathShadow by using Removal Tool;
  5. Delete found files;

Windows 10:

  1. Restart the computer;
  2. Press Settings button;
  3. Choose Safe Mode;
  4. Find programs or files potentially related to DeathShadow by using Removal Tool;
  5. Delete found files;

Windows XP:

  1. Restart the computer;
  2. Press Settings button;
  3. Choose Safe Mode;
  4. Find programs or files potentially related to DeathShadow by using Removal Tool;
  5. Delete found files;

Mac OS:

  1. Restart the computer;
  2. Press and Hold Shift button, before system will be loaded;
  3. Release Shift button, when Apple logo appears;
  4. Find programs or files potentially related to DeathShadow by using Removal Tool;
  5. Delete found files;

How to restore encrypted files

You can try to restore your files with special tools. You may find more detailed info on data recovery software in this article – recovery software. These programs may help you to restore files that were infected and encrypted by ransomware.

Restore data with Stellar Data Recovery

Stellar Data Recovery is able to find and restore different types of encrypted files, including removed emails.

  1. Download and install Stellar Data Recovery
  2. Choose drives and folders with your data, then press Scan.
  3. Select all the files in a folder, then click on Restore button.
  4. Manage export location. That’s it!
Download Stellar Data Recovery

 

Restore encrypted files using Recuva

There is an alternative program, that may help you to recover files – Recuva.

  1. Run the Recuva;
  2. Follow instructions and wait until scan process ends;
  3. Find needed files, DeathShadow them and Press Recover button;

How to prevent ransomware infection?

It is always rewarding to prevent ransomware infection because of the consequences it may bring. There are a lot of difficulties in resolving issues with encoders viruses, that’s why it is very vital to keep a proper and reliable anti-ransomware software on your computer. In case you don’t have any, here you may find some of the best offers in order to protect your PC from disastrous viruses.

Malwarebytes

Get Malwarebytes

Malwarebytes is a reliable antivirus application, that is able to protect your PC and prevent the infection from the start. The program is designed to be user-friendly and multi-functional.

Leave a Reply

Your email address will not be published. Required fields are marked *