How to remove Rontok Ransomware and decrypt .rontok files

What is Rontok ransomware

Rontok is a ransomware threat, that may put victim’s files in a big danger. Ransomware type of viruses are notorious for their disastrous consequences on personal data. Rontok is able to make all the personal files unavailable and inaccessible. As the encryption algorithms finish their work, victims will get two options: either pay cyber criminals, or bid farewell to their data. Still, there is another way, you may try to recover your files without paying cyber crooks. Use this guide to remove Rontok Ransomware and decrypt .rontok files.

Interesting fact – Rontok ransomware mostly attacks only Linux servers, however it may still pose threat to Windows users. One of the victims reported that a web server running Ubuntu was also attacked by Rontok. Here is an encoder workflow: first, it read the original files; then the virus deletes it; then creates the encrypted files, adding extension .rontok; finally the ransomware writes the encoded files. Here is an example of enciphered data:

When the encoding process is over, a victim will find out that the files can’t be opened anymore: work documents, any other texts, presentations, photos, videos, databases. Once all the data is encrypted, the ransomware will display a window with the ransom note:

Ops… Your file have been encrypted
And your database file have been encrypted too
UUID: d40bbe71aa5c763c9c87de**********
Click here to get decryption key
[Decryption Key]
[Decrypt]

The victim is required to go to the website borontok.uk and enter the received UUID:

Send 20 BTC to this address :
3P8nU1oLe23DtSuzFQMoVJdqcJA6xKnVJC
Your files and databases will be destroyed on 3 days.
Negotiate ? contact : info@borontok.uk
[d40bbe71aa5c763c9c87de **********]
Enter BTC TX ID if you already sent bitcoin…
[Check]

There are two solutions of this problem. First is to use special Removal Tool. Removal Tools delete all instances of malware by few clicks and help user to save time. Or you can use Manual Removal Guide, but you should know that it might be very difficult to remove Rontok ransomware manually without specialist’s help.

Rontok Removal Guide

1. Download Rontok Removal Tool.
2. Remove Rontok from Windows (7, 8, 8.1, Vista, XP, 10) or Mac OS (Run system in Safe Mode).
3. How to restore files
4. How to protect PC from future infections.

How to remove Rontok ransomware automatically:

Download Norton Security Thor Home may help you to get rid of this virus and clean up your system. In case you need a proper and reliable antivirus, we recommend you to try it.

Manual Rontok Removal Guide

Here is step-by-step instructions to remove Rontok from Windows and Mac computers. Follow this steps carefully and remove files and folders belonging to Rontok. First of all, you need to run system in a Safe Mode. Then find and remove needed files and folders.

Uninstall Rontok from Windows or Mac

Here you may find the list of confirmed related to the ransomware files and registry keys. You should delete them in order to remove virus, however it would be easier to do it with our automatic removal tool. The list:

a537326.exe
Rontok.exe
borontok.hta

Windows 7/Vista:

1. Restart the computer;
2. Press Settings button;
3. Choose Safe Mode;
4. Find programs or files potentially related to Rontok by using Removal Tool;
5. Delete found files;

Windows 8/8.1:

1. Restart the computer;
2. Press Settings button;
3. Choose Safe Mode;
4. Find programs or files potentially related to Rontok by using Removal Tool;
5. Delete found files;

Windows 10:

1. Restart the computer;
2. Press Settings button;
3. Choose Safe Mode;
4. Find programs or files potentially related to Rontok by using Removal Tool;
5. Delete found files;

Windows XP:

1. Restart the computer;
2. Press Settings button;
3. Choose Safe Mode;
4. Find programs or files potentially related to Rontok by using Removal Tool;
5. Delete found files;

Mac OS:

1. Restart the computer;
2. Press and Hold Shift button, before system will be loaded;
3. Release Shift button, when Apple logo appears;
4. Find programs or files potentially related to Rontok by using Removal Tool;
5. Delete found files;

How to restore encrypted files

You can try to restore your files with special tools. You may find more detailed info on data recovery software in this article – recovery software. These programs may help you to restore files that were infected and encrypted by ransomware.

Restore data with Stellar Data Recovery

Stellar Data Recovery is able to find and restore different types of encrypted files, including removed emails.

1. Download and install Stellar Data Recovery
2. Choose drives and folders with your data, then press Scan.
3. Select all the files in a folder, then click on Restore button.
4. Manage export location. That’s it!

Download Stellar Data Recovery

Restore encrypted files using Recuva

There is an alternative program, that may help you to recover files – Recuva.

1. Run the Recuva;
2. Follow instructions and wait until scan process ends;
3. Find needed files, mark them and Press Recover button;

How to prevent ransomware infection?

It is always rewarding to prevent ransomware infection because of the consequences it may bring. There are a lot of difficulties in resolving issues with encoders viruses, that’s why it is very vital to keep a proper and reliable anti-ransomware software on your computer. In case you don’t have any, here you may find some of the best offers in order to protect your PC from disastrous viruses.

Malwarebytes

Download Norton Security

SpyHunter is a reliable antimalware removal tool application, that is able to protect your PC and prevent the infection from the start. The program is designed to be user-friendly and multi-functional.