What is Santa ransomware
Santa is a new ransomware, that was developed from an older ransomware virus named Dharma, which is actively spreading the infection at this time. It will encrypt all sensitive files (videos, photos, documents) and ask for ransom in order to recover them. The whole point of ransomware viruses is to get money from a victim. In case your computer is infected with this virus, do not worry, in this guide you may find out how to remove Santa ransomware and decrypt .santa files.
The way this ransomware works is quite simple – first of all, Santa breaks through your system, then starts encrypting procedure with AES/DES encryption algorithm. Santa ransomware adds .[newsantaclaus@aol.com].santa extension to the name of all the encrypted files. For example, sample.doc file turns into sample.[newsantaclaus@aol.com].santa file. Once all the data is encrypted, the ransomware will drop these two files: Info.hta and FILES ENCRYPTED.txt. You may find demands of cyber criminals in these files, here is Santa ransom note:
All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail newsantaclaus@aol.com
Write this ID in the title of your message 1C******
In case of no answer in 24 hours write us to theese e-mails: newsantaclaus@aol.com
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files.
There are two solutions of this problem. First is to use special Removal Tool. Removal Tools delete all instances of malware by few clicks and help user to save time. Or you can use Manual Removal Guide, but you should know that it might be very difficult to remove Santa ransomware manually without specialist’s help.
Santa Removal Guide
- Download Santa Removal Tool.
- Remove Santa from Windows (7, 8, 8.1, Vista, XP, 10) or Mac OS (Run system in Safe Mode).
- How to restore files
- How to protect PC from future infections.
How to remove Santa ransomware automatically:
Thor Home may help you to get rid of this virus and clean up your system. In case you need a proper and reliable antivirus, we recommend you to try it.
Manual Santa Removal Guide
Here is step-by-step instructions to remove Santa from Windows and Mac computers. Follow this steps carefully and remove files and folders belonging to Santa. First of all, you need to run system in a Safe Mode. Then find and remove needed files and folders.
Uninstall Santa from Windows or Mac
Here you may find the list of confirmed related to the ransomware files and registry keys. You should delete them in order to remove virus, however it would be easier to do it with our automatic removal tool. The list:
filename.exe
Skanda.exe
worm.exe
adobe.exe
processhacker-2.**-setup.exe
README.txt
FILES ENCRYPTED.txt
Info.hta
Windows 7/Vista:
- Restart the computer;
- Press Settings button;
- Choose Safe Mode;
- Find programs or files potentially related to Santa by using Removal Tool;
- Delete found files;
Windows 8/8.1:
- Restart the computer;
- Press Settings button;
- Choose Safe Mode;
- Find programs or files potentially related to Santa by using Removal Tool;
- Delete found files;
Windows 10:
- Restart the computer;
- Press Settings button;
- Choose Safe Mode;
- Find programs or files potentially related to Santa by using Removal Tool;
- Delete found files;
Windows XP:
- Restart the computer;
- Press Settings button;
- Choose Safe Mode;
- Find programs or files potentially related to Santa by using Removal Tool;
- Delete found files;
Mac OS:
- Restart the computer;
- Press and Hold Shift button, before system will be loaded;
- Release Shift button, when Apple logo appears;
- Find programs or files potentially related to Santa by using Removal Tool;
- Delete found files;
How to restore encrypted files
You can try to restore your files with special tools. You may find more detailed info on data recovery software in this article – recovery software. These programs may help you to restore files that were infected and encrypted by ransomware.
Restore data with Stellar Data Recovery
Stellar Data Recovery is able to find and restore different types of encrypted files, including removed emails.
- Download and install Stellar Data Recovery
- Choose drives and folders with your data, then press Scan.
- Select all the files in a folder, then click on Restore button.
- Manage export location. That’s it!
Restore encrypted files using Recuva
There is an alternative program, that may help you to recover files – Recuva.
- Run the Recuva;
- Follow instructions and wait until scan process ends;
- Find needed files, mark them and Press Recover button;
How to prevent ransomware infection?
It is always rewarding to prevent ransomware infection because of the consequences it may bring. There are a lot of difficulties in resolving issues with encoders viruses, that’s why it is very vital to keep a proper and reliable anti-ransomware software on your computer. In case you don’t have any, here you may find some of the best offers in order to protect your PC from disastrous viruses.
Malwarebytes
SpyHunter is a reliable antimalware removal tool application, that is able to protect your PC and prevent the infection from the start. The program is designed to be user-friendly and multi-functional.