How to remove Arrow Ransomware and decrypt .[marat20@cock.li].arrow files

5/5 (3)

What is Arrow Ransomware?

Arrow Ransomware is a new version of infamous Dharma Ransomware which has already affected many users around the world. As a previous one, Arrow Ransomware encrypts users’ personal files using both AES and RSA ciphers and appends .[marat20@cock.li].arrow extension to all infected files. The extension may vary, depending on the version: .id-[random-characters].[vauvau@cock.li].arrow, [badfail@qq.com].arrow. After encryption, virus places 2 files on the desktop and each folder with affected files (FILES ENCRYPTED.TXT and Info.hta):


All your files have been encrypted!
All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail sabantui@tutanota.com
Write this ID in the title of your message B8F053EC
In case of no answer in 24 hours write us to theese e-mails:udacha@cock.li
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files.
Free decryption as guarantee
Before paying you can send us up to 5 files for free decryption. The total size of files must be less than 10Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)
How to obtain Bitcoins
The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.
https://localbitcoins.com/buy_bitcoins
Also you can find other places to buy Bitcoins and beginners guide here:
http://www.coindesk.com/information/how-can-i-buy-bitcoins/
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.

At the time of writing, amount of ransom is 0.1 BitCoin (~$1000). However, we urge you not to contact them as it’s fraught with money loss. The thing is that malefactors often disappear once money is transferred. To complicate matters further, Arrow Ransomware also deletes all shadow copies of files which are necessary for data restore. But, don’t despair, the virus doesn’t delete your files which means you have a good chance to get them back especially since there are free decryptors for some variants of Dharma. First, you need to remove Arrow Ransomware and then use one of the decryption tools. Here you’ll find a detailed instruction which, hopefully, will help you.

Arrow ransomware

How Arrow ransomware gets on your PC?

This type of virus can be infiltrated through several methods, including a freeware software, spam messages, trojans, software from dangerous sources, etc. A process of installation can start hidden and automatically. Besides that, some malware programs can mark Arrow Ransomware as a trusted software program.

What to do if your PC is infected with Arrow ransomware

As soon as you notice the presence of the ransomware on your system, you should turn your computer off. If it is possible to try to create a backup or image of your hard drive info. This may let you to reserve the state of your drives in case a decryption method would be created afterward.

How to remove Arrow ransomware?

To make sure that the adware won’t reappear, you need to delete Arrow ransomware completely. For this you need to remove the files and registry entries of the ransomware. We should warn you that performing some of the steps may require above-average skills, so if you don’t feel experienced enough, you may apply to automatic removal tool.

Download Removal Tool

Performing an antimalware scan with SpyHunter Removal Tool would automatically search out and delete all elements related to Arrow ransomware. It is not only the easiest way to eliminate Arrow ransomware but also the safest and the most assuring one.

Steps of Arrow ransomware manual removal

Restart Windows in Safe Mode

For Windows XP:

  1. Restart the system
  2. While computer is rebooting press F8 several times
  3. In the appeared list of options choose Safe Mode

For Windows 7 and Vista:

  1. Restart the system
  2. While computer is rebooting press F8 several times
  3. In the appeared list of options choose Safe Mode

For Windows 8 and 8.1:

  1. Restart the system
  2. While computer is rebooting press F8 several times
  3. In the appeared list of options choose Safe Mode

For Windows 10:

  1. In the Start menu click on the power button
  2. Hold Shift and choose Restart
  3. Choose Troubleshoot
  4. In the Advanced Options choose Startup Settings
  5. Click Restart
  6. Select Enter Safe Mode

How to decrypt and restore .[marat20@cock.li].arrow files

Changing extensions manually

You may try to change file extension manually. After a changing of suffixes a file usually change icon, depending on type, and becomes readable.

Restore files with an automatic tool

For those types of ransomware viruses that rather remove files than encrypt them we would suggest using Recuva program.
recuva tool

  1. Download Recuva tool and launch it
  2. Within the on-screen wizard choose the type of the files you want to recover
  3. Choose the location of the files
  4. Wait until the application finishes scanning
  5. Select the required files and click the Recover button

Nevertheless there are no other tools able to restore and decrypt .[marat20@cock.li].arrow files, you may try applying to the manual methods described below, however, they might not work with the latest versions of Arrow ransomware.

Restore the system

  1. Initiate the search for system restore
  2. Click on the result
  3. Choose the date before the infection appearance
  4. Follow the on-screen instructions

Roll the files back to the previous version

  1. Right-click the file and choose Properties
  2. Open the Previous Version tab
  3. Select the latest version and click Copy
  4. Click Restore

Decrypt .[marat20@cock.li].arrow files using decryptor

You also may try to use free decryption tool that was created especially for Dharma Ransomware.

Free decryptor for Dharma And Arrow

If the above-mentioned methods didn’t help in eliminating the threat, then it’s better to rely on an automatic way of deleting Arrow ransomware.

Download Removal Tool

We also recommend to download and use SpyHunter to scan the system after Arrow ransomware removal to make sure that it is completely gone. The antimalware application will detect any vicious components left among system files and registry entries that can recover Arrow ransomware.

Leave a Reply

Your email address will not be published. Required fields are marked *