What is Arrow Ransomware?
Arrow Ransomware is a new version of infamous Dharma Ransomware which has already affected many users around the world. As a previous one, Arrow Ransomware encrypts users’ personal files using both AES and RSA ciphers and appends .[email@example.com].arrow extension to all infected files. The extension may vary, depending on the version: .id-[random-characters].[firstname.lastname@example.org].arrow, [email@example.com].arrow. After encryption, virus places 2 files on the desktop and each folder with affected files (FILES ENCRYPTED.TXT and Info.hta):
All your files have been encrypted!
All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail firstname.lastname@example.org
Write this ID in the title of your message B8F053EC
In case of no answer in 24 hours write us to theese e-mails:email@example.com
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files.
Free decryption as guarantee
Before paying you can send us up to 5 files for free decryption. The total size of files must be less than 10Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)
How to obtain Bitcoins
The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.
Also you can find other places to buy Bitcoins and beginners guide here:
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.
At the time of writing, amount of ransom is 0.1 BitCoin (~$1000). However, we urge you not to contact them as it’s fraught with money loss. The thing is that malefactors often disappear once money is transferred. To complicate matters further, Arrow Ransomware also deletes all shadow copies of files which are necessary for data restore. But, don’t despair, the virus doesn’t delete your files which means you have a good chance to get them back especially since there are free decryptors for some variants of Dharma. First, you need to remove Arrow Ransomware and then use one of the decryption tools. Here you’ll find a detailed instruction which, hopefully, will help you.
How Arrow ransomware gets on your PC?
This type of virus can be infiltrated through several methods, including a freeware software, spam messages, trojans, software from dangerous sources, etc. A process of installation can start hidden and automatically. Besides that, some malware programs can mark Arrow Ransomware as a trusted software program.
What to do if your PC is infected with Arrow ransomware
As soon as you notice the presence of the ransomware on your system, you should turn your computer off. If it is possible to try to create a backup or image of your hard drive info. This may let you reserve the state of your drives in case a decryption method would be created afterward.
How to remove Arrow ransomware?
To make sure that the ransomware won’t reappear, you need to delete Arrow ransomware completely. For this you need to remove the files and registry entries of the ransomware. We should warn you that performing some of the steps may require above-average skills, so if you don’t feel experienced enough, you may apply to automatic removal tool.
Performing an antimalware scan with SpyHunter Removal Tool would automatically search out and delete all elements related to Arrow ransomware. It is not only the easiest way to eliminate Arrow ransomware but also the safest and the most assuring one.
How to decrypt and restore .[firstname.lastname@example.org].arrow files
Restore files with an automatic tool
There is a possible way to decrypt .arrow files with Data Recovery Pro that would help you recover your files in the absence of required decryptor.
- Download Data Recovery Pro and launch it
- Select the drive you want to recover and click START SCAN
- After scanning is finished, you are presented with a list of recoverable files found.
- Select the required files and click the Recover
Nevertheless there are no other tools able to restore and decrypt .[email@example.com].arrow files, you may try applying to the manual methods described below, however, they might not work with the latest versions of Arrow ransomware.
Restore the system
- Initiate the search for system restore
- Click on the result
- Choose the date before the infection appearance
- Follow the on-screen instructions
Roll the files back to the previous version
- Right-click the file and choose Properties
- Open the Previous Version tab
- Select the latest version and click Copy
- Click Restore
Decrypt .[firstname.lastname@example.org].arrow files using decryptor
You also may try to use free decryption tool that was created especially for Dharma Ransomware.
Decrypt files using our decryption service
You may try using our own service for decrypting files compromised by ransomware-type viruses. The analysis of data takes 3-5 days, after which, we will let you know whether it’s decryptable or not. Note: the service is paid, payment is charged only for decryption, the analysis is free. In order to use our service, you should fill out the form listed below.
Also, please add a log file, created on your PC:
- Click “Start” and type: “cmd.exe” in the search box
- Right-click “cmd.exe” and select “Run as administrator“
- In command line, type or copy/paste following: dir C:\ /a/s > “%userprofile%\dirc.log”
- Find and attach the created “%userprofile%\dirc.log” file to the web form
Please attach encrypted text files according to the following conditions:
- number of files should not exceed 4;
- file size is not more than 8 megabytes;
- files must be from different folders;
- files must be unique.
How to prevent ransomware infection
To get avoid infection with such viruses as ransomware, we advise you to use Dr.Web. Dr.Web is a powerful antimalware software that can quickly detect and remove Scarab-Rebus Ransomware with all vicious components left among system files and registry entries to make sure that it is completely gone. Dr.Web also has a feature (HTTP monitor), allowing to block access to dangerous sites in a real-time thus preventing you from being infected in the future. Just launch the scan and Dr.Web will take care of the rest.