How to remove Horsia Ransomware and recover .horsia@airmail.cc files

5/5 (2)

What is Horsia Ransomware?

Horsia is a cryptovirus that belongs to the group of Scarab Ransomware family. After infiltration, it starts to encrypt all sensitive files on victim’s computer and then demands a ransom. All found files are encrypted with AES-256 cipher getting .horsia@airmail.cc extension. For example, “mydoc.doc” will turn into “mydoc.doc.horsia@airmail.cc”. We also want to note that in some cases the extension might be different. At the time of writing the article, there are known following cases: “.oblivion”, “.decryptsairmail.cc”, “.amnesia”, “.@decrypt_files2017”, “.xtbl”, “.scorpio”, “.scarab”, “.please”, “.[Jackie7@asia.com]”, “.decryptsairmail.cc”, “.crypto”, “.horsia@airmail.cc”, “saviours@airmail.cc”. At the end of encryption procedure, the virus creates TXT file (“HOW TO RECOVER ENCRYPTED FILES.TXT”) placing it in each folder as well as replaces your desktop wallpaper with a new one.

Horsia ransomware

The note stated that to recover your files, you should pay the ransom. For this, you’re offered to contact them via horsia@airmail.cc or saviour@airmail.cc to get further instructions. The price is on specified but, according to the ransom note, it depends on how quickly payment will be made. Despite this, we still urge you not to contact them as it’s fraught with money loss. The thing is that malefactors often disappear once money is transferred. But, don’t despair, the virus doesn’t delete your files which means you have a good chance to get them back. First, you should stay focused on removing Horsia Ransomware because the file decryption is meaningless without it. Here you’ll find a detailed instruction which hopefully will help you remove Horsia Ransomware and recover your files.

Horsia ransomware

How Horsia ransomware gets on your PC?

This type of virus can be infiltrated through several methods, including a freeware software, spam messages, trojans, software from dangerous sources, etc. A process of installation can start hidden and automatically. Besides that, some malware programs can mark Horsia Ransomware as a trusted software program.

What to do if your PC is infected with Horsia ransomware

As soon as you notice the presence of the ransomware on your system, you should turn your computer off. If it is possible to try to create a backup or image of your hard drive info. This may let you reserve the state of your drives in case a decryption method would be created afterward.

How to remove Horsia ransomware?

To make sure that the ransomware won’t reappear, you need to delete Horsia ransomware completely. For this, you need to remove the files and registry entries of the ransomware. We should warn you that performing some of the steps may require above-average skills, so if you don’t feel experienced enough, you may apply to the automatic removal tool.

Download Removal Tool

Performing an antimalware scan with SpyHunter Removal Tool would automatically search out and delete all elements related to Horsia ransomware. It is not only the easiest way to eliminate Horsia ransomware but also the safest and the most assuring one.

How to decrypt and restore .horsia@airmail.cc files

Restore files with an automatic tool

Method 1

There is a possible way to decrypt .horsia@airmail.cc files using Data Recovery Pro that would help you recover your files in the absence of required decryptor.

data recovery pro tool

  1. Download Data Recovery Pro and launch it
  2. Select the drive you want to recover and click START SCAN
  3. After scanning is finished, you are presented with a list of recoverable files found.
  4. Select the required files and click the Recover

Method 3

For those types of ransomware viruses that rather remove files than encrypt them we would suggest using Recuva program.
recuva tool

  1. Download Recuva tool and launch it
  2. Within the on-screen wizard choose the type of the files you want to recover
  3. Choose the location of the files
  4. Wait until the application finishes scanning
  5. Select the required files and click the Recover button

Decrypt files using our decryption service

You may try using our own service for decrypting files compromised by ransomware-type viruses. The analysis of data takes 3-5 days, after which, we will let you know whether it’s decryptable or not. Note: the service is paid, payment is charged only for decryption, the analysis is free. In order to use our service, you should fill out the form listed below.

Also, please add a log file, created on your PC:

  1. Click “Start” and type: “cmd.exe” in the search box
  2. Right-click “cmd.exe” and select “Run as administrator
  3. In command line, type or copy/paste following: dir C:\ /a/s > “%userprofile%\dirc.log”
  4. Find and attach the created “%userprofile%\dirc.log” file to the web form

Please attach encrypted text files according to the following conditions:

  1. number of files should not exceed 4;
  2. file size is not more than 8 megabytes;
  3. files must be from different folders;
  4. files must be unique.

Restore the system

  1. Initiate the search for system restore
  2. Click on the result
  3. Choose the date before the infection appearance
  4. Follow the on-screen instructions

Roll the files back to the previous version

  1. Right-click the file and choose Properties
  2. Open the Previous Version tab
  3. Select the latest version and click Copy
  4. Click Restore

If the above-mentioned methods didn’t help in eliminating the threat, then it’s better to rely on an automatic way of deleting Horsia Ransomware.

How to prevent ransomware infection

To get avoid infection with such viruses as ransomware, we advise you to use Dr.Web. Dr.Web is a powerful antimalware software that can quickly detect and remove Scarab-Rebus Ransomware with all vicious components left among system files and registry entries to make sure that it is completely gone. Dr.Web also has a feature (HTTP monitor), allowing to block access to dangerous sites in a real-time thus preventing you from being infected in the future. Just launch the scan and Dr.Web will take care of the rest.
[maxbutton id=”15

Leave a Reply

Your email address will not be published. Required fields are marked *