What is RansomWarrior Ransomware?
RansomWarrior Ransomware is a data-kidnapping virus from Indian hackers that extorts money of 349 USD in Bitcoins from users. It creeps into system by means of fake email messages with attached malicious files. The virus starts to infect system when the user opens this file. All your sensitive files like documents, videos, photos will be subsequently encrypted. Cybercriminals encourage people to pay ransom in exchange for data retrieve that way. Nonetheless, we urgently advise you not to contact them and especially to make any concessions. Remember, you are dealing with fraudsters who don’t care about your files and whose the main purpose is to make a profit. Hence, there is a high risk of being left without decryptor and money. Instead, you may try using this guide to remove RansomWarrior Ransomware and decrypt .THBEC files without spending any money.
The principle of work of the ransomware is always the same – to encrypt files and then to require payment. RansomWarrior Ransomware encodes users’ personal files via AES encryption algorithm. All infected files will be renamed according to Encrypted#.THBEC sample, where “#” is random digit. For example, file “myfamily.jpg” will turn into “Encrypted5.THBEC”. The ransom note is provided as Windows lock screen that contains instructions from criminals to decrypt encrypted files:
Oops!!! Your Files Has Been Encrypted By RansomWarrior 1.0
Message for you from RansomWarrior 1.0
Hello, we are a group of dedicated hackers from India. We have encrypted all your files so we can get your money. All your important files has been encrypted which means you are going to pay us a ransom of 349 USD in Bitcoins. So first of all you can decrypt to of your important files and we will show you which files has been decrypted. Just so you can see that we do have your decryption key, and you will be able to buy it from us. You won't be able to get your important files back if you don't buy your decryption key. Notice a clock on the side, when that date arrives your important files will be deleted(You have 24 hours to pay the ransom).
You will be able to get Bitcoins, at sites such as coinbase.com or localbitcoins.com. There are also others, but usually these are the usual choice
(Make sure to get a little bit more Bitcoins, due to transaction fees and the crypto currency is very volatile. It's also a good idea to get the Bitcoins,
as soon as possible, because sometimes the purchasing process can take hours. You would also need a wallet for your Bitcoins if you are not using
the coinbase.com wallet. When you have your Bitcoins in your wallet. You are going to download and install the tor browser. Go to torproject.org and
then follow the instructions given there.
You need the tor browser, because our payment website is located in darknet. When you have downloaded and installed the tor browser. Go to this link: zpkjjp57apz76k3q.onion\Pay\PayThis\Payment_1000731.PHP When you are on the website, you simply transfer your Bitcoins to the address that are provided to you(You can copy the address and then paste it in your Bitcoin wallet when you are transfering the Bitcoins). When your Bitcoins arrive to our wallet, you will be notified and then be able to download the decryption key. When you have your decryption key, simply place the key in your C:\ And then get all your important files back. The ransomware will then decrypt everything and remove itself.
Here is the entire lists of the way it's done:
1. Decrypt 2 important files as proof of decryption key and we decrypt to keep a good reputation about RansomWarrior 1.0.
2. Get a Bitcoin wallet(If needed)
3. Get the Bitcoins from coinbase.com or localbitcoins.com or an alternative.
4. Download and install the tor browser from torproject.org
5. Go to our website: zpkjjp57apz76k3q.onion\Pay\PayThis\Payment_1000731.PHP
6. Pay your Bitcoins to the Bitcoin address showed.
7. When accepted download your decryption key and put it in your C:\.
8. Then decrypt all of your important files and wait till the ransomware deletes itself.
1. Do this process as fast as possible, to make sure you get your important files back.(Due to Bitcoins sometimes take some time.)
2. If you are old and this seems confusing, get help from a younger relative or equivalent.
3. Always remember that the clock is ticking.
4. Do not attempt to adjust any of the files in the folder or try to adjust the clock on your computer. This can cause the ransomware to delete itself
along with your important files.
5. If you do no. 4 make sure you have technical experience.
6. We will decrypt your important files for our price stated, destroying things is not something we want to do.
7. Save your time(It's limited) by not reporting it to the police, they can't help you anyways(And will jut turn your away).
8. Also disable your anti malware software, because this can delete the ransomware(And we can't guarantee your important files).
9. Have a good day with the love from India.
[Get Your Important Files Back]
[Get 2 Important Files Decrypted For Free]
After successful decryption of the file, you receive the following window:
Although RansomWarrior is a really dangerous virus, you still have a good chance to get them back. Before deciphering, you should first stay focused on removing RansomWarrior Ransomware to avoid re-infection. Once RansomWarrior Ransomware is removed, you can proceed with decryption. Both automatic and manual solution is presented here that we hope will help you remove RansomWarrior Ransomware and recover your files.
How RansomWarrior ransomware gets on your PC?
This type of virus can be infiltrated through several methods, including freeware software, spam messages, trojans, software from dangerous sources, etc. A process of installation can start hidden and automatically. Besides that, some malware programs can mark RansomWarrior Ransomware as a trusted software program.
How to remove RansomWarrior ransomware?
To make sure that the ransomware won’t reappear, you need to delete RansomWarrior ransomware completely. For this, you need to remove the files and registry entries of the ransomware. We should warn you that performing some of the steps may require above-average skills, so if you don’t feel experienced enough, you may apply to the automatic removal tool.
Performing an antimalware scan with SpyHunter Removal Tool would automatically search out and delete all elements related to RansomWarrior ransomware. It is not only the easiest way to eliminate RansomWarrior ransomware but also the safest and the most assuring one.
How to decrypt .THBEC files
Restore files with Data Recovery Pro
Data Recovery Pro is an essential tool in the fight against ransomware-type viruses that can recover encrypted files.
- Download Data Recovery Pro and launch it
- Select the drive you want to recover and click START SCAN
- After scanning is finished, you are presented with a list of recoverable files found.
- Select the required files and click the Recover
Decrypt files using our decryption service
You may try using our own service for decrypting files compromised by ransomware-type viruses. The analysis of data takes 3-5 days, after which, we will let you know whether it’s decryptable or not. Note: the service is paid, payment is charged only for decryption, the analysis is free. In order to use our service, you should fill out the form listed below.
Also, please add a log file, created on your PC:
- Click “Start” and type: “cmd.exe” in the search box
- Right-click “cmd.exe” and select “Run as administrator“
- In command line, type or copy/paste following: dir C:\ /a/s > “%userprofile%\dirc.log”
- Find and attach the created “%userprofile%\dirc.log” file to the web form
Please attach encrypted text files according to the following conditions:
- number of files should not exceed 4;
- file size is not more than 8 megabytes;
- files must be from different folders;
- files must be unique.
Restore the system
- Initiate the search for system restore
- Click on the result
- Choose the date before the infection appearance
- Follow the on-screen instructions
Roll the files back to the previous version
- Right-click the file and choose Properties
- Open the Previous Version tab
- Select the latest version and click Copy
- Click Restore
If the above-mentioned methods didn’t help in eliminating the threat, then it’s better to rely on an automatic way of deleting RansomWarrior Ransomware.
How to prevent ransomware infection
Dr.Web is a powerful antimalware software that can quickly detect and remove RansomWarrior Ransomware with all vicious components left among system files and registry entries to make sure that it is completely gone. It is capable of protecting not only home computers but also server systems in the large organizations. Another key feature of this program is that Dr.Web has its own decryption service available for free for clients of Dr.Web. Moreover, to avoid data loss in case the file system is damaged or infected with ransomware, it regularly creates backup copies of your files. Having Dr.Web on the computer, you can not be afraid for the safety of your data. Just launch Dr.Web and it will take care of the rest.