Infected with Planetary Ransomware? Need to decrypt your files?
What is Planetary Ransomware
In this article, we will talk about Planetary cryptovirus, which has abruptly appeared on the user’s computer in early April. Like other similar viruses, it comes to your PC and encrypts user data using algorithms that make files unusable. It also adds various extensions (.mercury, .pluto, .mecury, .neptune, .yum and .mira) to these files and creates a note file with the requirements of the scammers. There are 2 options for such notes:
!!! ATTENTION, YOUR FILES WERE ENCRYPTED !!!
Please follow few steps below:
1.Send us your ID.
2.We can decrypt 1 file what would you make sure that we have decription tool!
3.Then you'll get payment instruction and after payment you will get your decryption tool!
Do not try to rename files!!! Only we can decrypt all your data!
Contact us:
getmydata@india.com
mydataback@aol.com
Your ID: [redacted 64 uppercase hex]:[redacted 64 uppercase hex with dashes]
[redacted 64 uppercase hex with dashes]:[redacted 64 uppercase hex with dashes]
ALL FILES ARE ENCRYPTED.
TO RESTORE, YOU MUST SEND $700 EQUIVALENT FOR ONE COMPUTER
OR $5,000 FOR ALL NETWORK
PAYMENTS ACCEPTED VIA BITCOIN, MONERO AND ETHEREUM
BTC ADDRESS: [bitcoin_address]
MONERO (XMR) ADDRESS: [monero_address]
CONTACT US WHEN ETHEREUM PAYMENT INFORMATION
BEFORE PAYMENT SENT EMAIL m4rk0v@tutanota.de
ALONG WITH YOUR IDENTITY: [base64_encoded_computer_name]
INCLUDE SAMPLE ENCRYPTED FILE FOR PROOF OF DECRYPT
NOT TO SHUT OFF YOUR COMPUTER, UNLESS IT WILL BREAK
As you might think, the cryptovirus is aimed at English-speaking users, however, according to our data, this cryptovirus is already around the world. Moreover, in one of the notes fraudsters require 5 thousand dollars! FIVE THOUSAND! This is crazy, and, of course, it’s not worth saying that you don’t need to pay anything or contact fraudsters. Of course, there is an option to delete all data on the computer, however, in most cases, there are always files on the PC that you don’t want to lose. Below you will find recommendations for removing Planetary and decrypting files.
Update: Use following service to identify the version and type of ransomware you were attacked by: ID Ransomware. If you want to decrypt your files, please follow our instruction below or, if you have any difficulties, please contact us: submit@securitystronghold.com. We really can help to decrypt your files.
How Planetary Ransomware infected your PC
In most cases, Planetary comes as an attachment in a spam mailing list or as a false update for a program or utility. Also, this happens due to the fact that users do not use antiviruses and other software that can protect your PC and prevent the penetration of such threats. Be that as it may, we recommend that you familiarize yourself with our guides to remove Planetary and decrypt files.
First of all, don’t panic. Follow these easy steps below.
1. Start your computer in Safe Mode with networking. To do that, restart your computer before your system starts hit F8 several times. This will Planetary Ransomware system from loading and will show Advanced boot options screen. Choose Safe mode with networking option from the options list using up and down arrows on your keyboard and hit Enter.
2. Log in to the system infected with the Planetary Ransomware virus. Launch your Internet browser and download a reliable anti-malware program and start a full system scan. Once the scan is complete, review scan results and remove all entries detected.
Recommended Solution:
Wipersoft – fully removes all instances of Planetary Ransomware – files, folders, registry keys.
You may find more detailed information about antivirus products in our article – Top 5 Antivirus Software for Windows
Restore your files using shadow copies
- Download and run Stellar Data Recovery.
- Select type of files you want to restore and click Next.
- Select the drive and folder where your files are located and date that you want to restore them from and press Scan.
- Once the scanning process is done, click Recover to restore your files.
Step 2: Remove following files and folders of Planetary Ransomware:
Related connections or other entries:
No information
Related files:
No information
How to decrypt files infected by Planetary Ransomware?
You can try to use manual methods to restore and decrypt your files.
Decrypt files manually
Restore the system using System Restore
Although latest versions of Planetary Ransomware remove system restore files, this method may help you partially restore your files. Give it a try and use standard System Restore to revive your data.
- Initiate the search for ‘system restore‘
- Click on the result
- Choose the date before the infection appearance
- Follow the on-screen instructions
Roll the files back to the previous version
Previous versions can be copies of files and folders created by Windows Backup (if it is active) or copies of files and folders created by System Restore. You can use this feature to restore files and folders that you accidentally modified or deleted, or that were damaged. This feature is available in Windows 7 and later versions.
- Right-click the file and choose Properties
- Open the Previous Version tab
- Select the latest version and click Copy
- Click Restore
Written by Rami Duafi