Infected with Purge ransomware? Need to decrypt your files?
What is Purge ransomware
Purge Ransomware refer to the ransomware virus that encrypts your files. Once launched, it begins the process of encrypting your files stored on the system drives and attached network drives. The each infected file is added the extension .purge. This tricky malware uses strong encryption algorithm – RSA, that can be decrypted using a unique key. Unfortunately, restoring files are almost impossible without this key which crooks store on the remote servers. As is often the case, victims are notified about it via message (contents in the file How to restore files.hta) stating that if they don’t pay within seven days after the infection then the decryption key will be deleted. Actually, all these tricks are created solely to steal your money. Besides wasting your money, you inspire them to create similar products.
Update: Use following service to identify the version and type of ransomware you were attacked by: ID Ransomware. Also check following website for possible decryptor: Emsisoft Decryptors.
How Purge ransomware infected your PC
Purge Ransomware uses many techniques to get spread online such as freeware/shareware bundling, spam email with malicious attachments, fake software updates and illegitimate torrents. To prevent this you should be very careful. Don’t open emails from unknown senders and be careful. Keep an eye what you install. We recommend you to download files or software from trusted sources. Always select the “custom” during the installation and eliminate unnecessary software. Remember, sometimes you only need a single careless click to install malware. Antiviruses have a small chance to catch Purge ransomware virus as it is constantly modified. The only way to protect your computer from such threats is use antiviruses with crypto-protection like HitmanPro.Alert with CryptoGuard.
What to do if you are infected with Purge ransomware virus?
First of all don’t panic. Follow these easy steps below.
1. Start your computer in Safe Mode with networking. To do that, restart your computer, before your system starts hit F8 several times. This will stop system from loading and will show Advanced boot options screen. Choose Safe mode with networking option from the options list using up and down arrows on your keyboard and hit Enter.
2. Log in to the system infected with the Purge ransomware virus. Launch your Internet browser and download a reliable anti-malware program and start a full system scan. Once the scan is complete, review scan results and remove all entries detected.
Recommended Solution:
Norton is a powerful removal tool. It can remove all instances of newest viruses, similar to Purge ransomware – files, folders, registry keys.
*Trial version of Norton provides detection of computer viruses for FREE. To remove malware, you have to purchase the full version of Norton.
Step 2: Remove following files and folders of Purge ransomware:
Remove following registry entries:
no information
Remove following files:
How to restore files.hta
How to decrypt files infected by Purge ransomware (.purge files)?
Use automated decryption tools
1. EmsiSoft Purge Decryption Tool
Full removal of Purge Ransomware doesn’t restore access to your personal files. There is special software – EmsiSoft Decryption Tool for .globe (.purge) files, that was designed to decrypt files infected by Purge. This program does not even require installation. The only prerequisite for the decryption files- to have both version of them: encrypted and its non-encrypted original version. Just select the file pair then drag and drop them onto the decryptor file in your download directory. The rest will be done by the program.
1. EmsiSoft Purge Decryption Tool 2
This tool will help you to decrypt files with following extensions: .raid10, .blt, .purge, .encrypted and .[mia.kokers@aol.com]. Again, you need to have at least one encrypted file and its original non-encrypted version, to let the program determine encryption code, and decrypt all other files.
Decrypt .purge files manually
Restore the system using System Restore
Although, latest versions of Purge ransomware remove system restore files, this method may help you partially restore your files. Give it a try and use standard System Restore to revive your data.
- Initiate the search for ‘system restore‘
- Click on the result
- Choose the date before the infection appearance
- Follow the on-screen instructions
Roll the files back to the previous version
Previous versions can be copies of files and folders created by Windows Backup (if it is active) or copies of files and folders created by System Restore. You can use this feature to restore files and folders that you accidentally modified or deleted, or that were damaged (in our case – encrypted by Purge ransomware). This feature is available in Windows 7 and later versions.
- Right-click the file and choose Properties
- Open the Previous Version tab
- Select the latest version and click Copy
- Click Restore
Restore .purge files using shadow copies
- Download and run Shadow Explorer.
- Select the drive and folder where your files are located and date that you want to restore them from.
- Right-click on folder you want to restore and select Export.
- Once the scanning process is done, click Recover to restore your files.
Protect your computer from ransomware
Most modern antiviruses can protect your PC from ransomware and crypto-trojans, but thousands of people still get infected. There are several programs that use different approach t protect from ransomware and lockers. One of the best is HitmanPro.Alert with CryptoGuard. You may already know HitmanPro as famous cloud-based anti-malware scanner. Check out ultimate active protection software from SurfRight.
Information provided by: Alexey Abalmasov