What is Ransom32?
Ransom32 is a relatively new ransomware and a service for its creation. Ransom32 Ransom as a Service is situated on a TOR domain and is open to everyone. After entering a bitcoin address anyone who feels like it can fiddle, generate and then download the ransomware. For their services the creators of the service take a fee equaling to a 25% cut of paid ransoms. In its features Ransom32 doesn’t differ much from other ransomware programs. What makes it a standalone is that Ransom32 is the first ransomware written in JavaScript, which makes it applicable not only to Windows, but also to Linux and Mac.
After getting on computer Ransom32 acts like any other ransomware. At the beginning it adds malicious files to \Users\User\AppData\Roaming\Chrome Browser folder and to Startup folder in order to initiate the start of the program with every reboot. Then Ransom32 starts searching the files suitable for encryption. Ransom32 is capable of using wild cards which broadens the list of targeted files. When the encryption process ends, the program will show the message with the ransom details, which may differ depending on the ransomware creator. In any case, the best way to deal with the threat is to remove Ransom32.
How Ransom32 gets on your PC?
Taking into consideration the origin of the threat, Ransom32 is probably be spread through p2p services or via spam email attachments. Try not to download p2p-shared files, and if you do so, scan the files for the presence of threats. The same with emails – be attentive when receiving messages from an unknown sender or the messages that look weird. The email may even look like a notification from police of governmental structures – in any case scanning the attachment would be a wise action.
How to remove Ransom32 from your computer?
To get rid of Ransom32 delete all its files and regkeys.
In our view, there are 3 products that potentially have Ransom32 in their database. You can try to use them for removing Ransom32.
Recommended Solution:
Norton is a powerful removal tool. It can remove all instances of newest viruses, similar to Ransom32 – files, folders, registry keys.
*Trial version of Norton provides detection of computer viruses for FREE. To remove malware, you have to purchase the full version of Norton.
Alternative Solution:
Norton Antivirus – detects files, registry values and folders of viruses that show the same behavior as Ransom32.
You can try both of these products to remove Ransom32
Or remove Ransom32 manually.
Step 1: Start the system in Safe Mode
-
For Windows XP/Vista/7:
- Reboot the system
- While the system is loading, press F8 button several times. Advanced Boot Options menu should appear
- Choose Safe Mode with Networking.
For Windows 8/8.1/10:
- On the Windows login screen click the Power button
- Hold Shift and choose Restart
- Select Troubleshoot
- Go to the Advanced Options and then to Startup Settings
- Select Enable Safe Mode with Networking
- Open Control Panel
- Go to the View Tab
- In the Advanced Settings category choose Show hidden files and folders
- Click OK
Step 3: Remove following files and folders of Ransom32:
Remove following files:
chrome.exe
ffmpegsumo.dll
icudtl.dat
msgbox.vbs
nw.pak
rundll32.exe
s.exe
u.vbs
Remove following folders
\Users\User\AppData\Roaming\Chrome Browser
%AppData%\Chrome Browser\.chrome\
%Temp%\nw3932_17475
How to decrypt files infected by Ransom32?
Restore the system
- Initiate the search for ‘system restore’
- Click on the result
- Choose the date before the infection appearance
- Follow the on-screen instructions
Roll the files back to the previous version
- Right-click the file and choose Properties
- Open the Previous Version tab
- Select the latest version and click Copy
- Click Restore