What is EpsilonRed Ransomware
EpsilonRed is another ransomware-type virus that targets personal data on infected systems. Once it finds the range of data it needs (normally it is databases, statistics, documents, etc.), the virus starts running data encryption with AES+RSA algorithms. The entire encryption process is hard to spot out immediately as victims become aware of the infection only after all files have changed their names. To illustrate that, let’s take a look at the file named 1.pdf, which therefore changed its appearance to 1.pdf.epsilonred. Such a change means it is no longer permitted to access the file. Besides pursuing sensitive data, it is also known that EpsilonRed alters the extension of executable and DLL files, which may disable them from running correctly. The virus also installs a couple of files that block off protectionary layers, clean Event logs, and affect other Windows features once the infection has snuck into the system. At the end of encryption, EpsilonRed provides ransom instructions presented inside of a note. The name of the file may vary individually, but most users reported about HOW_TO_RECOVER.EpsilonRed.txt and ransom_note.txt text notes getting created after encryption.
[+] What's Happened? [+]
Your files have been encrypted and currently unavailable. You can check it. All files in your system have "EpsilonRed" extension. By the way, everything is possible to recover (restore) but you should follow our instructions. Otherwise you can NEVER return your data.
[+] What are our guarantees? [+]
It's just a business and we care only about getting benefits. If we don't meet our obligations, nobody will deal with us. It doesn't hold our interest. So you can check the ability to restore your files. For this purpose you should come to talk to us we can decrypt one of your files for free. That is our guarantee.
It doesn't metter for us whether you cooperate with us or not. But if you don't, you'll lose your time and data cause only we have the private key to decrypt your files. time is much more valuable than money.
+] Data Leak [+]
We uploaded your data and if you dont contact with us then we will publish your data.
Example of data:
- Accounting data
- Executive data
- Sales data
- Customer support data
- Marketing data
- And more other ...
[+] How to Contact? [+]
You have two options :
1. Chat with me :
-Visit our website: hxxp://epsilons.red/support/NegotiationArea/aqsc.com5749132212/
-When you visit our website, put the following KEY into the input form.
-Then start talk to me.
2. Email me at : redepsilonsupport@protonmail.com
KEY:
{redacted}
!!! DANGER !!!
DON'T try to change files by yourself, DON'T use any third party software or antivirus solutions to restore your data - it may entail the private key damage and as a result all your data loss!
!!! !!! !!!
ONE MORE TIME: It's in your best interests to get your files back. From our side we ready to make everything for restoring but please do not interfere.
!!! !!! !!
Both of them tell all of the data has been encrypted, yet there is a chance to get it recovered. In order to do it, victims have to contact the frauds via e-mail or their website, attach the individually-created key, and pay for decryption of data. Before emptying your pockets, cybercriminals also offer to test free decryption of 1 file. They think it will prove their integrity and increase the chances of making you pay. No matter how well swindlers behave, they are the swindlers, which does not put their danger down to zero. They can fool you and do not send any decryption tools that you purchased. Therefore, your money will be wasted and flushed for no expected result. At the moment, it is less likely to find software that could be actually able to decrypt data infected by EpsilonRed for free. The ways to avoid paying the ransom, but recover your data are backup copies that can be used to restore the files after deleting the virus. In all other cases, victims should gamble on using third-party software that may restore only part of the blocked data. If this is the only option for you, give it a try using our manual below.
How EpsilonRed Ransomware infected your computer
As a rule, encryption-based malware is often spread via spam e-mail attachments, hijacked RDP configuration, pirated software, torrent downloads, and other distribution channels. Nowadays it is usual to relate ransomware infections with e-mail abuse. Cybercriminals inject malicious attachments to messages that are therefore sent across the whole web. Unfortunately, most users get curious seeing unknown files with appealing reasons to open them. Very often, users see familiar e-mail addresses that look like legitimate companies. In fact, they can be slightly changed to have a one-symbol difference between the authentic ones. For example, let’s imagine that the original FedEx address is “service@fedex.com”. Swindlers themselves can change it to “serWice@fedex.com”, adding “w” instead of “v”. As practice shows, most users do not pay attention to that, which leads to delusion with a virus infection. The range of files attached to a letter may vary from Microsoft Office documents, PDFs, to executable and JavaScript files. Even though they are disguised as something legitimate, their purpose is to contain and deliver malicious software to unprotected systems. Our advice is to avoid clicking on suspicious links or files circulating around the web. In addition to being self-aware, you can invigorate your safety by installing anti-malware software. All of this information can be found transcribed into a step-by-step guide down below.
- Download EpsilonRed Ransomware Removal Tool
- Get decryption tool for .EpsilonRed files
- Recover encrypted files with Stellar Data Recovery Professional
- Restore encrypted files with Windows Previous Versions
- Restore files with Shadow Explorer
- How to protect from threats like EpsilonRed Ransomware
Download Removal Tool
To remove EpsilonRed Ransomware completely, we recommend you to use Norton Antivirus from Symantec. It detects and removes all files, folders, and registry keys of EpsilonRed Ransomware and prevents future infections by similar viruses.
Alternative Removal Tool
To remove EpsilonRed Ransomware completely, we recommend you to use SpyHunter 5 from EnigmaSoft Limited. It detects and removes all files, folders, and registry keys of EpsilonRed Ransomware. The trial version of SpyHunter 5 offers virus scan and 1-time removal for FREE.
EpsilonRed Ransomware files:
HOW_TO_RECOVER.EpsilonRed.txt
ransom_note.txt
{randomname}.exe
EpsilonRed Ransomware registry keys:
no information
How to decrypt and restore .EpsilonRed files
Use automated decryptors
Download Kaspersky RakhniDecryptor
Use following tool from Kaspersky called Rakhni Decryptor, that can decrypt .EpsilonRed files. Download it here:
There is no purpose to pay the ransom because there is no guarantee you will receive the key, but you will put your bank credentials at risk.
Dr.Web Rescue Pack
Famous antivirus vendor Dr. Web provides free decryption service for the owners of its products: Dr.Web Security Space or Dr.Web Enterprise Security Suite. Other users can ask for help in the decryption of .EpsilonRed files by uploading samples to Dr. Web Ransomware Decryption Service. Analyzing of files will be performed free of charge and if files are decryptable, all you need to do is purchase a 2-year license of Dr.Web Security Space worth $120 or less. Otherwise, you don’t have to pay.
If you are infected with EpsilonRed Ransomware and removed it from your computer you can try to decrypt your files. Antivirus vendors and individuals create free decryptors for some crypto-lockers. To attempt to decrypt them manually you can do the following:
Use Stellar Data Recovery Professional to restore .EpsilonRed files
- Download Stellar Data Recovery Professional.
- Click Recover Data button.
- Select type of files you want to restore and click Next button.
- Choose location where you would like to restore files from and click Scan button.
- Preview found files, choose ones you will restore and click Recover.
Using Windows Previous Versions option:
- Right-click on infected file and choose Properties.
- Select Previous Versions tab.
- Choose particular version of the file and click Copy.
- To restore the selected file and replace the existing one, click on the Restore button.
- In case there is no items in the list choose alternative method.
Using Shadow Explorer:
- Download Shadow Explorer program.
- Run it and you will see screen listing of all the drives and the dates that shadow copy was created.
- Select the drive and date that you want to restore from.
- Right-click on a folder name and select Export.
- In case there are no other dates in the list, choose alternative method.
If you are using Dropbox:
- Login to the DropBox website and go to the folder that contains encrypted files.
- Right-click on the encrypted file and select Previous Versions.
- Select the version of the file you wish to restore and click on the Restore button.
How to protect computer from viruses, like EpsilonRed Ransomware, in future
1. Get special anti-ransomware software
Use ZoneAlarm Anti-Ransomware
Famous antivirus brand ZoneAlarm by Check Point released a comprehensive tool, that will help you with active anti-ransomware protection, as an additional shield to your current protection. The tool provides Zero-Day protection against ransomware and allows you to recover files. ZoneAlarm Anti-Ransomware is compatible with all other antiviruses, firewalls, and security software except ZoneAlarm Extreme (already shipped with ZoneAlarm Anti-Ransomware) or Check Point Endpoint products. The killer features of this application are: automatic file recovery, overwrite protection that instantly and automatically recovers any encrypted files, file protection that detects and blocks even unknown encryptors.
2. Back up your files
As an additional way to save your files, we recommend online backup. Local storages, such as hard drives, SSDs, flash drives, or remote network storages can be instantly infected by the virus once plugged in or connected to. EpsilonRed Ransomware uses some techniques to exploit this. One of the best services and programs for easy automatic online backup is iDrive. It has the most profitable terms and a simple interface. You can read more about iDrive cloud backup and storage here.
3. Do not open spam e-mails and protect your mailbox
Malicious attachments to spam or phishing e-mails are the most popular method of ransomware distribution. Using spam filters and creating anti-spam rules is good practice. One of the world leaders in anti-spam protection is MailWasher Pro. It works with various desktop applications and provides a very high level of anti-spam protection.
