How to remove RYUK Ransomware and decrypt your files

Standard

RYUK Ransomware is virulent ransomware threat, based on the code of Hermes 2.1 and BitPaymer viruses. Researchers believe, that famous Lazarus Group is responsible for the development and implementation of the virus. Hackers demand 15-50 BTC for decryption, which is great amount. RYUK Ransomware does not bypass UAC, requires permission to run, which means user granted access to the computer for virus executable file. Ransomware encrypts all files except ones in following folders: “Windows”, “Mozilla”, “Chrome”, “RecycleBin”, “Ahnlab”. Before the onset of destructive activity, malware stops more than 180 services and 40 processes, by using taskkill and net stop commands. Stopped services and processes mainly belong to antivirus software, running databases, software for backup and editing documents that can prevent file encryption.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close