Skip to content
  • Active
  • Severity: High
  • Ransomware
  • Windows
  • Verified · May 2020

How to remove Arrow ransomware

A step-by-step removal guide for affected devices. Follow the verified procedure below — most readers complete it in under 10 minutes.

Lucia Danes · Virus researcher

Arrow ransomware – dangerous crypto-virus which belongs to Dharma family

Illustration of Arrow ransomware virus

.Arrow ransomware is one of the newest variants of Dharma ransomware. Malware uses AES cryptography[1] and appends .arrow file extension to the targeted data. Its aim is typical to other ransomware viruses – the virus seeks to swindle the money from its victims in exchange for the decryption key which is needed to unlock blocked files. Arrow file virus requires sending bitcoins to the anonymous wallet of its developers that can be contacted vuavauvau@cock.li. Instructions on how to perform this procedure are provided in the ransom note which is saved on the desktop once the virus finishes its encryption procedure.

Name Arrow ransomware
Family Dharma
Extensions used to mark infected files .id-[random-characters].[vauvau@cock.li].arrow, [badfail@qq.com].arrow, .marat20.cock.li].arrow
Email address vauvau@cock.li
Distribution Spam, infected email attachments, illegal software
Decrypter Dharma Decryptor

Arrow virus usually spreads via malicious spam emails which contain an obfuscated attachment. When a victim opens a document, malware payload is dropped and executed on the system. Malware immediately starts making changes to the system, such as:

  • Gets admin rights to specific Windows processes or system files,
  • Modifies or creates new Registry entries,
  • Deletes Shadow Volume Copies.

All these changes allow malware to settle in the computer and boot with system startup. However, the biggest problem is that it might delete shadow copies which are very important in data recovery.[2] Though, sometimes ransomware fails to delete them and data recovery might be possible with third-party software.

Arrow ransomware targets the most popular file types, including documents, images, audio, video and other files. The crypto-virus adds a complex suffix to targeted files that include a contact email address, victim’s ID and unique file extension. After the encryption, all files are locked with .id-[random-characters].[vauvau@cock.li].arrow, [badfail@qq.com].arrow or .marat20.cock.li].arrow file extension.

Victims are supposed to contact authors of .Arrow file virus via vauvau@cock.li. However, security specialists do not recommend doing it. Communication with cybercriminals and following their instructions might lead to money loss. No one can ensure that they have a decryptor or let you use it after receiving your payment.

Keep in mind that some versions of Dharma are decryptable. Hence, you should remove Arrow ransomware and try its decryptor. It might be updated any minute to help victims to recover lost files. Additionally, you can try third-party tools if you do not have your important files backed up.

But before you proceed with data recovery, you have to clean the computer. For Arrow virus removal, you will need a professional malware removal tool. We highly recommend using FortectIntego, but you can choose any other reliable security tool too.

Iamge of Arrow ransomware

Do not rush opening email attachments to avoid ransomware attack

Malicious spam email attachments are the main distribution method of the file-encrypting viruses. Ransomware executable typically spreads as obfuscated Word, PDF or ZIP file, so it’s easy to get tricked and open an infected document.

However, if you be attentive and do not open spam or other suspicious emails, you can protect your files from encryption. If you find the content of the email unfamiliar or shady, follow these instructions:

  • Look up for grammar and spelling mistakes. Crooks often leave typos and language errors which can reveal their malicious goals.
  • Double-check the information about the sender. Look up for the information about email address and the sender online, especially if the letter seems to be sent from the bank, governmental institutions or similar company.
  • Check credentials. Phishing emails often lack credentials, such as signature or logos.

Specialists from avirus.hu[3] remind to be careful with freeware downloads, update installation and aggressive pop-ups. They might be used in ransomware distribution too. For full protection, you should also install reputable antivirus and create backups.

Delete Arrow ransomware virus safely

We want to warn that you should not try to remove Arrow ransomware from the computer manually. The file-encrypting virus can inject malicious code into legit system processes and install numerous additional files or applications that perform harmful activities.

Terminate all these entries without security software is nearly impossible, especially if you are not an experienced IT specialist. For this reason, you should opt for automatic Arrow ransomware removal. To clean malware safely, you should choose one of these tools: FortectIntego, MalwarebytesMalwarebytes or SpyHunterCombo Cleaner. If you have some obstacles, follow the guide below.

Be the first to comment

Spyware news
Privacy preferences

We use cookies to improve your experience and analyze traffic. Some cookies enable embedded content like videos and social posts. Choose what you allow — you can change this anytime.