Skip to content
  • Active
  • Severity: High
  • Ransomware
  • Windows
  • Verified · Jun 2018

How to remove PGPSnippet ransomware

A step-by-step removal guide for affected devices. Follow the verified procedure below — most readers complete it in under 10 minutes.

Gabriel E. Hall · Passionate web researcher

PGPSnippet — a ransomware that demands money after file encryption

PGPSnippet ransomware ransom note

PGPSnippet is a ransomware virus that infects the system without permission and encrypts users' files. This malware uses specific encryption algorithm and after those files are encrypted, virus places .decodeme666@tutanota.com file extension in order to make them useless. Immediately after that, ransom message in a form of !!!README_DECRYPT!!!.txt file is placed on a computer. However, the newest ransomware version was noticed in June 2018. This time virus uses “digiworldhack@tutanota.com” extension and asks for 1 Bitcoin ransom.

Summary
Name PGPSnippet
Type Ransomware
Danger level High
Appended file extension .decodeme666@tutanota.com; .digiworldhack@tutanota.com
Ransom note !!!README_DECRYPT!!!.txt
The size of the ransom 1BTC; $500
Contact email address  decodeme666@tutanota.com; digiworldhack@tutanota.com
Distribution Malicious spam emails
To uninstall PGPSnippet, install FortectIntego and run a full system scan

Authors of PGPSnippet virus in the ransom note state that you need to pay 500 in bitcoin so you can get decryption key and PGPSnipper removal instructions. They have stated that if you do not do as they say your files might be compromised for good and there is no way to decrypt them back.

The virus gives 72 hours to do the payment and lists websites where you can start your cryptocurrencies wallet. If you take longer, the size of the ransom will double. Additionally, PGPSnippet asks to send a specific file to developers soon after paying the ransom:

Send the file on the way “WIN + R >> %APPDATA&” file name hosts.txt to our e-mail after paymentat this email address: ecodeme666@tutanota.com

However, creators of PGPSnippet ransomware can be gone after you pay the ransom, so we do not recommend to proceed with the payments. The individual victims key might not be present to you even if you pay their asked amount.

Additionally, PGPSnippet seems to be decryptable ransomware. Therefore, you should proceed with virus elimination, and try third-party recovery tools. Also, if you have backups, you should not worry about making payments and having shady deals with malware developers.

We highly recommend using FortectIntego or another reputable malware elimination software to remove PGPSnippet from your computer. This type of cyber threats is sophisticated. So, they might affect legit system files and install a bunch of malicious components that are hard to get rid of manually.

To avoid possible damage, you need to opt for automatic malware elimination with a security program. However, the virus might prevent software installation or system scan. In this case, you should reboot the computer to Safe Mode with Networking. You can find the explanation below the article. Please, use it if PGPSnippet removal gets complicated.

PGPSnippet ransomware attack

The latest version of the virus demands 1 BTC for the decryptor

The newest version of PGPSnippet ransomware came to public in June 2018. This means that ransomware developers are developing improved codes and these viruses can get more and more dangerous for the victims. However, the main features of the virus remain the same. It continues spreading via malicious spam emails and gets into the system when a user is tricked into opening an obfuscated attachment. 

PGPSnippet virus

However, this variant uses a new file extension to make files useless on the affected machine. Currently, it adds .digiworldhack@tutanota.com suffix. Unfortunately, these changes cannot be recovered yet. Hence, if you do not have backups, your chances to get back data is very low. Meanwhile, authors of the ransomware offer a decryption solution in !!!README_DECRYPT!!!.txt file:

ATTENTION !

All your documents and other files ENCRYPTED ! ! !

TO RESTORE YOUR FILES YOU MUST TO PAY: 1 by Bitcoin to this address: [redacted]

You can open an wallet here:

[redacted]

Send the file on the way “WIN + R >> %APPDATA%” file name hosts.tct to our email after paymentat this email address: digiworldhack@tutanota.com

We will confimr payment and and send to you decrypt key + instruction

Remember: you have a 72 hours and if you not paud, that price will up

ATTENTION : all your attempts to decrypt your PC without our software and key can lead to irreversible destruction of your files !

This version of malware increased the payment up to 1 Bitcoin which is ridiculously huge! Thus, you should not risk losing the money by contacting them via email and transferring the money. We highly recommend uninstalling PGPSnippet instead of dealing with cyber criminals. We can ensure that virus elimination won't cause more damage than following hackers' instructions.

Email attachments are the main ransomware distribution method

The major ransomware distribution method is spam emails. These letters typically include malicious attachments that are presented as invoices, statements or other important documents. Additionally, crooks often pretend to be representatives from well-known companies.

When you open an obfuscated attachment, you trigger the installation of malware payload. For instance, PGPSnippet downloads SETT.EXE file and immediately executes it on the affected machine. Within a short period of time, all files become encrypted.

However, you have to be careful with emails in order to avoid ransomware attack. Before opening the attached document, you should look up for grammar or spelling mistakes, and check the information about the sender. If there is any suspicions delete emails without opening anything and move on from the spam email box. 

Specialists from Bedynet.ru[1] also reports that such cyber threats might get into the system using other techniques, such as:

  • trojans that open up the “backdoor”[2] for ransomware;
  • fake program downloads;
  • ads that trick installing updates or browser extensions;
  • brute-force attacks.[3]

PGPSnippet ransomware

Eliminate PGPSnippet from your computer as soon as possible

It is crucial to use professional programs like FortectIntego, SpyHunterCombo Cleaner or MalwarebytesMalwarebytes for proper PGPSnippet removal. However, you might need to do some additional steps when cleaning your system. There is a decryption guide below.

Once you remove PGPSnippet, you can try to recover your files. If you have backups, you can plug in your external device with backups and transfer them. However, if you do not have them, you can try third-party tools presented below.

Be the first to comment

Spyware news
Privacy preferences

We use cookies to improve your experience and analyze traffic. Some cookies enable embedded content like videos and social posts. Choose what you allow — you can change this anytime.