Outsider ransomware – malware that uses RSA-1024 cipher to encrypt personal files

Outsider ransomware is a file locking virus that was discovered in December 2018. Upon infiltration, malware scans the machine within a few seconds and encrypts all pictures, videos, audios, documents, and other personal data. It uses a .protected extension, which then prevents victims from opening any of the modified files (picture.jpg turns into picture.jpg.protected). Outsider virus then contacts the Command & Control[1] server controlled by hackers, sends them the personal ID of the victim, and uploads a ransom note to each of the affected folders. HOW_TO_RESTORE_FILES.txt explains to users what happened to their system, as well as explains what they should do next in order to recover access to the personal files. They are asked to acquire $900 in Bitcoin and then email crooks via secureserver@memeware.net.
| Summary | |
| Name | Outsider ransomware |
| Type | File locker |
| Encryption algorithm | RSA |
| Extension | .protected |
| Ransom note | HOW_TO_RESTORE_FILES.txt |
| Ransom size | $900 in BTC |
| Decryptable? | No |
| Removal | Use FortectIntego, SpyHunterCombo Cleaner. or other anti-malware software to eliminate malware from your PC |
Outsider ransomware authors use typical propagation techniques, such as:
- Spam emails;
- Brute-force[2] attacks;
- Exploits and vulnerabilities;
- Fake updates;
- Hacked/malicious websites, etc.
All of these methods are as dangerous as the user allows them to be: using reputable security software and practicing safe browsing habits can ensure that no malware appears on the machine. However, those who are already infected will have to take care of Outsider ransomware removal.
As soon as Outsider ransomware enters the machine, it performs various system modifications: modifies Windows Registry, removes Shadow Volume Copies, executes and runs multiple processes and reads information about the device. From this point, all your files get encoded in a matter of a few seconds and become unusable. Additionally, all the incoming data will be encrypted as well.
It is quite ironic how cybercriminals refer to the whole situation as if it would be some sort of sales deal in the ransom note:
100% Successful restoring all of your files
100% Satisfaction guarantee
100% Safe and secure service
Not only did they infect the machine with malware that can compromise the security even more, but also demand money for file decryption. There is no “service.” It merely is an extortion scheme that users should not engage themselves in. Outsider ransomware cannot be trusted, as they could simply take the money and never bother sending the key back.
For that reason, you need to remove Outsider ransomware from your computer before you do anything else. You should use comprehensive security software, such as FortectIntego or SpyHunterCombo Cleaner, although you can use any other tool that is capable of detecting[3] and eliminating the threat.

You can prevent ransomware infections in most cases
Bad actors use various tricks to infect as many victims as possible. However, users can decrease the infection probability by using precaution measures. Here are most popular ransomware distribution methods and ways to avoid the malware:
- Spam emails. This method remains one of the most used because of how effective it is. Phishing emails are often poorly written, include numerous grammar or spelling mistakes and generally seem fake. However, some criminals come up with believable messages that can confuse even those PC savvy. Therefore, make sure you check the real address of the embedded hyperlink and scan the attachment before opening it;
- Exploit kits. Almost all software has security vulnerabilities that can help hackers to break in and upload the malware. Unfortunately, these security holes can only be patched by software creators (one of the most abused software is Adobe Flash) and are not necessarily discovered before thousands of infections occur. However, patching software on time can prevent criminals from using exploit kits;
- Weak RDP protection. A remote desktop protocol is a useful feature that allows users to take control over their device remotely. Hackers often use brute force attacks when trying to break in via the RDP, and then install malware manually. We suggest users make sure a strong password is used, and the usage of a VPN is also advisable;
- File-sharing and other third-party sites. Bad actors can inject malicious code into a hacked website or create their sites that host malware. The spoofing sites can often be avoided by checking if a secure HTTPS[4] connection is used. Additionally, internet protection tools can be used to prevent malicious code execution in real time, so it is highly recommended. Finally, torrent and shady-looking sites that offer free software or media should also be avoided.
Outsider ransomware elimination steps
There is one crucial thing to look out for after the infection: do not try to recover your files before you remove Outsider ransomware from your PC entirely. Otherwise, all your backed files will get corrupted as well.
To remove Outsider virus safely, enter Safe Mode with Networking, as explained below. Then, use security software like FortectIntego or SpyHunterCombo Cleaner to thoroughly scan your machine and get rid of malware. Only then attempt to recover your files from a backup.
However, if you did not store any backups before Outsider ransomware attacked your machine, we suggest you try third-party software that may be useful. You can find download links and usage instructions down below.
Was this guide helpful?
Be the first to comment