Severity scale:  
  (91/100)

Remove Adame ransomware (Bonus: Decryption Steps) - updated Sep 2019

removal by Alice Woods - - | Type: Ransomware

Adame ransomware is the cryptovirus, supposedly spreading with Adobe software cracks and torrent files

Adame ransomwareAdame cryptovirus is the ransomware that gets on the system as a installations file of Adobe cracks, video game cheats. This is a vector used by other virus developers because people tend to pirate various programs and serial numbers or license keys of tools. Users[1] recently reported about the renewed virus activity and many of these online forum posts state that people downloaded Abode Lightroom, Adobe Photoshop, Adobe Premiere, Adobe After Effects, Adobe Animate, and other software from this provider. Apparently, one of the installer files contain malware instead of needed information and raises questions when the needed program is not openable. However, the question is answered when ransom note in the form of a pop-up program window named info appears on the screen. The note also can be loaded on the desktop as info.txt file.

People state that files immediately get unreachable and marked with .Adame extension, hence the name of the virus, so the ransom demand can be made. Remember this and the fact that Adame ransomware virus is a version of Phobos ransomware. This relation indicates the possibility that malicious ransomware payload includes modules that affect the system and can further infect the machine with trojans, worms, other malware.

Questions about Adame ransomware

Also, it is known that the family of Phobos loads processes and executables on the machine to ensure the persistence and interfere with the performance of infected computer further. “The App that Reminds You to Move More” is the process that can be found running in the background. As typical for the family, the ransom note initially delivers instructions and when the victim follows provided links the amount appears on the payment system. However, this is never the recommended route.

Name Adame ransomware
Type Cryptovirus/ file-locking malware
Ransom note The program window with payment instructions named encrypted.hta appears immediately after the encryption process, the same information may appear in info.hta, info.txt
File marker .id[].[supportcrypt2019@cock.li].Adame is a full pattern of the file marker that appears on every document, photo, video file or archive that gets encoded
The process running in the background “The App that Reminds You to Move More”
Family Phobos cryptovirus
Distribution Infected file attachments with macro viruses from email spam – common vector used by ransomware developers. The Adame infections are related to malicious files that get installed as a part of the cracked software package or different torrent files. Mainly, victims stated about pirated versions of Adobe products that delivered malware on their PCs
Contact email raynorzlol@tutanota.com, supportcrypt2019@cock.li, supportcrypt2019@protonmail.com
Elimination Remove Adame ransomware with anti-malware tool and clean virus damage using Reimage Reimage Cleaner . Base your selection of antivirus tool on detection rate, but remember that names differ due to the malware database the security tool provider uses

Virus developers claim that they can recover affected files with the only possible solution – decryption key they develop for each victim separately and allegedly shares it with a victim after the money transfer. Unfortunately, ransom paying is not the best solution since contacting cybercriminals can lead to more issues with the machine or even further damage to the device.[2] Ransomware is based on blackmailing victims, so virus developers have no mercy for you or your files.

Adame ransomware is the virus that completely overwhelms the victim with all the changes in the system and the ransom demand. However, ransomware has more features than file encryption alone. Since it aims to make a profit from infecting machines, it can also steal valuable information and email addresses or credentials that can be used in secondary scamming campaigns.

It is known that like any other cryptovirus, Adame ransomware targets online banking credentials, personal logins or passwords and other details stored directly on the device or saved on the browser as auto-fill information. In addition to this background process, the virus can:

  • alter Windows configuration files;
  • add new registry entries;
  • delete files;
  • add programs or data;
  • infect the machine with other malware.

Adame ransomware virus
Adame ransomware is the malware that shows up with a ransom demanding message and makes people eager to pay. However, all the malicious processes happen in the background.

Adame ransomware starts the attack with infecting the machine and checking the location of the device. Sometimes particular countries are excluded from such processes. If the system is suitable for the infection, the ransomware runs AES encryption algorithm and encodes all the data found on the machine. Common files like photos, documents, videos, music, audio files get encrypted and then encrypted.hta appears on the screen with the following message:

All your files have been encrypted!
All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail supportcrypt2019@cock.li
Write this ID in the title of your message: 
In case of no answer in 24 hours write us to this e-mail:supportcrypt2019@protonmail.com
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the tool that will decrypt all your files.
Free decryption as guarantee
Before paying you can send us up to 5 files for free decryption. The total size of files must be less than 4Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)
How to obtain Bitcoins
The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click ‘Buy bitcoins’, and select the seller by payment method and price.
hxxps://localbitcoins.com/buy_bitcoins
Also you can find other places to buy Bitcoins and beginners guide here:
hxxp://www.coindesk.com/information/how-can-i-buy-bitcoins/
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.

Besides this program window with direct payment transfer instructions, a virus can add info.txt text file on the screen that contains less detailed information. In most cases, Adame ransomware repeats contact information and lists emails in the text file where criminals encourage people to follow instructions in the HTA file as soon as possible.

Adame cryptovirus changes tactics over time

.Adame virus tactics differ from attack to attack, but all reports and user-provided samples revealed more unique information about the threat. Some user posts online showed that ransomware included different coding than before or than any other virus in this category before. Instead of focusing on file encryption in formats like photos, documents, and so on, malware encodes system data and valuable files like Windows Configuration files, driver files, data needed for restoring.

Such data disruption on the system seems to be more effective before targeting common files stored on the machine because disabled security software, crucial system functions allow virus developers to access and encrypt files much easier. This way, the virus cannot be detected too.

Adame ransomware from the beginning was known for being persistent and spreading in large-scale campaigns. Developers want to infect as many devices as possible in one attack. This is probably the most spread and currently active versions in Phobos ransomware family.

The month of September 2019 came with mote reports and virus samples from users. This data revealed additional unique facts about spreading and Adame ransomware:

  • people get this virus after installing Adobe products;
  • malicious payload loaded as installer file or executable;
  • files even come from trusted uploader torrent with loads of seeders.

Don't trust such public sites and torrent services, malware developers hit such websites and use various flaws to obtain money from many victims. Phobos ransomware cannot be decrypted at this point, so you need to focus on virus removal and possibly store encrypted data on the external device until the tool gets created.

Adame cryptovirus
Adame virus is the threat that changes its malicious tactics and can run different commands on the machine besides the file encryption.

Although criminals behind this threat claim about decryption possibility, you need to remove Adame ransomware without even considering the ransom payment. There is no need to spend your money when, in most cases, the decryption tool does not exist. Developers change the initial code, and this virus is distributed in various campaigns that target large scale of victims. Global attacks aim to affect as many people as possible. So this is one of the most popular and dangerous Phobos versions. 

Reports about this threat also show that Adame ransomware removal becomes impossible after some time. The virus can propagate across various mediums and load other files, processes, programs on the machine. All those associated intruders, alterations on the system can ensure that malware is more persistent.

This is the reason why experts[3] always recommend rebooting the machine in Safe Mode with Networking and then running a system scan with tools like Reimage Reimage Cleaner . When you run a check on the machine, anti-malware tools can indicate Adame ransomware payload, malicious files, and virus damage, so you need one tool to eliminate the threat completely.

Common ransomware is being spread by hackers

When it comes to threats like ransomware, the more common distribution techniques are phishing attacks and infected files that get attached to spam emails. These campaigns that spread cryptovirus involves techniques that allow to deliver malware across multiple platforms and spread them to a bigger number of potential victims.[4]

Cybercriminals and hackers are more likely to spread such a serious threat because they aim to scare people into paying the ransom. Also, this is more advanced and involves experience in coding such sophisticated malware. Many reports state that torrent files, even from verified accounts or trusted soruces deliver malware payload.

You shouldn't trust any person, service or website that provides such cracks, serial numbers of legitimate software, cheats of video games and license numbers of security programs are one of the more popular things that people try to pirate online. However, some of the installer files contain executables with ransomware payload and once you trigger the installation, you get your PC infected.

Developers always changing their tactics, so be aware of other methods like infected documents – the popular technique of delivering the malicious script. Macro-infected documents are loaded on legitimate-looking emails with subject lines like Invoice, Order information, Shipping details as attachments. Once the PDF or Word document gets downloaded and opened malicious macros trigger the drop of the ransomware payload. Ransomware infiltration happens in seconds and you cannot stop the process.

Adame ransomware removal is the process that requires more help from professional tools

You need to react to Adame ransomware virus infection as soon as possible because malware can propagate further and infect more devices on the same network or even permanently damage the machine. Hackers can target further than your own PC.

As soon as you notice the suspicious activity on the machine and get your data affected, you need to remove Adame ransomware completely. If you react quickly, you can eliminate all traces of the virus and take your system back to a safe place without malware.

Unfortunately, manual Adame ransomware removal is not giving the best results because of its reported persistency, you need to get automatic tools like anti-malware tools and run a full system scan. Using Reimage Reimage Cleaner , SpyHunter 5Combo Cleaner, or Malwarebytes can give you the advantage because these programs terminate the malware itself and clean virus damage. 

Offer
do it now!
Download
Reimage Happiness
Guarantee
Download
Reimage Cleaner Happiness
Guarantee
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage Reimage Cleaner, submit a question to our support team and provide as much details as possible.
Reimage Reimage Cleaner has a free limited scanner. Reimage Reimage Cleaner offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage Cleaner, try running Combo Cleaner.

To remove Adame virus, follow these steps:

Remove Adame using Safe Mode with Networking

Adame ransomware can be more persistent, so reboot the machine in Safe Mode with Networking before an anti-malware scan

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove Adame

    Log in to your infected account and start the browser. Download Reimage Reimage Cleaner or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete Adame removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove Adame using System Restore

You can enable the System Restore feature and eliminate Adame ransomware this way

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of Adame. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage Reimage Cleaner and make sure that Adame removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Adame from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.

If your files are encrypted by Adame, you can use several methods to restore them:

Data Recovery Pro is the method that can help with files encrypted by Adame ransomware

If you need alternate solution for data backups, Data Recovery Pro is the one to try. The program can restore accidentally deleted and corrupted files too

  • Download Data Recovery Pro;
  • Follow the steps of Data Recovery Setup and install the program on your computer;
  • Launch it and scan your computer for files encrypted by Adame ransomware;
  • Restore them.

Windows Previous Versions feature for file recovery after Adame ransomware attack

When System Restore gets enabled, you can use Windows Previous Versions as a data recovery method

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

ShadowExplorer for help when dealing with Adame ransomware

Your encrypted files can be recovered if you can use Shadows Volume Copies and ShadowExplorer tool

  • Download Shadow Explorer (http://shadowexplorer.com/);
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

Decryption is not possible for Adame ransomware

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Adame and other ransomwares, use a reputable anti-spyware, such as Reimage Reimage Cleaner , SpyHunter 5Combo Cleaner or Malwarebytes

About the author

Alice Woods
Alice Woods - Likes to teach users about virus prevention

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Alice Woods
About the company Esolutions

References


Your opinion regarding Adame ransomware