Chekyshka ransomware (Virus Removal Instructions) - Decryption Steps Included

Chekyshka virus Removal Guide

What is Chekyshka ransomware?

Chekyshka ransomware – a notorious virus that requires downloading Tor for successful data decryption

Chekyshka malwareChekyshka is a ransomware virus that mostly travels through phishing email letters and their infectious attachments

Chekyshka ransomware is a newly discovered malware strain that places a list of requirements for receiving the decryption key. The infiltration starts by modifying registry keys and other entries. Once the system is taken over, Chekyshka virus begins encrypting data with AES cipher[1] and adding the .chekyshka marker to each document and file. Afterward, !!! CHEKYSHKA_DECRYPT_README.TXT message appears and claims about possible file decryption that will cost $1200 and all victims who are interested in this offer need to download the Tor web browser.[2]

Virus name Chekyshka
Type of malware Ransomware virus
Main target English-speaking people
Extension .chekyshka
Urged price $1200 which needs to be transferred into Bitcoin
Encryption cipher AES
First discovered At the end of June 2019
Malware scan with FortectIntego

Emerging in the second part of June this year, Chekyshka has been targetting English speakers for bigger income. As you can see from the ransom note, a big amount of money is demanded. Such price might be not affordable for a big number of people. However, crooks want such ransom to be paid in Bitcoin and no coin less:

Your unique id: A0244D50B9034A419856CADBEE5DF40D
You can buy a transcript of the $ 1,200 in bitcoin.
But before you pay, you can be sure that we can really decipher any of your files.
Encryption Key ID and unique to your computer, so you're guaranteed to be able to recover your files.
Do this:
1) Download and install the Tor Browser (
2) Open the Web page y7c5bdswtvcfbb2c6waotudyrwhvetxt5xzdkq5hyxnd7clpc3dernqd.onion to the Tor browser and follow the instructions.

If you download the Tor web browser and enter the given link, you will be provided with instructions on how to purchase Bitcoins and pay the criminals. Furthermore, these people try to trick victims by offering them free decryption of 3 or 5 files to prove that the Chekyshka ransomware decrypter really exists.

Chekyshka might be capable of performing a big variety of malicious activities at a time. Prevention of this is rebooting your computing to Safe Mode with Networking or opting for System Restore. If you do not know how to do that, you can find some guiding steps at the end of this article.

Chekyshka ransomware virusChekyshka ransomware is a dangerous type of malware that uses AES encryption for locking data and stores codes on remote servers

It is known that ransomware such as Chekyshka is capable of eliminating Shadow Volume Copies of encrypted data just to harden the decryption process for their victims. Indeed, it is very hard to recover files after such attack is no official decrypter is released. However, you still should not follow any ransom demands from these people.

Chekyshka ransomware spreaders might be not only hackers but scammers also. What they will supposedly do is collect money from you and run off while you remain hopeless without any decryption solution. Our recommendation would be to try some data recovery tips that we have provided below and do not forget to backup your data next time.

However, Chekyshka ransomware removal should be completed first as the recovery methods will not work if the cyber threat is still active. Also, we recommend using software such as FortectIntego for a full scan and malware identification. It is known that such cyber threats are capable of injecting other infections into the system unknowingly.

We want to say that you should NEVER postpone the elimination process of such dangerous virus. You need to remove Chekyshka ransomware without any hesitation to avoid further damage. Once the malware takes full control of your computer system, it might be too late to save anything that is placed on the machine.

Chekyshka ransomwareChekyshka ransomware is a type of malware that encrypts personal files and demands a ransom for their unlocking

Email spam campaigns are likely to be filled with malware

There are a lot of locations on the Internet sphere that can be misused for malware distribution. However, email spam is the most popular technique for spreading ransomware and similar infections.[3] Crooks who deal with such business tend to drop suspicious-looking email messages that contain infectious attachments.

Usually, such emails can be recognized by a bunch of grammar and style mistakes. Also, the sender's email often appears to be something rogue. However, in some cases, criminals might pretend to come from reputable organizations. If you receive such message and are not sure about its safety, you should bring anti-malware for help.

We recommend scanning each clipped document or file that comes with the email just to be sure that nothing malicious is hiding there. Moreover, avoiding peer-to-peer networks, gambling and porn websites will also decrease the possibility of catching a ransomware infection through third-party sources.

Successful malware elimination: remove Chekyshka ransomware with reliable software

According to computer experts from,[4] ransomware viruses are one of the most dangerous malware forms that cannot be joked about. This is the main reason why manual Chekyshka ransomware removal is not an option. By performing actions by yourself, you might make more damaging mistakes and cause severe machine damage.

However, you can truly succeed in the elimination process if you decide to remove Chekyshka ransomware with reliable anti-malware. Besides, we offer to download and install tools such as FortectIntego, SpyHunter 5Combo Cleaner, or Malwarebytes to locate all malicious objects and be sure that no suspicious entries are left through which the ransomware might appear again.

It is known that malware such as Chekyshka leaves malicious components all over the system. This could be malware-laden entries in the Windows Registry or damaging processes in the Task Manager. Note that all ransomware-related objects need to be removed at once, otherwise, you will not be able to repair your system properly.

do it now!
Fortect Happiness
Intego Happiness
Compatible with Microsoft Windows Compatible with macOS
What to do if failed?
If you failed to fix virus damage using Fortect Intego, submit a question to our support team and provide as much details as possible.
Fortect Intego has a free limited scanner. Fortect Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Fortect, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

Getting rid of Chekyshka virus. Follow these steps

Manual removal using Safe Mode

Safe Mode with Networking should help you to disable the ransomware infection on Windows. Follow these instructing steps to boot correctly:

Important! →
Manual removal guide might be too complicated for regular computer users. It requires advanced IT knowledge to be performed correctly (if vital system files are removed or damaged, it might result in full Windows compromise), and it also might take hours to complete. Therefore, we highly advise using the automatic method provided above instead.

Step 1. Access Safe Mode with Networking

Manual malware removal should be best performed in the Safe Mode environment. 

Windows 7 / Vista / XP
  1. Click Start > Shutdown > Restart > OK.
  2. When your computer becomes active, start pressing F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
  3. Select Safe Mode with Networking from the list. Windows 7/XP
Windows 10 / Windows 8
  1. Right-click on Start button and select Settings.
  2. Scroll down to pick Update & Security.
    Update and security
  3. On the left side of the window, pick Recovery.
  4. Now scroll down to find Advanced Startup section.
  5. Click Restart now.
  6. Select Troubleshoot. Choose an option
  7. Go to Advanced options. Advanced options
  8. Select Startup Settings. Startup settings
  9. Press Restart.
  10. Now press 5 or click 5) Enable Safe Mode with Networking. Enable safe mode

Step 2. Shut down suspicious processes

Windows Task Manager is a useful tool that shows all the processes running in the background. If malware is running a process, you need to shut it down:

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Click on More details.
    Open task manager
  3. Scroll down to Background processes section, and look for anything suspicious.
  4. Right-click and select Open file location.
    Open file location
  5. Go back to the process, right-click and pick End Task.
    End task
  6. Delete the contents of the malicious folder.

Step 3. Check program Startup

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Go to Startup tab.
  3. Right-click on the suspicious program and pick Disable.

Step 4. Delete virus files

Malware-related files can be found in various places within your computer. Here are instructions that could help you find them:

  1. Type in Disk Cleanup in Windows search and press Enter.
    Disk cleanup
  2. Select the drive you want to clean (C: is your main drive by default and is likely to be the one that has malicious files in).
  3. Scroll through the Files to delete list and select the following:

    Temporary Internet Files
    Recycle Bin
    Temporary files

  4. Pick Clean up system files.
    Delete temp files
  5. You can also look for other malicious files hidden in the following folders (type these entries in Windows Search and press Enter):


After you are finished, reboot the PC in normal mode.

Remove Chekyshka using System Restore

Opt for System Restore if you want to deactivate the malware. You can perform such action with the help of our below-provided guidelines:

  • Step 1: Reboot your computer to Safe Mode with Command Prompt
    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of Chekyshka. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with FortectIntego and make sure that Chekyshka removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Chekyshka from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by security experts.

If you have found some encrypted files and there is very important data between them, we guess that file decryption now is a priority for you. Our suggestion still would be to deny any ransom demands to decrease the risk of getting scammed and try some of the following data recovery methods.

If your files are encrypted by Chekyshka, you can use several methods to restore them:

Data Recovery Pro might help you to restore some locked documents:

Use this file restoring software as shown in the instructions. If you do everything correctly, you might have a great chance of unlocking some encrypted data.

  • Download Data Recovery Pro;
  • Follow the steps of Data Recovery Setup and install the program on your computer;
  • Launch it and scan your computer for files encrypted by Chekyshka ransomware;
  • Restore them.

Use Windows Previous Versions feature for data recovery:

Using this tool exactly as shown in the guidelines might allow you to restore some of your files successfully. However, make sure that your computer system was booted with System restore, otherwise, this method might not work.

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

Shadow Explorer tool is used for file unlocking:

If Chekyshka ransomware did not damage or permanently eliminate Shadow Volume Copies of encrypted files, you should give this method a try.

  • Download Shadow Explorer (;
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

Currently, there has been no news about the release of Chekyshka decrypter.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Chekyshka and other ransomwares, use a reputable anti-spyware, such as FortectIntego, SpyHunter 5Combo Cleaner or Malwarebytes

How to prevent from getting ransomware

Choose a proper web browser and improve your safety with a VPN tool

Online spying has got momentum in recent years and people are getting more and more interested in how to protect their privacy online. One of the basic means to add a layer of security – choose the most private and secure web browser. Although web browsers can't grant full privacy protection and security, some of them are much better at sandboxing, HTTPS upgrading, active content blocking, tracking blocking, phishing protection, and similar privacy-oriented features. However, if you want true anonymity, we suggest you employ a powerful Private Internet Access VPN – it can encrypt all the traffic that comes and goes out of your computer, preventing tracking completely.


Lost your files? Use data recovery software

While some files located on any computer are replaceable or useless, others can be extremely valuable. Family photos, work documents, school projects – these are types of files that we don't want to lose. Unfortunately, there are many ways how unexpected data loss can occur: power cuts, Blue Screen of Death errors, hardware failures, crypto-malware attack, or even accidental deletion.

To ensure that all the files remain intact, you should prepare regular data backups. You can choose cloud-based or physical copies you could restore from later in case of a disaster. If your backups were lost as well or you never bothered to prepare any, Data Recovery Pro can be your only hope to retrieve your invaluable files.

About the author
Gabriel E. Hall
Gabriel E. Hall - Passionate web researcher

If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Gabriel E. Hall
About the company Esolutions