Severity scale:  
  (91/100)

Remove Easy ransomware (Virus Removal Guide) - Recovery Instructions Included

removal by Lucia Danes - - | Type: Ransomware

Easy ransomware – a cryptovirus appending a complex extension to original filenames

Easy ransomwareEasy ransomware is a data-locker that demands ransom for a decryption tool

Easy ransomware is a computer virus developed to encrypt victim files on an infected device and demand a ransom through generated ransom notes. This cryptovirus derives from a well-known Phobos ransomware family that's been first spotted in October of 2017.

.easy file extension virus isn't an exception to how most ransomware works. The second it lands on a computer system, it scans the most frequently used files and starts encrypting them with RSA cipher.[1] During that process, all non-executable files, such as pictures, MS Office or other documents, archives, and so on, receive a new extension.

Original filenames are appended with a unique user ID, easybackup@aol.com (contact email of the cybercriminals), and .easy extension. After the encryption and renaming processes are completed, the cryptovirus generates ransom notes – info.hta and info.txt.

name Easy ransomware, .easy extension virus
type Ransomware
Family Phobos
Encryption algorithm RSA-1024
Ransom note Two types of ransom notes are created, but they hold identical messages – info.hta and info.txt
Appended file extension .id[appointed user ID].[easybackup@aol.com].easy
Criminal contact details Assailants would like to be contacted either via email – easybackup@aol.com, or instant messaging app Telegram – @easybackup
Virus removal To eliminate a cyberthreat correctly, a professional anti-malware software should be used
system fix To maintain devices setting and system files in proper condition, system repair tools like the ReimageIntego app should be regularly used

As mentioned at the beginning of this article, Easy file virus belongs to an established Phobos ransomware family. It's not as vigorous as other ransomware families, but new variations are created constantly. Here are a few examples of the latest ones:

With ransom notes, ransomware developers try to intimidate and persuade their victims into meeting their demands by buying their decryption toolkits. Assailants try different techniques – by scaring their victims that they will never get their files back, offering free decryption of a couple of files, and so on. The culprit of this article send this message to its victims:

ATTENTION! ALL YOUR DATA ARE PROTECTED WITH RSA-1024 ALGORITHM
Your security system was vulnerable, so all of your files are encrypted.
If you want to restore them, contact us by e-mail: easybackup@aol.com
In the header of the letter, indicate your ID: –
In case of no answer in 24 hours write us to Telegram.org account: @easybackup

BE CAREFUL AND DO NOT DAMAGE YOUR DATA:
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Do not trust anyone! Only we have keys to your files! Without this keys restore your data is impossible

WE GUARANTEE A FREE DECODE AS A PROOF OF OUR POSSIBILITIES:
You can send us up to 5 files for free decryption.
Size of file must be less than 1 Mb (non archived). We don`t decrypt for test DATABASE, XLS and other important files.

DO NOT ATTEMPT TO DECODE YOUR DATA YOURSELF, YOU ONLY DAMAGE THEM AND THEN YOU LOSE THEM FOREVER
AFTER DECRYPTION YOUR SYSTEM WILL RETURN TO A FULLY NORMALLY AND OPERATIONAL CONDITION!

As soon as users' anti-malware tool detects this computer virus, it should be eliminated immediately. If ransom notes appear, then the only right thing to do is to acquire a professional anti-malware tool like SpyHunter 5Combo Cleaner or Malwarebytes and remove Easy ransomware ASAP.

Easy ransomware virusEasy ransomware is a computer virus that locks all personal files and then demands Bitcoin for their return

Ransomware has the capability of spreading to other devices connected to a network or devices connected to the computer, so don't think twice before it's too late. Before proceeding with Easy ransomware removal, export all encrypted files to external offline storage because there's always hope that a decryption tool will be created in the near future.

Before doing any data recovery, either from backups or with deciphering tools, users should correct all issues with system settings and system files. Experts[2] recommend using powerful system repair tools such as the ReimageIntego app or any similar software that would undo the sustained damage with a push of a button.

Avoiding ransomware spreading through spam emails

Cyberthieves are constantly developing new malicious software types and means to distribute them. Trojans, worms, and other kinds of malware can be delivered in many different ways, but one of the most common ways ransomware is spread is via spam email.

That's why when an email is received, users should be very attentive. The difference between a legitimate email and a spam email is in the details. Hover over the sender's name, check if the written name matches the original sender requisites. Look for grammatical errors and other inconsistencies.

Keep in mind that legit companies would never force you to visit their site immediately by clicking some link in their letter or send you “very important” information or updates within an unsolicited email attachment. These techniques are used to trick gullible people into opening these links/files and getting their devices infected.

Simple instructions for Easy ransomware removal from infected computers

VirusTotal research[3] shows that 60 out of 71 anti-virus engines have detected the virus and prevented computer systems from getting infected. This reaffirms the need for a trustworthy, professional anti-malware tool in all computers that are connected to the internet.

Here are a few examples of detection names that dependable anti-malware tools caught the cryptovirus:

  • Trojan.Ransom.Phobos
  • Gen:Variant.Ransom.Phobos.62 (B)
  • Ransom.Phobos
  • HEUR:Trojan.Win32.Generic
  • Ransom:Win32/Phobos.PC!MTB

Easy virusEasy ransomware sample was detected and stopped by many security solutions

If you have an anti-malware tool, but it failed to prevent the infection, that could mean that either it's out of date or not good enough. We recommend using reliable tools like SpyHunter 5Combo Cleaner and Malwarebytes not only for Easy ransomware removal but for overall cybersecurity level increasement.

Malware, especially cryptoviruses, tend to edit system settings such as the registry and other core files. Once victims remove Easy ransomware from their devices, it is highly recommended to use the ReimageIntego tool or software alike to undo whatever modifications the infection did to prolong its unwelcomed visit.

Offer
do it now!
Download
Reimage Happiness
Guarantee
Download
Intego Happiness
Guarantee
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage Intego, submit a question to our support team and provide as much details as possible.
Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

To remove Easy virus, follow these steps:

Remove Easy using Safe Mode with Networking

When anti-virus software fails to remove viruses in normal Windows mode, try rebooting your computer and starting it in Safe Mode with Networking

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove Easy

    Log in to your infected account and start the browser. Download ReimageIntego or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete Easy removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove Easy using System Restore

Infections could be eliminated with the help of System Restore

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of Easy. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with ReimageIntego and make sure that Easy removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Easy from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.

If your files are encrypted by Easy, you can use several methods to restore them:

.easy file recovery might be possible with Data Recovery Pro

This app might be a helpful tool when users decide to restore their data after eliminating the virus and cleaning their computer systems.

  • Download Data Recovery Pro;
  • Follow the steps of Data Recovery Setup and install the program on your computer;
  • Launch it and scan your computer for files encrypted by Easy ransomware;
  • Restore them.

Using Windows Previous Version Feature to recover files

This feature enables users to restore files to their previous versions.

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

Shadow Explorer can be used for data recovery

Shadow Explorer might restore .easy extension files to their previous version if Shadow Volume Copies weren't removed by the ransomware.

  • Download Shadow Explorer (http://shadowexplorer.com/);
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

No decryption tool is currently available

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Easy and other ransomwares, use a reputable anti-spyware, such as ReimageIntego, SpyHunter 5Combo Cleaner or Malwarebytes

Do not let government spy on you

The government has many issues in regards to tracking users' data and spying on citizens, so you should take this into consideration and learn more about shady information gathering practices. Avoid any unwanted government tracking or spying by going totally anonymous on the internet. 

You can choose a different location when you go online and access any material you want without particular content restrictions. You can easily enjoy internet connection without any risks of being hacked by using Private Internet Access VPN.

Control the information that can be accessed by government any other unwanted party and surf online without being spied on. Even if you are not involved in illegal activities or trust your selection of services, platforms, be suspicious for your own security and take precautionary measures by using the VPN service.

Backup files for the later use, in case of the malware attack

Computer users can suffer from data losses due to cyber infections or their own faulty doings. Ransomware can encrypt and hold files hostage, while unforeseen power cuts might cause a loss of important documents. If you have proper up-to-date backups, you can easily recover after such an incident and get back to work. It is also equally important to update backups on a regular basis so that the newest information remains intact – you can set this process to be performed automatically.

When you have the previous version of every important document or project you can avoid frustration and breakdowns. It comes in handy when malware strikes out of nowhere. Use Data Recovery Pro for the data restoration process.

About the author
Lucia Danes
Lucia Danes - Virus researcher

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Lucia Danes
About the company Esolutions

References

Your opinion regarding Easy ransomware