Easy ransomware (Virus Removal Guide) - Recovery Instructions Included
Easy virus Removal Guide
What is Easy ransomware?
Easy ransomware – a cryptovirus appending a complex extension to original filenames
Easy ransomware is a data-locker that demands ransom for a decryption tool
Easy ransomware is a computer virus developed to encrypt victim files on an infected device and demand a ransom through generated ransom notes. This cryptovirus derives from a well-known Phobos ransomware family that's been first spotted in October of 2017.
.easy file extension virus isn't an exception to how most ransomware works. The second it lands on a computer system, it scans the most frequently used files and starts encrypting them with RSA cipher.[1] During that process, all non-executable files, such as pictures, MS Office or other documents, archives, and so on, receive a new extension.
Original filenames are appended with a unique user ID, easybackup@aol.com (contact email of the cybercriminals), and .easy extension. After the encryption and renaming processes are completed, the cryptovirus generates ransom notes – info.hta and info.txt.
name | Easy ransomware, .easy extension virus |
---|---|
type | Ransomware |
Family | Phobos |
Encryption algorithm | RSA-1024 |
Ransom note | Two types of ransom notes are created, but they hold identical messages – info.hta and info.txt |
Appended file extension | .id[appointed user ID].[easybackup@aol.com].easy |
Criminal contact details | Assailants would like to be contacted either via email – easybackup@aol.com, or instant messaging app Telegram – @easybackup |
Virus removal | To eliminate a cyberthreat correctly, a professional anti-malware software should be used |
system fix | To maintain devices setting and system files in proper condition, system repair tools like the FortectIntego app should be regularly used |
As mentioned at the beginning of this article, Easy file virus belongs to an established Phobos ransomware family. It's not as vigorous as other ransomware families, but new variations are created constantly. Here are a few examples of the latest ones:
With ransom notes, ransomware developers try to intimidate and persuade their victims into meeting their demands by buying their decryption toolkits. Assailants try different techniques – by scaring their victims that they will never get their files back, offering free decryption of a couple of files, and so on. The culprit of this article send this message to its victims:
ATTENTION! ALL YOUR DATA ARE PROTECTED WITH RSA-1024 ALGORITHM
Your security system was vulnerable, so all of your files are encrypted.
If you want to restore them, contact us by e-mail: easybackup@aol.com
In the header of the letter, indicate your ID: –
In case of no answer in 24 hours write us to Telegram.org account: @easybackupBE CAREFUL AND DO NOT DAMAGE YOUR DATA:
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Do not trust anyone! Only we have keys to your files! Without this keys restore your data is impossibleWE GUARANTEE A FREE DECODE AS A PROOF OF OUR POSSIBILITIES:
You can send us up to 5 files for free decryption.
Size of file must be less than 1 Mb (non archived). We don`t decrypt for test DATABASE, XLS and other important files.DO NOT ATTEMPT TO DECODE YOUR DATA YOURSELF, YOU ONLY DAMAGE THEM AND THEN YOU LOSE THEM FOREVER
AFTER DECRYPTION YOUR SYSTEM WILL RETURN TO A FULLY NORMALLY AND OPERATIONAL CONDITION!
As soon as users' anti-malware tool detects this computer virus, it should be eliminated immediately. If ransom notes appear, then the only right thing to do is to acquire a professional anti-malware tool like SpyHunter 5Combo Cleaner or Malwarebytes and remove Easy ransomware ASAP.
Easy ransomware is a computer virus that locks all personal files and then demands Bitcoin for their return
Ransomware has the capability of spreading to other devices connected to a network or devices connected to the computer, so don't think twice before it's too late. Before proceeding with Easy ransomware removal, export all encrypted files to external offline storage because there's always hope that a decryption tool will be created in the near future.
Before doing any data recovery, either from backups or with deciphering tools, users should correct all issues with system settings and system files. Experts[2] recommend using powerful system repair tools such as the FortectIntego app or any similar software that would undo the sustained damage with a push of a button.
Avoiding ransomware spreading through spam emails
Cyberthieves are constantly developing new malicious software types and means to distribute them. Trojans, worms, and other kinds of malware can be delivered in many different ways, but one of the most common ways ransomware is spread is via spam email.
That's why when an email is received, users should be very attentive. The difference between a legitimate email and a spam email is in the details. Hover over the sender's name, check if the written name matches the original sender requisites. Look for grammatical errors and other inconsistencies.
Keep in mind that legit companies would never force you to visit their site immediately by clicking some link in their letter or send you “very important” information or updates within an unsolicited email attachment. These techniques are used to trick gullible people into opening these links/files and getting their devices infected.
Simple instructions for Easy ransomware removal from infected computers
VirusTotal research[3] shows that 60 out of 71 anti-virus engines have detected the virus and prevented computer systems from getting infected. This reaffirms the need for a trustworthy, professional anti-malware tool in all computers that are connected to the internet.
Here are a few examples of detection names that dependable anti-malware tools caught the cryptovirus:
- Trojan.Ransom.Phobos
- Gen:Variant.Ransom.Phobos.62 (B)
- Ransom.Phobos
- HEUR:Trojan.Win32.Generic
- Ransom:Win32/Phobos.PC!MTB
Easy ransomware sample was detected and stopped by many security solutions
If you have an anti-malware tool, but it failed to prevent the infection, that could mean that either it's out of date or not good enough. We recommend using reliable tools like SpyHunter 5Combo Cleaner and Malwarebytes not only for Easy ransomware removal but for overall cybersecurity level increasement.
Malware, especially cryptoviruses, tend to edit system settings such as the registry and other core files. Once victims remove Easy ransomware from their devices, it is highly recommended to use the FortectIntego tool or software alike to undo whatever modifications the infection did to prolong its unwelcomed visit.
Getting rid of Easy virus. Follow these steps
Manual removal using Safe Mode
When anti-virus software fails to remove viruses in normal Windows mode, try rebooting your computer and starting it in Safe Mode with Networking
Important! →
Manual removal guide might be too complicated for regular computer users. It requires advanced IT knowledge to be performed correctly (if vital system files are removed or damaged, it might result in full Windows compromise), and it also might take hours to complete. Therefore, we highly advise using the automatic method provided above instead.
Step 1. Access Safe Mode with Networking
Manual malware removal should be best performed in the Safe Mode environment.
Windows 7 / Vista / XP
- Click Start > Shutdown > Restart > OK.
- When your computer becomes active, start pressing F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
- Select Safe Mode with Networking from the list.
Windows 10 / Windows 8
- Right-click on Start button and select Settings.
- Scroll down to pick Update & Security.
- On the left side of the window, pick Recovery.
- Now scroll down to find Advanced Startup section.
- Click Restart now.
- Select Troubleshoot.
- Go to Advanced options.
- Select Startup Settings.
- Press Restart.
- Now press 5 or click 5) Enable Safe Mode with Networking.
Step 2. Shut down suspicious processes
Windows Task Manager is a useful tool that shows all the processes running in the background. If malware is running a process, you need to shut it down:
- Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
- Click on More details.
- Scroll down to Background processes section, and look for anything suspicious.
- Right-click and select Open file location.
- Go back to the process, right-click and pick End Task.
- Delete the contents of the malicious folder.
Step 3. Check program Startup
- Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
- Go to Startup tab.
- Right-click on the suspicious program and pick Disable.
Step 4. Delete virus files
Malware-related files can be found in various places within your computer. Here are instructions that could help you find them:
- Type in Disk Cleanup in Windows search and press Enter.
- Select the drive you want to clean (C: is your main drive by default and is likely to be the one that has malicious files in).
- Scroll through the Files to delete list and select the following:
Temporary Internet Files
Downloads
Recycle Bin
Temporary files - Pick Clean up system files.
- You can also look for other malicious files hidden in the following folders (type these entries in Windows Search and press Enter):
%AppData%
%LocalAppData%
%ProgramData%
%WinDir%
After you are finished, reboot the PC in normal mode.
Remove Easy using System Restore
Infections could be eliminated with the help of System Restore
-
Step 1: Reboot your computer to Safe Mode with Command Prompt
Windows 7 / Vista / XP- Click Start → Shutdown → Restart → OK.
- When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
- Select Command Prompt from the list
Windows 10 / Windows 8- Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
- Now select Troubleshoot → Advanced options → Startup Settings and finally press Restart.
- Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window.
-
Step 2: Restore your system files and settings
- Once the Command Prompt window shows up, enter cd restore and click Enter.
- Now type rstrui.exe and press Enter again..
- When a new window shows up, click Next and select your restore point that is prior the infiltration of Easy. After doing that, click Next.
- Now click Yes to start system restore.
Bonus: Recover your data
Guide which is presented above is supposed to help you remove Easy from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.If your files are encrypted by Easy, you can use several methods to restore them:
.easy file recovery might be possible with Data Recovery Pro
This app might be a helpful tool when users decide to restore their data after eliminating the virus and cleaning their computer systems.
- Download Data Recovery Pro;
- Follow the steps of Data Recovery Setup and install the program on your computer;
- Launch it and scan your computer for files encrypted by Easy ransomware;
- Restore them.
Using Windows Previous Version Feature to recover files
This feature enables users to restore files to their previous versions.
- Find an encrypted file you need to restore and right-click on it;
- Select “Properties” and go to “Previous versions” tab;
- Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.
Shadow Explorer can be used for data recovery
Shadow Explorer might restore .easy extension files to their previous version if Shadow Volume Copies weren't removed by the ransomware.
- Download Shadow Explorer (http://shadowexplorer.com/);
- Follow a Shadow Explorer Setup Wizard and install this application on your computer;
- Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
- Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.
No decryption tool is currently available
Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Easy and other ransomwares, use a reputable anti-spyware, such as FortectIntego, SpyHunter 5Combo Cleaner or Malwarebytes
How to prevent from getting ransomware
Do not let government spy on you
The government has many issues in regards to tracking users' data and spying on citizens, so you should take this into consideration and learn more about shady information gathering practices. Avoid any unwanted government tracking or spying by going totally anonymous on the internet.
You can choose a different location when you go online and access any material you want without particular content restrictions. You can easily enjoy internet connection without any risks of being hacked by using Private Internet Access VPN.
Control the information that can be accessed by government any other unwanted party and surf online without being spied on. Even if you are not involved in illegal activities or trust your selection of services, platforms, be suspicious for your own security and take precautionary measures by using the VPN service.
Backup files for the later use, in case of the malware attack
Computer users can suffer from data losses due to cyber infections or their own faulty doings. Ransomware can encrypt and hold files hostage, while unforeseen power cuts might cause a loss of important documents. If you have proper up-to-date backups, you can easily recover after such an incident and get back to work. It is also equally important to update backups on a regular basis so that the newest information remains intact – you can set this process to be performed automatically.
When you have the previous version of every important document or project you can avoid frustration and breakdowns. It comes in handy when malware strikes out of nowhere. Use Data Recovery Pro for the data restoration process.
- ^ RSA numbers. Wikipedia. The free encyclopedia.
- ^ Novirus. Novirus. Spyware news and security.
- ^ Virustotal. Virustotal. Suspicious file analysis.