Easy ransomware (Virus Removal Guide) - Recovery Instructions Included

Easy virus Removal Guide

What is Easy ransomware?

Easy ransomware – a cryptovirus appending a complex extension to original filenames

Easy ransomwareEasy ransomware is a data-locker that demands ransom for a decryption tool

Easy ransomware is a computer virus developed to encrypt victim files on an infected device and demand a ransom through generated ransom notes. This cryptovirus derives from a well-known Phobos ransomware family that's been first spotted in October of 2017.

.easy file extension virus isn't an exception to how most ransomware works. The second it lands on a computer system, it scans the most frequently used files and starts encrypting them with RSA cipher.[1] During that process, all non-executable files, such as pictures, MS Office or other documents, archives, and so on, receive a new extension.

Original filenames are appended with a unique user ID, easybackup@aol.com (contact email of the cybercriminals), and .easy extension. After the encryption and renaming processes are completed, the cryptovirus generates ransom notes – info.hta and info.txt.

name Easy ransomware, .easy extension virus
type Ransomware
Family Phobos
Encryption algorithm RSA-1024
Ransom note Two types of ransom notes are created, but they hold identical messages – info.hta and info.txt
Appended file extension .id[appointed user ID].[easybackup@aol.com].easy
Criminal contact details Assailants would like to be contacted either via email – easybackup@aol.com, or instant messaging app Telegram – @easybackup
Virus removal To eliminate a cyberthreat correctly, a professional anti-malware software should be used
system fix To maintain devices setting and system files in proper condition, system repair tools like the FortectIntego app should be regularly used

As mentioned at the beginning of this article, Easy file virus belongs to an established Phobos ransomware family. It's not as vigorous as other ransomware families, but new variations are created constantly. Here are a few examples of the latest ones:

With ransom notes, ransomware developers try to intimidate and persuade their victims into meeting their demands by buying their decryption toolkits. Assailants try different techniques – by scaring their victims that they will never get their files back, offering free decryption of a couple of files, and so on. The culprit of this article send this message to its victims:

Your security system was vulnerable, so all of your files are encrypted.
If you want to restore them, contact us by e-mail: easybackup@aol.com
In the header of the letter, indicate your ID: –
In case of no answer in 24 hours write us to Telegram.org account: @easybackup

Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Do not trust anyone! Only we have keys to your files! Without this keys restore your data is impossible

You can send us up to 5 files for free decryption.
Size of file must be less than 1 Mb (non archived). We don`t decrypt for test DATABASE, XLS and other important files.


As soon as users' anti-malware tool detects this computer virus, it should be eliminated immediately. If ransom notes appear, then the only right thing to do is to acquire a professional anti-malware tool like SpyHunter 5Combo Cleaner or Malwarebytes and remove Easy ransomware ASAP.

Easy ransomware virusEasy ransomware is a computer virus that locks all personal files and then demands Bitcoin for their return

Ransomware has the capability of spreading to other devices connected to a network or devices connected to the computer, so don't think twice before it's too late. Before proceeding with Easy ransomware removal, export all encrypted files to external offline storage because there's always hope that a decryption tool will be created in the near future.

Before doing any data recovery, either from backups or with deciphering tools, users should correct all issues with system settings and system files. Experts[2] recommend using powerful system repair tools such as the FortectIntego app or any similar software that would undo the sustained damage with a push of a button.

Avoiding ransomware spreading through spam emails

Cyberthieves are constantly developing new malicious software types and means to distribute them. Trojans, worms, and other kinds of malware can be delivered in many different ways, but one of the most common ways ransomware is spread is via spam email.

That's why when an email is received, users should be very attentive. The difference between a legitimate email and a spam email is in the details. Hover over the sender's name, check if the written name matches the original sender requisites. Look for grammatical errors and other inconsistencies.

Keep in mind that legit companies would never force you to visit their site immediately by clicking some link in their letter or send you “very important” information or updates within an unsolicited email attachment. These techniques are used to trick gullible people into opening these links/files and getting their devices infected.

Simple instructions for Easy ransomware removal from infected computers

VirusTotal research[3] shows that 60 out of 71 anti-virus engines have detected the virus and prevented computer systems from getting infected. This reaffirms the need for a trustworthy, professional anti-malware tool in all computers that are connected to the internet.

Here are a few examples of detection names that dependable anti-malware tools caught the cryptovirus:

  • Trojan.Ransom.Phobos
  • Gen:Variant.Ransom.Phobos.62 (B)
  • Ransom.Phobos
  • HEUR:Trojan.Win32.Generic
  • Ransom:Win32/Phobos.PC!MTB

Easy virusEasy ransomware sample was detected and stopped by many security solutions

If you have an anti-malware tool, but it failed to prevent the infection, that could mean that either it's out of date or not good enough. We recommend using reliable tools like SpyHunter 5Combo Cleaner and Malwarebytes not only for Easy ransomware removal but for overall cybersecurity level increasement.

Malware, especially cryptoviruses, tend to edit system settings such as the registry and other core files. Once victims remove Easy ransomware from their devices, it is highly recommended to use the FortectIntego tool or software alike to undo whatever modifications the infection did to prolong its unwelcomed visit.

do it now!
Fortect Happiness
Intego Happiness
Compatible with Microsoft Windows Compatible with macOS
What to do if failed?
If you failed to fix virus damage using Fortect Intego, submit a question to our support team and provide as much details as possible.
Fortect Intego has a free limited scanner. Fortect Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Fortect, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

Getting rid of Easy virus. Follow these steps

Manual removal using Safe Mode

When anti-virus software fails to remove viruses in normal Windows mode, try rebooting your computer and starting it in Safe Mode with Networking

Important! →
Manual removal guide might be too complicated for regular computer users. It requires advanced IT knowledge to be performed correctly (if vital system files are removed or damaged, it might result in full Windows compromise), and it also might take hours to complete. Therefore, we highly advise using the automatic method provided above instead.

Step 1. Access Safe Mode with Networking

Manual malware removal should be best performed in the Safe Mode environment. 

Windows 7 / Vista / XP
  1. Click Start > Shutdown > Restart > OK.
  2. When your computer becomes active, start pressing F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
  3. Select Safe Mode with Networking from the list. Windows 7/XP
Windows 10 / Windows 8
  1. Right-click on Start button and select Settings.
  2. Scroll down to pick Update & Security.
    Update and security
  3. On the left side of the window, pick Recovery.
  4. Now scroll down to find Advanced Startup section.
  5. Click Restart now.
  6. Select Troubleshoot. Choose an option
  7. Go to Advanced options. Advanced options
  8. Select Startup Settings. Startup settings
  9. Press Restart.
  10. Now press 5 or click 5) Enable Safe Mode with Networking. Enable safe mode

Step 2. Shut down suspicious processes

Windows Task Manager is a useful tool that shows all the processes running in the background. If malware is running a process, you need to shut it down:

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Click on More details.
    Open task manager
  3. Scroll down to Background processes section, and look for anything suspicious.
  4. Right-click and select Open file location.
    Open file location
  5. Go back to the process, right-click and pick End Task.
    End task
  6. Delete the contents of the malicious folder.

Step 3. Check program Startup

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Go to Startup tab.
  3. Right-click on the suspicious program and pick Disable.

Step 4. Delete virus files

Malware-related files can be found in various places within your computer. Here are instructions that could help you find them:

  1. Type in Disk Cleanup in Windows search and press Enter.
    Disk cleanup
  2. Select the drive you want to clean (C: is your main drive by default and is likely to be the one that has malicious files in).
  3. Scroll through the Files to delete list and select the following:

    Temporary Internet Files
    Recycle Bin
    Temporary files

  4. Pick Clean up system files.
    Delete temp files
  5. You can also look for other malicious files hidden in the following folders (type these entries in Windows Search and press Enter):


After you are finished, reboot the PC in normal mode.

Remove Easy using System Restore

Infections could be eliminated with the help of System Restore

  • Step 1: Reboot your computer to Safe Mode with Command Prompt
    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of Easy. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with FortectIntego and make sure that Easy removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Easy from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.

If your files are encrypted by Easy, you can use several methods to restore them:

.easy file recovery might be possible with Data Recovery Pro

This app might be a helpful tool when users decide to restore their data after eliminating the virus and cleaning their computer systems.

  • Download Data Recovery Pro;
  • Follow the steps of Data Recovery Setup and install the program on your computer;
  • Launch it and scan your computer for files encrypted by Easy ransomware;
  • Restore them.

Using Windows Previous Version Feature to recover files

This feature enables users to restore files to their previous versions.

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

Shadow Explorer can be used for data recovery

Shadow Explorer might restore .easy extension files to their previous version if Shadow Volume Copies weren't removed by the ransomware.

  • Download Shadow Explorer (http://shadowexplorer.com/);
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

No decryption tool is currently available

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Easy and other ransomwares, use a reputable anti-spyware, such as FortectIntego, SpyHunter 5Combo Cleaner or Malwarebytes

How to prevent from getting ransomware

Do not let government spy on you

The government has many issues in regards to tracking users' data and spying on citizens, so you should take this into consideration and learn more about shady information gathering practices. Avoid any unwanted government tracking or spying by going totally anonymous on the internet. 

You can choose a different location when you go online and access any material you want without particular content restrictions. You can easily enjoy internet connection without any risks of being hacked by using Private Internet Access VPN.

Control the information that can be accessed by government any other unwanted party and surf online without being spied on. Even if you are not involved in illegal activities or trust your selection of services, platforms, be suspicious for your own security and take precautionary measures by using the VPN service.

Backup files for the later use, in case of the malware attack

Computer users can suffer from data losses due to cyber infections or their own faulty doings. Ransomware can encrypt and hold files hostage, while unforeseen power cuts might cause a loss of important documents. If you have proper up-to-date backups, you can easily recover after such an incident and get back to work. It is also equally important to update backups on a regular basis so that the newest information remains intact – you can set this process to be performed automatically.

When you have the previous version of every important document or project you can avoid frustration and breakdowns. It comes in handy when malware strikes out of nowhere. Use Data Recovery Pro for the data restoration process.

About the author
Lucia Danes
Lucia Danes - Virus researcher

If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Lucia Danes
About the company Esolutions