Severity scale:  

Remove Erica Encoder ransomware (Decryption Steps Included) - Free Guide

removal by Linas Kiguolis - - | Type: Ransomware

Erica Encoder ransomware – the self-named cryptovirus that requires ransom in Bitcoin after the file encryption

Erica Encoder ransomwareErica Encoder ransomware is a threat that encodes files using the AES encryption algorithm and marks all the affected data, renames files using random characters and numbers. The appendix from random characters placed at the end of every file is needed to show the user which files got affected during the encryption. Since the main goal of criminals behind the threat is money, the ransom note HOW TO RESTORE ENCRYPTED FILES.txt is placed on the system immediately after the encryption with a message demanding for payment. That is written in Russian but also has a phrase in Ukranian. According to some researchers, it is believed that Erica Encoder is made by Ukranian hackers.

Ransom-demanding message insults users because of the short phrases placed through the text file, all state about the importance of backups, and calls the victim loser. This is a new threat, and Erica Encoder ransomware virus also gets called Erica2020 or Erica Encoder 2.0.1 ransomware because of the mentions in the same text file. Victims are encouraged to pay for virus creators because it is the only way to get back affected files, but contacting these criminals via provided, emails is not recommended.[1] You may get exposed to dangerous content and get additional malware instead of those decryption keys that hackers promise.

Name Erica Encoder ransomware
Danger The threat infects the targeted machine and makes common files useless by encrypting them. Criminals claim that the only way to bet files recovered is to pay the demanded amount in the ransom note. Additional processes running int he background affect the performance, and victims suffer from speed issues. Since many programs get disabled or differently affected, the computer may end up permanently damaged
Ransom note HOW TO RESTORE ENCRYPTED FILES.txt – a file that appears placed in various folders and on the desktop that criminals form for each victim with the unique ID that is needed for later decryption and victim identification
Email addresses,
File appendix Files affected by the threat get renamed with a long random name formed from numbers and letters and then appended with 4 or 6 character marker
Distribution Malicious advertisements, websites containing malware, and other online content can trigger payload droppers, but the main technique used for spreading such malware – file attachments injected with macro viruses. Such documents get added on various misleading emails and notifications posing as legitimate invoices or messages from companies and services
Elimination To remove Erica Encoder ransomware completely without affecting the machine further, you should employ anti-malware software with the malicious behavior-based detection[2] engine. Such tools can find and terminate crypto-malware for you
Optimization Unfortunately, all the changes made by this threat can interfere with the performance of the computer and damage the device significantly besides affecting the crucial functions. Get a PC repair tool or a cleaner like Reimage Reimage Cleaner Intego and make sure to run through system folders and preferences like startup or Windows registry

Erica Encoder ransomware is targeting Russian-speaking countries because the ransom message is initially written in this language with a few mentions in Ukranian. The sample of the threat got out there early January 2020 and is believed to be developed by Ukrainians because of the text note, including the traces of test encryption and some more Ukranian text. However, this threat can appear in any computer despite the country because distribution mainly involves random online content.

Erica Encoder ransomware demands money from victims in the ransom note file HOW TO RESTORE ENCRYPTED FILES.txt that displays this(translated from the original – Russian):

Erica Encoder 2.0.1


Hello again :*
I greet you again 

We know that you miss Us very much and decided to give you a present

We do not work in Russia, Ukraine and Kazakhstan


If you want to restore your worthless files, then write to Our mail and we will answer you

ZXJpY2FfZmlsZXNAcHJvdG9ubWFpbC5jb20 = (Base64) 

We give greetings to Fabian Sosar 1: 0 and the rest mentally retarded: *

Commonly, Russian-speakers get targeted by such malware due to political conflicts and general hate, but that doesn't mean Erica Encoder ransomware is not going to affect your machine if you are in another country of Europe or in the U.S. Cryptocurrency extortion-based threats are focusing on wide-spreading techniques and can end up on devices all over the world. You need to be cautious to avoid any infection no matter what. 

The infiltration happens without any notice because the payload of the virus gets dropped directly on the system. You may notice some speed issues or affected performance of the machine, but encryption is not the process that you can spot. Also, it happens quickly since Erica Encoder ransomware developers mainly focus on this.  Erica Encoder ransomware virusErica Encoder is a dangerous cryptovirus because it is developed by criminals who only care about blackmail. The scary and insulting message from developers and the initial encryption process makes Erica Encoder ransomware victims confused and concerned. That is understandable, but we cannot stress this enough – paying is not the best option. If you try to connect with threat actors and ask for more information or a straight-up decryption tool, they can provide you with a certain ransom amount that you need to pay or deliver you the malicious file that damages the computer further.

Other experts[3] all over the world and we note that it is better to remove Erica Encoder ransomware without keeping the contact with criminals. It is not an easy process, and it involves security software help, but you can clean the machine and recover your files without the intervention from malicious people. If you have file backups up to date, you should do that as soon as possible.

If not – make sure to collect those encrypted files with the hope of recovering them with a later-developed decryption tool before you terminate the malware using AV tools. When ransomware gets deleted, most of the files needed for decryption get also deleted, so keep that in mind. 

The particular Erica Encoder ransomware encrypts files using the AES encryption algorithm that allows the threat actors to change the original code of the image, document, video, audio file, database, or archive. There are no tools developed for the decryption, so the best way to recover those files is to restore them using safe copies stored on your external devices – backup.

Also, if you don't have backups that could help you with these encrypted files, rely on third-party software that can restore such affected data. Only do that after the proper Erica Encoder termination because any program or file related to malicious threat can lead to repeated encryption.

Once Erica Encoder virus is eliminated, and all the programs get disabled, removed from the machine, it is time to tackle virus damage on the machine. To do that properly without causing any damage to your machine, you should use a PC optimization tool or a repair software like Reimage Reimage Cleaner Intego. Programs like this can be helpful because Windows registry entries or system files affected by the malware may get repaired, and virus damage eliminated without any danger. If you try to alter startup preferences or registry entries, you can cause problems with essential PC functions.  Erica Encoder 2.0.1Erica Encoder ransomware - malware that alters common files and asks for payments. Do not consider paying and remove the threat as soon as you can instead.

Protecting yourself and your valuable data from crypto-extortion malware

Since there are tons of different malware types, distribution methods also go all over the place and depend on a particular virus, malicious campaigns, and malware developers. Ransomware is a category also has many ways that are commonly used to deliver the payload of such intruders.

One of the more common ones- spam email campaigns when legitimate-looking emails are received and include attachments injected with malicious scripts directly or macro malware that is designed to trigger the drop on the machine with a few clicks. You need to note that any email that is not expected can deliver malware and delete suspicious notifications as you get them.

Also, a few red flags to look out for:

  • grammar mistakes in emails;
  • shortened links in the notification itself;
  • typos or slightly altered names of well-known companies;
  • invoices, receipts, order details got from services you don't use.

Terminate Erica Encoder ransomware and clean virus damage with professional tools to avoid infection repetition

Erica Encoder ransomware virus is not a simple threat because it involves encryption, file altering functions, and blackmailing victims directly. Additionally to the primary encoding function, this threat interferes with crucial settings, disable functions helpful for virus termination, and file recovery, so the victim has fewer solutions.

These symptoms can make people frustrated and desperate to find the best way to remove Erica Encoder ransomware. Unfortunately, since security tools get blocked or disabled and programs designed to fight against malware cannot work correctly there are some steps you need to take additionally.

We have listed a few methods below, like Safe Mode and System Restore, that can help to achieve better results of Erica Encoder ransomware removal. An additional recommendation is to choose a trustworthy anti-malware tool for system scanning. Reimage Reimage Cleaner Intego, SpyHunter 5Combo Cleaner, Malwarebytes can also help to tackle virus damage and repair affected system parts.

do it now!
Reimage Happiness
Intego Happiness
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage Intego, submit a question to our support team and provide as much details as possible.
Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

To remove Erica Encoder virus, follow these steps:

Remove Erica Encoder using Safe Mode with Networking

Reboot the machine in Safe Mode with Networking and then remove Erica Encoder ransomware from the machine using AV tools

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove Erica Encoder

    Log in to your infected account and start the browser. Download Reimage Reimage Cleaner Intego or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete Erica Encoder removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove Erica Encoder using System Restore

Rely on System Restore feature that allows recovering the machine in a previous state to terminate the threat

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of Erica Encoder. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage Reimage Cleaner Intego and make sure that Erica Encoder removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Erica Encoder from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by security experts.

If your files are encrypted by Erica Encoder, you can use several methods to restore them:

Data Recovery Pro is the program that can make your files useful again

To restore encrypted data or accidentally deleted files, you should get a tool that is capable to do so

  • Download Data Recovery Pro;
  • Follow the steps of Data Recovery Setup and install the program on your computer;
  • Launch it and scan your computer for files encrypted by Erica Encoder ransomware;
  • Restore them.

Windows Previous Versions can help with files affected by Erica Encoder ransomware

When System Restore gets enabled, Windows Previous Versions can be used for file recovery

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

ShadowExplorer method for encrypted data

When malware like Erica Encoder ransomware is leaving Shadow Volume Copies untouched, you can rely on ShadowExplorer

  • Download Shadow Explorer (;
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

Decryption tool for Erica Encoder ransomware is not developed yet

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Erica Encoder and other ransomwares, use a reputable anti-spyware, such as Reimage Reimage Cleaner Intego, SpyHunter 5Combo Cleaner or Malwarebytes

Do not let government spy on you

The government has many issues in regards to tracking users' data and spying on citizens, so you should take this into consideration and learn more about shady information gathering practices. Avoid any unwanted government tracking or spying by going totally anonymous on the internet. 

You can choose a different location when you go online and access any material you want without particular content restrictions. You can easily enjoy internet connection without any risks of being hacked by using Private Internet Access VPN.

Control the information that can be accessed by government any other unwanted party and surf online without being spied on. Even if you are not involved in illegal activities or trust your selection of services, platforms, be suspicious for your own security and take precautionary measures by using the VPN service.

Backup files for the later use, in case of the malware attack

Computer users can suffer from data losses due to cyber infections or their own faulty doings. Ransomware can encrypt and hold files hostage, while unforeseen power cuts might cause a loss of important documents. If you have proper up-to-date backups, you can easily recover after such an incident and get back to work. It is also equally important to update backups on a regular basis so that the newest information remains intact – you can set this process to be performed automatically.

When you have the previous version of every important document or project you can avoid frustration and breakdowns. It comes in handy when malware strikes out of nowhere. Use Data Recovery Pro for the data restoration process.

About the author
Linas Kiguolis
Linas Kiguolis - Expert in social media

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Linas Kiguolis
About the company Esolutions


Your opinion regarding Erica Encoder ransomware