Esexz ransomware – a cryptovirus claiming that it has stolen data in addition to encrypting it

Esexz ransomware is a type of malware that encrypts non-system data on an infected computer with strong coding algorithms, renames the files by appending .esexz extension to original filenames, and generates a ransom note, titled readme.txt, which is placed directly on the desktop so it can be easily found. You can also find the text file in folders with data that got encoded. Once this is done files are inaccessible and cannot be opened.
If you've spotted any of these symptoms, that means your computer is infected with Esexz ransomware virus. This article contains the infection summary, its distribution techniques, and ways to remove it. You can find the alternatives for the decryption since there are no official tools below the article where the virus removal guide is placed. The best way to restore files after such infection – data backups and copies of those files that got encoded.
First and foremost, ransomware victims shouldn't contact its developers by the provided emails (costestu@cock.li, setestco@protonmail.com, zetterlow@tutanota.com). Paying is not the solution since you might end up without money and with locked or even permanently damaged files. Although data recovery might be impossible without their key, ransomware attacks can be stopped only if the victims stop paying their assailants.
| name | Esexz ransomware |
|---|---|
| type | Ransomware |
| Appended file extension | .esexz |
| Ransom note | readme.txt |
| Distribution | Spam emails, deceptive ads, torrent websites |
| additional info | Cybercriminals claim that they have stolen data, and it might be leaked if the ransom isn't paid |
| Criminal contact details | costestu@cock.li, setestco@protonmail.com, zetterlow@tutanota.com |
| Virus removal | To properly eliminate a virus, it has to be removed with trustworthy anti-malware tools. It might be difficult due to ransomware damage, so rely on the guide below |
| System repair | Victims should use the FortectIntego tool or other powerful system repair app to restore their devices system files and settings back to normal |
Ransomware has been floating on the internet for a while now. There various ransomware families, and new variations are detected every day. Some of it targets big corporations, while others like DeroHe, Dis, Wbxd, are meant to infect everyday users' computers.
The best way to protect yourself from ransomware and malware alike is to acquire professional anti-malware software, such as SpyHunterCombo Cleaner or MalwarebytesMalwarebytes. If their virus databases are frequently updated, then these types of apps could prevent such nightmares. The tool detects and removes pieces of the cryptovirus, so the encryption cannot be launched again.
With its ransom note, readme.txt, developers of Esexz ransomware virus try to scare their victims using different techniques. They claim that files were stolen and can be made public if the ransom isn't paid and that the only way to retrieve the encrypted files is by purchasing their decryption tool.
Both threats might be true, but also, criminals are criminals for a reason, and thus they can be bluffing. Whatever the case is, victims of this cyber attack should remove Esexz ransomware from their encrypted devices as soon as possible. The best way to do it is by using trustworthy anti-malware software.

And since file-locking parasites often make various alterations to system files and settings, such as the registry, we highly advise the users to use the FortectIntego tool or similar system repair apps right after ransomware removal to take care of the issues. When left unattended, they might result in freezing, crashing, and other system performance problems.
This message is delivered within readme.txt ransom note:
Your ID:
Congrats! I have a bad news for you. All of yours data has been encrypted&stollen_!_
Also there is a good news – there is the one and the only who can help you to restore
yours Data ( u need to write here about restoring yours data, and write in the subject
of the letter yours ID : costestu@cock.li, setestco@protonmail.com, zetterlow@tutanota.com)
As faster you are – depends on discount of price. As slower
you are – depends on higher price. Don't forget about stollen data its can become public_!_(depends on also on you)
Also dear, you must know that it's impossible to restore infected computers by
yourself\somebody else_!_
As a proof for test, in a letter u can upload 3 files not bigger than 10 mb not contains important or secure info.
Spam emails and torrent sites – leaders of ransomware distribution
Ransomware is just one type of malware that can infect computers without proper security. Cybercriminals use many techniques to distribute their creations, from Remote Desktop Protocol (RDP) attacks[1] to drive-by downloads.[2] But our research suggests that the two most popular methods are spam emails and torrent sites.

Spam emails can look like legitimate letters from your bank, shipping/shopping company, etc., but actually, they might contain virus payload files in their attachments or hyperlinks. Check for any inconsistencies, such as grammatical errors, pushing to do something urgently, not addressing you by your full name, and others. If any of these are spotted, please refrain from downloading any attachments or opening any provided links.
File-sharing platforms, especially torrent sites, have become a hothouse for ransomware. Cybercriminals prefer this spreading technique because it doesn't require much effort. Created malware is named as something that would attract attention, e.g., crack for the latest game, unlocked commercial software, and uploaded. We advise our readers to refrain from visiting these types of sites, or they could download much more than they expected.
Guidelines for Esexz ransomware virus removal and system repair
There's no place for malware in anyone's computer. If you've got infected with ransomware, thank you for trusting us as your removal experts. You have to start by copying all essential encrypted files to offline storage. There's no decryption tool available at the moment, but it could be created sooner or later.
Then download and install any of these two professional anti-malware tools – SpyHunterCombo Cleaner, MalwarebytesMalwarebytes. Launch the application and run a full system scan. Remove ransomware and all other suspicious files that the software detects. It is worth to mention that sometimes malware can prevent anti-malware tools from opening.
If that happened to you, then reboot Windows in Safe Mode with Networking. Then you can launch the antivirus program without interruptions and eliminate Esexz file virus yourself. If you're not sure how to do that, see our detailed guide below this chapter.
Once Esexz ransomware removal is finished, users should take care of the overall system's health since file-locking viruses tend to corrupt them. Cybersecurity experts at Virusi.hr[3] suggest all ransomware victims to use the FortectIntego system repair application to fix any system irregularities that the infection might have done.
Was this guide helpful?
Be the first to comment