F1220@tuta.io ransomware (Removal Guide) - Decryption Steps Included

by Jake Doevan - - 2018-09-28 | Type: Ransomware

F1220@tuta.io virus Removal Guide

Description Quick solution Instructions Prevention

What is F1220@tuta.io ransomware?

F1220@tuta.io – a ransom-demanding virus which offers free decryption of three files

F1220@tuta.io virus F1220@tuta.io is a ransomware virus which renames the file by using random characters.

F1220@tuta.io is a dangerous file locking virus which appears to be a new variant of the Scarab ransomware family. This threat also spreads via phishing messages and modifies the Windows Registry^[1] to start its damaging activity. F1220@tuta.io virus encrypts files by using unique algorithms such as AES or RSA and renames the locked document by adding random characters. Moreover, this cyber threat produces a ransom-demanding message named HOW TO RECOVER ENCRYPTED FILES.TXT which urges for Bitcoin in exchange for the unlocking tool and offers free decryption of three small files. Furthermore, the note provides f1220@tuta.io and f1220@mail.ee email addresses which are the way to contact the criminals.

Name	F1220@tuta.io
Related to	Scarab ransomware
Category	Ransomware
Extension	Renames the encrypted file by using random characters
Ransom message	HOW TO RECOVER ENCRYPTED FILES.TXT
Ransom	No particular price is given, however, the crook urges for Bitcoin cryptocurrency
Email addresses	f1220@tuta.io and f1220@mail.ee
Encryption code	RSA/AES
Offers	Criminals offer three files for free decryption
Distribution	Phishing emails are the most common ransomware spreading source
Damage fixing	Fix the damage done by this ransomware by installing FortectIntego

Once installed, F1220@tuta.io ransomware^[2] uses unique ciphers to lock up important documents. Such codes differ each time when the virus infects a different user. This is the main reason why decryption keys are almost impossible to discover even for highly-experienced tech experts. Nevertheless, all keys are stored on remote servers which makes them unreachable for other people, except the criminals themselves.

The F1220@tuta.io ransom message looks like this:

Your files are now encrypted!

Your personal identifier: –
All your files have been encrypted due to a security problem with your PC.

Now you should send us email with your personal identifier.
This email will be as confirmation you are ready to pay for decryption key.
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us.
After payment we will send you the decryption tool that will decrypt all your files.

Contact us using this email address: f1220@tuta.io, f1220@mail.ee

Free decryption as guarantee!
Before paying you can send us up to 3 files for free decryption.
The total size of files must be less than 10Mb (non archived), and files should not contain
valuable information (databases, backups, large excel sheets, etc.).

How to obtain Bitcoins?
* The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click
'Buy bitcoins', and select the seller by payment method and price:
https://localbitcoins.com/buy_bitcoins
* Also you can find other places to buy Bitcoins and beginners guide here:
http://www.coindesk.com/information/how-can-i-buy-bitcoins

Attention!
* Do not rename encrypted files.
* Do not try to decrypt your data using third party software, it may cause permanent data loss.
* Decryption of your files with the help of third parties may cause increased price
(they add their fee to our) or you can become a victim of a scam.

Crooks who spread viruses such as F1220@tuta.io ransomware may not always provide particular details about the ransom price. However, in almost all cases, criminals demand cryptocurrency such as Bitcoin, Ethereum, Monero, and others, only. Such cryptocurrency transfers give strong guarantees that the entire transfering process will remain safe and untrackable.

If you overcome this ransomware infection, you need to remove F1220@tuta.io virus from your computer system instantly. After you do that, you can fix the damage done by this cyber threat by using FortectIntego or any other similar anti-malware tool if you are likely too. Make sure you do not perform the data recovery method before you eliminate the infection. Get rid of the virus first and then check out our suggested third-party software for file restoring.

Another reason to complete the F1220@tuta.io removal is that some ransomware-related viruses have an ability to open paths for other malware forms to spread easily. In some cases, you can get your computer system infected even with a Trojan^[3]. If such thing happens, the elimination process will become even more difficult to perform. So, please be aware of such possible consequences and terminate the infection ASAP.

F1220@tuta.io is a virus which is a new version of Scarab ransomware.

Take precautionary measures against ransomware infections

According to malware experts^[4], ransomware has one main distribution source – spam emails. Cybercriminals often drop dubious messages to numerous random users. Such emails come with harmful attachments, which once opened, launch the virus-related content straightly to the victim's computer system. So, if you ever overcome a suspicious-looking email from a questionable sender – better eliminate it permanently for your own safety.

Moreover, you should avoid visiting third-party websites, for example, P2P networks. These pages can include damaging content which might be a hidden virus. For automatical computer protection, we advise investing in a reliable antivirus program. Computer security software is necessary for every user as it keeps the computer system protected all the time if updated regularly.

Terminate F1220@tuta.io ransomware

If you want to remove F1220@tuta.io virus from your computer system, you need to download and install a reliable anti-malware tool and perform the elimination process. After you do that, we suggest using FortectIntego, SpyHunter 5Combo Cleaner, or Malwarebytes to fix the damage that was done by the ransomware infection. Note that, manual elimination is not possible for this case as the virus might be too hard to remove on your own.

After you perform the F1220@tuta.io removal, you should not forget to complete some system backups to make sure that all virus-related content was disabled correctly. Moreover, you can start thinking about the data recovery process. We have provided some methods which might be helpful in this case. You can find them below this article.

Offer

do it now!

Download
Fortect Happiness
Guarantee Download
Intego Happiness
Guarantee

Compatible with Microsoft Windows Compatible with macOS

What to do if failed?
If you failed to fix virus damage using Fortect Intego, submit a question to our support team and provide as much details as possible.

Fortect Intego has a free limited scanner. Fortect Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.

Fortect review | Terms of Use | Privacy policy | Refund Policy | Uninstall guide

Alternative Software

Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Fortect, try running SpyHunter 5.

Download SpyHunter 5 Review »

Malwarebytes

Alternative Software

Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

Download Combo Cleaner Review »

Getting rid of F1220@tuta.io virus. Follow these steps

Manual removal using Safe Mode

Reboot your computer to Safe Mode with Networking by using these guiding steps:

Important! →
Manual removal guide might be too complicated for regular computer users. It requires advanced IT knowledge to be performed correctly (if vital system files are removed or damaged, it might result in full Windows compromise), and it also might take hours to complete. Therefore, we highly advise using the automatic method provided above instead.

Step 1. Access Safe Mode with Networking

Manual malware removal should be best performed in the Safe Mode environment.

Windows 7 / Vista / XP

Click Start > Shutdown > Restart > OK.
When your computer becomes active, start pressing F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
Select Safe Mode with Networking from the list.

Windows 10 / Windows 8

Right-click on Start button and select Settings.
Scroll down to pick Update & Security.
On the left side of the window, pick Recovery.
Now scroll down to find Advanced Startup section.
Click Restart now.
Select Troubleshoot.
Go to Advanced options.
Select Startup Settings.
Press Restart.
Now press 5 or click 5) Enable Safe Mode with Networking.

Step 2. Shut down suspicious processes

Windows Task Manager is a useful tool that shows all the processes running in the background. If malware is running a process, you need to shut it down:

Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
Click on More details.
Scroll down to Background processes section, and look for anything suspicious.
Right-click and select Open file location.
Go back to the process, right-click and pick End Task.
Delete the contents of the malicious folder.

Step 3. Check program Startup

Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
Go to Startup tab.
Right-click on the suspicious program and pick Disable.

Step 4. Delete virus files

Malware-related files can be found in various places within your computer. Here are instructions that could help you find them:

Type in Disk Cleanup in Windows search and press Enter.
Select the drive you want to clean (C: is your main drive by default and is likely to be the one that has malicious files in).
Scroll through the Files to delete list and select the following:

Temporary Internet Files
Downloads
Recycle Bin
Temporary files
Pick Clean up system files.
You can also look for other malicious files hidden in the following folders (type these entries in Windows Search and press Enter):

%AppData%
%LocalAppData%
%ProgramData%
%WinDir%

After you are finished, reboot the PC in normal mode.

Remove F1220@tuta.io using System Restore

Turn on the System Restore feature to deactivate the ransomware virus:

Step 1: Reboot your computer to Safe Mode with Command Prompt
Windows 7 / Vista / XP
1. Click Start → Shutdown → Restart → OK.
2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
3. Select Command Prompt from the list
Windows 10 / Windows 8
1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
2. Now select Troubleshoot → Advanced options → Startup Settings and finally press Restart.
3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window.
Step 2: Restore your system files and settings
1. Once the Command Prompt window shows up, enter cd restore and click Enter.
2. Now type rstrui.exe and press Enter again..
3. When a new window shows up, click Next and select your restore point that is prior the infiltration of F1220@tuta.io. After doing that, click Next.
4. Now click Yes to start system restore.
Once you restore your system to a previous date, download and scan your computer with FortectIntego and make sure that F1220@tuta.io removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove F1220@tuta.io from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.

Recover locked data by trying our suggested methods. It is better to try all other options than paying the demanded ransom as you risk being scammed.

If your files are encrypted by F1220@tuta.io, you can use several methods to restore them:

Recover your data

Try Data Recovery Pro and restore important documents:

This data restoring method might be helpful if you use it as shown in the instructions.

Download Data Recovery Pro;
Follow the steps of Data Recovery Setup and install the program on your computer;
Launch it and scan your computer for files encrypted by F1220@tuta.io ransomware;
Restore them.

Maybe Windows Previous Versions feature will be helpful in data recovery:

This method will work only if you have enabled the System Restore feature before the ransom attack emerged.

Find an encrypted file you need to restore and right-click on it;
Select “Properties” and go to “Previous versions” tab;
Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

Try using Shadow Explorer if the virus did not erase Shadow Volume Copies of corrupted data:

However, if the Shadow Volume Copies of your locked files were erased or damaged in a certain way, there are almost no chances that this method will work.

Download Shadow Explorer (http://shadowexplorer.com/);
Follow a Shadow Explorer Setup Wizard and install this application on your computer;
Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

There is no official decryptor found yet.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from F1220@tuta.io and other ransomwares, use a reputable anti-spyware, such as FortectIntego, SpyHunter 5Combo Cleaner or Malwarebytes

How to prevent from getting ransomware

Choose a proper web browser and improve your safety with a VPN tool

Online spying has got momentum in recent years and people are getting more and more interested in how to protect their privacy online. One of the basic means to add a layer of security – choose the most private and secure web browser. Although web browsers can't grant full privacy protection and security, some of them are much better at sandboxing, HTTPS upgrading, active content blocking, tracking blocking, phishing protection, and similar privacy-oriented features. However, if you want true anonymity, we suggest you employ a powerful Private Internet Access VPN – it can encrypt all the traffic that comes and goes out of your computer, preventing tracking completely.

Lost your files? Use data recovery software

While some files located on any computer are replaceable or useless, others can be extremely valuable. Family photos, work documents, school projects – these are types of files that we don't want to lose. Unfortunately, there are many ways how unexpected data loss can occur: power cuts, Blue Screen of Death errors, hardware failures, crypto-malware attack, or even accidental deletion.

To ensure that all the files remain intact, you should prepare regular data backups. You can choose cloud-based or physical copies you could restore from later in case of a disaster. If your backups were lost as well or you never bothered to prepare any, Data Recovery Pro can be your only hope to retrieve your invaluable files.

About the author

Jake Doevan - Computer technology expert

If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Jake Doevan
About the company Esolutions

References

^ Registry. Computer Hope. Free computer help since 1998.
^ Ransomware. Wikipedia. The free encyclopedia.
^ What is a Trojan Virus?. Kaspersky Lab. IT info.
^ Virusai.lt. Virusai. Spyware news site.