Indrik ransomware (Removal Instructions) - Quick Decryption Solution

by Alice Woods - - 2019-01-09 | Type: Ransomware

Indrik virus Removal Guide

Description Quick solution Instructions Prevention

What is Indrik ransomware?

Indrik ransomware is a generic type of data locking malware that uses AES cipher to lock up files

Indrik ransomware Indrik ransomware is a file locking virus that puts a dead line until the key to locked files is destroyed

Indrik ransomware is a newly-discovered crypto locker that was first spotted making rounds In early January 2019. The AES encryption algorithm helps malware to do its main purpose – encrypt files by modifying their structure, which means that all music, photos, videos, databases, documents become inaccessible. The virus appends .INDRIK extension and drops the ransom note # HOW TO DECRYPT YOUR FILES #.html which opens a message from Indrik ransomware authors. According to them, victims have a predetermined amount of time to buy some Bitcoins, contact criminals via indrik@tuta.io and indrik@airmail.cc and transfer them the digital money for the decryptor. Contacting or paying hackers is not recommended, as it will only fuel their urge to advance their script further and create more dangerous viruses for future attacks.

Name	Indrik
Type	Ransomware
First spotted	January 2019
Infiltration	Spam emails, repacked installers, fake updates, exploits, remote desktop attacks, etc.
Cipher used	AES
File extension	.INDRIK
Ransom note	# HOW TO DECRYPT YOUR FILES #.html
Contact	indrik@tuta.io and indrik@airmail.cc
Elimination	Use comprehensive security software and then scan your machine with RestoroIntego for virus damage fix

Ransomware infections like Indrik virus usually rely on various distribution methods to infect as many victims as possible – it increases the chances of payment, which is what the primary goal of hackers is. Most likely, users who got infected with the malware opened a malicious spam email attachment, clicked on a link, visited a high-risk website, used weak passwords, did not patch their software/system or had no security program installed.

Therefore, it is vital to take cybersecurity seriously, as neglecting it might lead to permanent data, as well as money, loss. However, if you already got infected, you will have to take care of Indrik ransomware removal. We explain full details below.

The infection starts rapidly. After the initial payload is executed, Indrik ransomware makes system changes, scans the machine for files to encrypt, locks it, and finally contacts C&C^[1] server to upload the ransom note to the victim. The ran some states the following:

What Happened to My Files
All your files have been encrypted using military grade encryption algorithm. Any attempt to decrypt or recovery your files else than use will cause permanent damage to your files. This means you will lose them forever. The only way you can decrypt your files is purchase your unique decryption tool from us.
YOU HAVE ONLY 7 DAYS FOR PURCHASE YOUR DCRYPTION TOOL BEFORE DESTROY ALL YOUR FILES”
It is not advised to use third party tools to decrypt, If we find them you, will forever lose your files.
What is Dead Line?
Its the last time that you have the opportunity to communicate with us.
AFTER THE COUNTDOWN FINISHED, THE LIFETIME OF YOUR FILES WILL GO DOWN TO ETERNAL DEATH
How Can Restore My Files?
For restore your files and return to the normal state. you must send your request to both the address indrlk@tuta.io and indrik@airmail.cc with the same subject.
NOTE THAT ADD THE 'UNIQUE IDENTIFICATOW IN THE TEXT OF EMAIL OR ATTACH '# HOW TO DECRYPT YOUR FILES #.HTML' FILE TO THE EMAIL
Also, in order to further trust us, we are ready to decrypt a single of your file less than 5 megabytes of size for free.

Crooks also include a “Dead Line” timer that allegedly represents point when the key to all personal data will be deleted. Whether or not it is true, we cannot say; however, we do not advise sending a file for test decryption or paying the ransom. Indrik ransomware developers can ask as much as $5,000 for the decryptor, although we also saw some hackers demanding as little as $20.

Regardless of how much they ask for, do not pay. Instead, remove Indrik ransomware with the help of anti-malware software and then proceed with the file recovery procedure. While the official decryptor is not created yet, you can restore your files from a backup.

Additionally, third-party software might help you get at least some of your data back. Finally, security experts work on the deciphering of different ransomware, so it might be just a matter of time before they will crack the code of Indrik ransomware.

Finally, we suggest you scan your PC with RestoroIntego – this software can repair all the damage done by the virus, fix system settings and restore Windows Registry.

Indrik is a ransomware-type virus that uses AES encryption to lock up files and demands ransom to be paid for their release

Ransomware authors use several tricks to propagate the virus

Regular users are generally careless when it comes to cybersecurity, as they think that malware infection is not plausible. However, getting your PC infected is not as rare occurrence as one might think: according to Barkly 2017 report, regular users are attacked by ransomware every 20 (Q1) and every 10 (Q3) seconds.^[2]Now, that is a lot of attacks, so a probability of getting infected rises.

However, there are several tips that experts^[3] say can help you protect yourself from ransomware infection:

install security software with real-time scanning feature;
do not open spam emails casually, check for phishing signs;^[4]
patch your system as soon as updates are released;
protect the RDP with strong passwords;
avoid visiting high-risk websites like torrent, file-sharing, gambling, porn, etc.;
do not fall for fake updates – download them from official sources only;

Indrik ransomware removal guide

Indrik virus might use certain obfuscation techniques that might prevent its elimination. Therefore, you might have to enter Safe Mode with Networking for a smooth Indrik ransomware removal. We explain the procedure below, so make sure you follow it carefully.

Nevertheless, we do not recommend you remove Indrik ransomware manually, as this procedure requires advanced IT knowledge. Besides, you might accidentally damage system files in the process, which will result in further OS corruption. Instead, rely on professional anti-malware solutions.

Offer

do it now!

Download
Restoro Happiness
Guarantee Download
Intego Happiness
Guarantee

Compatible with Microsoft Windows Compatible with macOS

What to do if failed?
If you failed to fix virus damage using Restoro Intego, submit a question to our support team and provide as much details as possible.

Restoro Intego has a free limited scanner. Restoro Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.

Restoro review | Terms of Use | Privacy policy | Refund Policy | Uninstall guide

Alternative Software

Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Restoro, try running SpyHunter 5.

Download SpyHunter 5 Review »

Malwarebytes

Alternative Software

Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

Download Combo Cleaner Review »

Getting rid of Indrik virus. Follow these steps

Manual removal using Safe Mode

To remove Indrik ransomware safely, enter Safe Mode with Networking:

Important! →
Manual removal guide might be too complicated for regular computer users. It requires advanced IT knowledge to be performed correctly (if vital system files are removed or damaged, it might result in full Windows compromise), and it also might take hours to complete. Therefore, we highly advise using the automatic method provided above instead.

Step 1. Access Safe Mode with Networking

Manual malware removal should be best performed in the Safe Mode environment.

Windows 7 / Vista / XP

Click Start > Shutdown > Restart > OK.
When your computer becomes active, start pressing F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
Select Safe Mode with Networking from the list.

Windows 10 / Windows 8

Right-click on Start button and select Settings.
Scroll down to pick Update & Security.
On the left side of the window, pick Recovery.
Now scroll down to find Advanced Startup section.
Click Restart now.
Select Troubleshoot.
Go to Advanced options.
Select Startup Settings.
Press Restart.
Now press 5 or click 5) Enable Safe Mode with Networking.

Step 2. Shut down suspicious processes

Windows Task Manager is a useful tool that shows all the processes running in the background. If malware is running a process, you need to shut it down:

Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
Click on More details.
Scroll down to Background processes section, and look for anything suspicious.
Right-click and select Open file location.
Go back to the process, right-click and pick End Task.
Delete the contents of the malicious folder.

Step 3. Check program Startup

Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
Go to Startup tab.
Right-click on the suspicious program and pick Disable.

Step 4. Delete virus files

Malware-related files can be found in various places within your computer. Here are instructions that could help you find them:

Type in Disk Cleanup in Windows search and press Enter.
Select the drive you want to clean (C: is your main drive by default and is likely to be the one that has malicious files in).
Scroll through the Files to delete list and select the following:

Temporary Internet Files
Downloads
Recycle Bin
Temporary files
Pick Clean up system files.
You can also look for other malicious files hidden in the following folders (type these entries in Windows Search and press Enter):

%AppData%
%LocalAppData%
%ProgramData%
%WinDir%

After you are finished, reboot the PC in normal mode.

Remove Indrik using System Restore

You can also try System Restore to stop the virus:

Step 1: Reboot your computer to Safe Mode with Command Prompt
Windows 7 / Vista / XP
1. Click Start → Shutdown → Restart → OK.
2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
3. Select Command Prompt from the list
Windows 10 / Windows 8
1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
2. Now select Troubleshoot → Advanced options → Startup Settings and finally press Restart.
3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window.
Step 2: Restore your system files and settings
1. Once the Command Prompt window shows up, enter cd restore and click Enter.
2. Now type rstrui.exe and press Enter again..
3. When a new window shows up, click Next and select your restore point that is prior the infiltration of Indrik. After doing that, click Next.
4. Now click Yes to start system restore.
Once you restore your system to a previous date, download and scan your computer with RestoroIntego and make sure that Indrik removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Indrik from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.

If your files are encrypted by Indrik, you can use several methods to restore them:

Recover your data

Data Recovery Pro might be useful while trying to recover data affected by .Indrik

Data Recovery Pro is a professional recovery software that might help you get at least some of your files back.

Download Data Recovery Pro;
Follow the steps of Data Recovery Setup and install the program on your computer;
Launch it and scan your computer for files encrypted by Indrik ransomware;
Restore them.

Windows Previous Versions Feature can help you with separate files

If you had System Restore enabled before the ransomware attack, you can bring some of your files back with the help of Windows Previous Versions Feature.

Find an encrypted file you need to restore and right-click on it;
Select “Properties” and go to “Previous versions” tab;
Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

Make use of ShadowExplorer

While most ransomware viruses aim to eliminate Shadow Volume copies, sometimes the procedure fails. In such a case, all your data can be returned with the help of ShadowExplorer.

Download Shadow Explorer (http://shadowexplorer.com/);
Follow a Shadow Explorer Setup Wizard and install this application on your computer;
Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

No decryptor is created yet

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Indrik and other ransomwares, use a reputable anti-spyware, such as RestoroIntego, SpyHunter 5Combo Cleaner or Malwarebytes

How to prevent from getting ransomware

Access your website securely from any location

When you work on the domain, site, blog, or different project that requires constant management, content creation, or coding, you may need to connect to the server and content management service more often. The best solution for creating a tighter network could be a dedicated/fixed IP address.

If you make your IP address static and set to your device, you can connect to the CMS from any location and do not create any additional issues for the server or network manager that needs to monitor connections and activities. VPN software providers like Private Internet Access can help you with such settings and offer the option to control the online reputation and manage projects easily from any part of the world.

Recover files after data-affecting malware attacks

While much of the data can be accidentally deleted due to various reasons, malware is one of the main culprits that can cause loss of pictures, documents, videos, and other important files. More serious malware infections lead to significant data loss when your documents, system files, and images get encrypted. In particular, ransomware is is a type of malware that focuses on such functions, so your files become useless without an ability to access them.

Even though there is little to no possibility to recover after file-locking threats, some applications have features for data recovery in the system. In some cases, Data Recovery Pro can also help to recover at least some portion of your data after data-locking virus infection or general cyber infection.

About the author

Alice Woods - Likes to teach users about virus prevention

If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Alice Woods
About the company Esolutions

References

^ Margaret Rouse. Command-and-control server (C&C server). WhatIs. Definitions about software applications and development.
^ Jonathan Crowe. Must-Know Ransomware Statistics 2017. Barkly. Endpoint Protection Platform.
^ ZonderVirus. 2-spyware. Cybersecurity news and articles.
^ 10 Tips on How to Identify a Phishing or Spoofing Email. Return Path. Experts in Email Deliverability.