Indrik ransomware is a generic type of data locking malware that uses AES cipher to lock up files

Indrik ransomware is a newly-discovered crypto locker that was first spotted making rounds In early January 2019. The AES encryption algorithm helps malware to do its main purpose – encrypt files by modifying their structure, which means that all music, photos, videos, databases, documents become inaccessible. The virus appends .INDRIK extension and drops the ransom note # HOW TO DECRYPT YOUR FILES #.html which opens a message from Indrik ransomware authors. According to them, victims have a predetermined amount of time to buy some Bitcoins, contact criminals via indrik@tuta.io and indrik@airmail.cc and transfer them the digital money for the decryptor. Contacting or paying hackers is not recommended, as it will only fuel their urge to advance their script further and create more dangerous viruses for future attacks.
| Name | Indrik |
| Type | Ransomware |
| First spotted | January 2019 |
| Infiltration | Spam emails, repacked installers, fake updates, exploits, remote desktop attacks, etc. |
| Cipher used | AES |
| File extension | .INDRIK |
| Ransom note | # HOW TO DECRYPT YOUR FILES #.html |
| Contact | indrik@tuta.io and indrik@airmail.cc |
| Elimination | Use comprehensive security software and then scan your machine with FortectIntego for virus damage fix |
Ransomware infections like Indrik virus usually rely on various distribution methods to infect as many victims as possible – it increases the chances of payment, which is what the primary goal of hackers is. Most likely, users who got infected with the malware opened a malicious spam email attachment, clicked on a link, visited a high-risk website, used weak passwords, did not patch their software/system or had no security program installed.
Therefore, it is vital to take cybersecurity seriously, as neglecting it might lead to permanent data, as well as money, loss. However, if you already got infected, you will have to take care of Indrik ransomware removal. We explain full details below.
The infection starts rapidly. After the initial payload is executed, Indrik ransomware makes system changes, scans the machine for files to encrypt, locks it, and finally contacts C&C[1] server to upload the ransom note to the victim. The ran some states the following:
What Happened to My Files
All your files have been encrypted using military grade encryption algorithm. Any attempt to decrypt or recovery your files else than use will cause permanent damage to your files. This means you will lose them forever. The only way you can decrypt your files is purchase your unique decryption tool from us.
YOU HAVE ONLY 7 DAYS FOR PURCHASE YOUR DCRYPTION TOOL BEFORE DESTROY ALL YOUR FILES”
It is not advised to use third party tools to decrypt, If we find them you, will forever lose your files.
What is Dead Line?
Its the last time that you have the opportunity to communicate with us.
AFTER THE COUNTDOWN FINISHED, THE LIFETIME OF YOUR FILES WILL GO DOWN TO ETERNAL DEATH
How Can Restore My Files?
For restore your files and return to the normal state. you must send your request to both the address indrlk@tuta.io and indrik@airmail.cc with the same subject.
NOTE THAT ADD THE 'UNIQUE IDENTIFICATOW IN THE TEXT OF EMAIL OR ATTACH '# HOW TO DECRYPT YOUR FILES #.HTML' FILE TO THE EMAIL
Also, in order to further trust us, we are ready to decrypt a single of your file less than 5 megabytes of size for free.
Crooks also include a “Dead Line” timer that allegedly represents point when the key to all personal data will be deleted. Whether or not it is true, we cannot say; however, we do not advise sending a file for test decryption or paying the ransom. Indrik ransomware developers can ask as much as $5,000 for the decryptor, although we also saw some hackers demanding as little as $20.
Regardless of how much they ask for, do not pay. Instead, remove Indrik ransomware with the help of anti-malware software and then proceed with the file recovery procedure. While the official decryptor is not created yet, you can restore your files from a backup.
Additionally, third-party software might help you get at least some of your data back. Finally, security experts work on the deciphering of different ransomware, so it might be just a matter of time before they will crack the code of Indrik ransomware.
Finally, we suggest you scan your PC with FortectIntego – this software can repair all the damage done by the virus, fix system settings and restore Windows Registry.

Ransomware authors use several tricks to propagate the virus
Regular users are generally careless when it comes to cybersecurity, as they think that malware infection is not plausible. However, getting your PC infected is not as rare occurrence as one might think: according to Barkly 2017 report, regular users are attacked by ransomware every 20 (Q1) and every 10 (Q3) seconds.[ref en- 2]Now, that is a lot of attacks, so a probability of getting infected rises.
However, there are several tips that experts[2] say can help you protect yourself from ransomware infection:
- install security software with real-time scanning feature;
- do not open spam emails casually, check for phishing signs;[3]
- patch your system as soon as updates are released;
- protect the RDP with strong passwords;
- avoid visiting high-risk websites like torrent, file-sharing, gambling, porn, etc.;
- do not fall for fake updates – download them from official sources only;
Indrik ransomware removal guide
Indrik virus might use certain obfuscation techniques that might prevent its elimination. Therefore, you might have to enter Safe Mode with Networking for a smooth Indrik ransomware removal. We explain the procedure below, so make sure you follow it carefully.
Nevertheless, we do not recommend you remove Indrik ransomware manually, as this procedure requires advanced IT knowledge. Besides, you might accidentally damage system files in the process, which will result in further OS corruption. Instead, rely on professional anti-malware solutions.
Was this guide helpful?
Be the first to comment