Severity scale:  
  (99/100)

Remove .no_more_ransom file virus (Free Instructions) - updated Feb 2019

removal by Julie Splinters - - | Type: Ransomware

No_more_ransom file virus is ransomware related to Shade and, most recently, Rapid cryptovirus

.no_more_ransom file virus

Questions about .no_more_ransom file virus

No_more_ransom ransomware is a dangerous cyber threat which belongs to virus category which can encrypt users' files and make them unusable.[1] While previously, the .no_more_ransom file extension was used by the notorious Shade ransomware, the recent examples have been found to relate to the Rapid ransomware. Besides other major improvements, the virus changed the file extension and now is appending .no_more_ransom file extension to the encrypted data which seems to be an evil joke related to the NoMoreRansom project which has been helping users to avoid paying ransoms. All files found are locked by using unique AES-CBC 256 and RSA-2048 encryption algorithms[2] which are safely stored on unreachable remote servers. After having their files encrypted, all victims also receive the ransom note named as README.txt which is used to urge the infected users to contact cyber criminals by using the given email address.

Name No_more_ransom
Type Ransomware
Relations Shade ransomware/Rapid ransomware
Ransom message README.txt
Appendix .no_more_ransom
Algorithm AES 256 and RSA-2048
Email lukyan.sazonov26@gmail.com
Other viruses Another virus behind this name might be related to Rapid ransomware
Detection possibilities Use Reimage to detect the cyber threat

The .no_more_ransom extension showed up when Shade virus decided to come up with its revival. Shade has been exceptionally targeting users from Russia and has been compared to previously-known Locky and Cerber 4.1.6. However, in 2019 all these viruses seem to be still.

Shade ransomware has been using numerous extensions such as .7h9r, .xtbl, .ytbl, .da_vinci_code, and the .no_more_ransom extension is considered to be the latest one. The hackers made the current version more damaging as it was set to use a RAT tool[3] which, on its behalf, helps to install Teamspy spying trojan.

With its help, the crooks were able to access users' device remotely and identify how much money they can pay for the encrypted data. Likewise, .no_more_ransom ransomware was mostly been used to infect governmental agencies and corporations. The recent versions continued employing RSA-2048 and AES-CBC 256 algorithm to encode the data. After the infiltration process was completed, the ransom README.txt message emerged.

It stated that all your files have been encrypted and that any attempt to recover the files other than remitting the payment may lead to the loss of files. It is not surprising as such threatening messages have been often seen in the ransom text file. Later on, the victim was asked to send his/her unique code to lukyan.sazonov26@gmail.com. According to the instructions, you should follow access Tor network only in the case if the crooks fail to respond to you within 48 hours.

.no_more_ransom virus
.no_more_ransom is a ransomware virus which displays a ransom message that is named README.txt

The recent turn of No_more_ransomware

Recently, .no_more_ransom extension has started appearing in the activity of other well-known cyber threat – Rapid ransomware. As a result, sometimes you might run into difficulty while trying to identify which virus occupied your system. However, Rapid virus mostly uses different ransom notes named as How Decrypt Files.txt, Of Recovery files.txt, and others. Additionally, you can always use a strong antivirus program to detect the malware which is responsible for damaging activities on your PC.

In short, remove .no_more_ransom virus right away. There is no time for hesitation in this situation as you need to take actions immediately. You might find ransomware very dangerous cyber threats not only because of permanent data loss but also because some of their kind are possible of making the system vulnerable to other infections and injecting other serious and damaging malware.

For the .no_more_ransom removal, you should choose only reliable anti-malware programs as this is the only way to safely succeed in the elimination process. Additionally, we suggest detecting all malware-laden components in the system in order to get rid of the cyber threat for good. Try using a tool such as Reimage to complete this process. Talking about data recovery purposes, you can find some detailed instructions for some file restoring techniques below this article.

.no_more_ransom ransomware
.no_more_ransom file virus appears to be a sneaky ransomware virus which targets mostly Russian-speaking users

The distribution peculiarities of the ransomware

We have already warned in the several posts that the crooks use persuasive techniques to encourage victims to open certain attachments. One of the infected emails may contain a .doc or .dll file. Fortunately, in the later versions of Windows OS, the macros settings are disabled by default. As a result, the file asks you to enable them.

When you notice any suspicious emails in your Inbox folder, do not open any attachments and scan your device with powerful security applications. They are the main tools guarding your operating system in case the ransomware tries to infect the operating system via exploit kits.

Additionally, crooks plant ransomware-related components in vulnerable websites. Peer-to-peer networks[4] are known for their lack of security. This is the main factor which allows various cybercriminals to inject hazardous payload in third-party websites, their hyperlinks, advertising posts, and similar locations.

According to cybersecurity experts from SemVirus.pt,[5] once entering a website, always make sure that it is safe to browse on. If you doubt the security of a particular page – better eliminate it the same minute and never return again. Additionally, you can get antivirus software on your computer for automatical protection. This tool will allow you to perform regular system scans and prevent possible malware infections.

.no_more_ransom extension virus detailed elimination steps

Obviously, the crooks used this ransomware as the mocking response to the joint cyber campaign launched against Shade virus by Europol, Kaspersky Lab, et al. The very campaign was called “No More Ransom.” In this intense cyber battle between the virus researchers and cybercriminals, users have to find a way how to remove .no_more_ransom virus on time.

Security tools such as Reimage or Malwarebytes will help you with the detection of all malware-related content and help you eliminate the cyber threat completely. After the .no_more_ransom removal, you might consider file recovery options. If you encounter any types of difficulties in the cyber threat elimination process, use the below-displayed guidelines to regain the full control of your computer.

Offer
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to remove virus damage. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with SpyHunter 5.
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with Combo Cleaner.

To remove .no_more_ransom file virus, follow these steps:

Remove .no_more_ransom file using Safe Mode with Networking

Activating the Safe Mode with Networking feature will allow you to disable the ransomware's activities:

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove .no_more_ransom file

    Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete .no_more_ransom file removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove .no_more_ransom file using System Restore

If you enable the System Restore function, you should be able to proceed with data recovery:

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of .no_more_ransom file. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that .no_more_ransom file removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove .no_more_ransom file from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.

If .no_more_ransom extension virus has “worked on” your files and you are not capable of accessing them properly anymore, try the below-given file restoring techniques and you might be able to unlock most of your files.

If your files are encrypted by .no_more_ransom file, you can use several methods to restore them:

The effectiveness of Data Recovery Pro

This utility might increase your chances of retrieving highly valued documents affected by No More Ransom ransomware.

  • Download Data Recovery Pro;
  • Follow the steps of Data Recovery Setup and install the program on your computer;
  • Launch it and scan your computer for files encrypted by .no_more_ransom file ransomware;
  • Restore them.

Opting for ShadowExplorer might be a very wise option

Though the malware is a complex cyber threat and some versions might delete shadow volume copies, it is still worth giving it a try. Shadow Volume copies are created by the operating system so this program uses them to recreate your files.

  • Download Shadow Explorer (http://shadowexplorer.com/);
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

Currently, there is no original ransomware decryptor released.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from .no_more_ransom file and other ransomwares, use a reputable anti-spyware, such as Reimage, SpyHunter 5Combo Cleaner or Malwarebytes

About the author

Julie Splinters
Julie Splinters - Malware removal specialist

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Julie Splinters
About the company Esolutions

References


  1. moodyEye says:
    November 25th, 2016 at 7:52 am

    Still not losing hope, eh?

  2. mystiquefog says:
    November 25th, 2016 at 7:54 am

    Ive got enough of their bullying already!

  3. ChJrStevenson says:
    November 25th, 2016 at 7:55 am

    Anyone heard news about the decrypter?

Your opinion regarding .no_more_ransom file virus