Severity scale:  
  (99/100)

.no_more_ransom file virus. How to remove? (Uninstall guide)

removal by Julie Splinters - - | Type: Ransomware
12

What lies behind .no_more_ransom file extension virus?

The bad news is that .no_more_ransom file virus is ransomware itself. What is more, it is not an ordinary file-encrypting malware such as .kukaracha file virus or BonziBuddy threat which happens to be more entertaining rather than destructive. The notorious virus, named Shade ransomware, disguises under the name of this infection. Besides other major improvements, the virus changed the usually appended extension. Now the data is marked with .no_more_ransom file extensions. If this misfortune befell you, firstly, collect yourself. The very process of .no_more_ransom removal is not a complicated matter if you entrust it to an anti-spyware application such as Reimage. At the end of the article, find the instructions suggesting file recovery methods.

Recently, there has become a tendency from cyber criminals to renew their previous threats and initiate the second way of the cyber campaign. In this regard, Shade virus enjoys its revival. It might compete with other highly damaging viruses such as Locky and Cerber 4.1.6 which became more powerful than ever before. Speaking of this Russian virus, it conceals its tracks by adding various extensions such as .7h9r, .xtbl, .ytbl, .da_vinci_code, and the recently added .no_more_ransom extension. The hackers made the current version more damaging as it invites a RAT tool which on its behalf helps to install Teamspy spying trojan.

The image of .no_more_ransom file virus

With the help of it, the crooks are able to access your device remotely and identify how much money you can pay for the encrypted data. Likewise, .no_more_ransom ransomware tends to infect governmental agencies and corporations. The recent versions continue employing RSA-2048 and AES-CBC 256 algorithm to encode the data. After the infiltration process is complete, the ransom README.txt message emerges. It states that all your files have been encrypted and that any attempt to recover the files other than remitting the payment may lead to the loss of files. It is not surprising as such threatening messages are often seen in the ransom text file. Later on, the victim is asked to send its unique code to lukyan.sazonov26@gmail.com. According to the instructions, you should follow access Tor network only in the case if the crooks fail to respond you within 48 hours. In short, remove .no_more_ransom right away.

The distribution peculiarities of the ransomware

Unfortunately, the very process of .no_more_ransom hijack is worth interest. It comprises of several stages by employing spam messages and exploit kits. We have already warned in the several posts that the crooks use persuasive techniques to encourage victims to open certain attachments. .no_more_ransom malware activates via macro settings as well. One of the infected emails may contain a .doc or .dll file. Fortunately, in the latter versions of Windows OS, the macros settings are disabled by default. As a result, the file asks you to enable them. When you notice any suspicious emails in your Inbox folder, do not open any attachments and scan your device with powerful security applications. They are the main tools guarding your operating system in case the ransomware tries to infect the operating system via exploit kits.

.no_more_ransom elimination steps

Obviously, the crooks used this ransomware as the mocking response to the joint cyber campaign launched against Shade virus by Europol, Kaspersky Lab, et al. The very campaign was called “No More Ransom.” In this intense cyber battle between the virus researchers and cyber criminals, users have to find a way how to remove .no_more_ransom virus on time. Security tools, such as Reimage or Malwarebytes Anti Malware, help you eliminate the threat completely. After that, you might consider file recovery options. If you encounter some .no_more_ransom removal difficulties, use the below-displayed guidelines to regain the full control of the computer.

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove .no_more_ransom file virus you agree to our privacy policy and agreement of use.
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall .no_more_ransom file virus. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.

More information about this program can be found in Reimage review.

Manual .no_more_ransom file virus Removal Guide:

Remove .no_more_ransom file using Safe Mode with Networking

Reimage is a tool to detect malware.
You need to purchase Full version to remove infections.
More information about Reimage.

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove .no_more_ransom file

    Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete .no_more_ransom file removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove .no_more_ransom file using System Restore

Reimage is a tool to detect malware.
You need to purchase Full version to remove infections.
More information about Reimage.

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of .no_more_ransom file. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that .no_more_ransom file removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove .no_more_ransom file from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.

If your files are encrypted by .no_more_ransom file, you can use several methods to restore them:

The effectiveness of Data Recovery Pro

This utility might increase your chances of retrieving highly valued documents affected by No More Ransom ransomware.

How to use Windows Previous Versions feature?

It is not difficult to access the previously saved copies if System Restore was activated.

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

Opting for ShadowExplorer

Though the malware is a complex cyber threat and some versions might delete shadow volume copies, it is still worth giving it a try. Shadow Volume copies are created by the operating system so this program uses them to recreate your files.

  • Download Shadow Explorer (http://shadowexplorer.com/);
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from .no_more_ransom file and other ransomwares, use a reputable anti-spyware, such as Reimage, Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus or Malwarebytes Anti Malware

About the author

Julie Splinters
Julie Splinters - Malware removal specialist

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Julie Splinters
About the company Esolutions


  • moodyEye

    Still not losing hope, eh?

  • mystiquefog

    Ive got enough of their bullying already!

  • ChJrStevenson

    Anyone heard news about the decrypter?