Severity scale:  
  (97/100)

RansomAES ransomware. How to remove? (Uninstall guide)

removal by Linas Kiguolis - - | Type: Ransomware

RansomAES – ransomware targeting Korean PC users

RansomAES virus

RansomAES is a ransomware[1] virus that has been developed to encrypt people's files and then urge them to pay a ransom. It uses AES cryptography algorithm and targets Korean PC users. The data encrypted by RansomAES can be easily recognized by a .RansomAES file extension, as well as READ ME.txt ransom note. The victims are supposed to email hackers to fbgwls245@naver.com or powerhacker03@hotmail.com for payment instructions. At the moment of writing, victims are expected to transfer 100,000 KRW in Bitcoins.

RansomAES
Classification Ransomware
Related files RansomAES.exe, READ ME.txt
   
File extension .RansomAES
Email address fbgwls245@naver.com or powerhacker03@hotmail.com
Decryption method AES cipher
Main dangers It locks files and renders them useless unless the victim pays the ransom. Thus, the two main dangers are the loss of data and money. Besides, it may open backdoor to other malicious programs. 
Elimination process Manual removal is not possible. Download Reimage and run a full system scan with it to get rid of ransomware infection. 

The crooks behind RansomAES virus rely on diverse ransomware distribution strategies, including but not limited to malicious spam email attachments and rogue software downloads. If the victim executes the payload (RansomAES.exe), the virus unravels and targets Windows GUI with Intel 386 or later chipset.[2] Earlier version won't be attacked.

It uses AES cipher to render people's files useless. It locks them with a hard code and generates a unique victim's identifier and corresponding file decryptor. In the meantime, the user of the compromised PC is presented with files locked with .RansomAES file extension and the READ ME.txt ransom note, which is written in the Korean language.

The note does not contain much information, except that it informs the victim about an attack and provides contact information. Currently, RansomAES ransomware virus developers can be intercommunicated via the following email addresses:

  • fbgwls245@naver.com
  • powerhacker03@hotmail.com

According to ransomware researchers, it demands a ransom in Bitcoins. At the moment of writing, the sum ranges from 100,000 to 500,000 KRW, which is equal to 0.010 to 0.051 Bitcoin.

Despite the size of the redemption, we would not recommend you to pay it. Supporting hackers is not a good idea, is it? Besides, transferring your money to crooks does not prove to ensure that you'll be provided with a RansomAES decryptor so that you can be left without both data and money.

In case of attack, we would strongly recommend you to download Reimage, Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus, Malwarebytes Anti Malware or another reputable anti-virus, run a full system scan with it, and perform a complete RansomAES removal.

It's very likely that you won't be allowed to remove RansomAES virus easily. The malicious software can use malicious processes to block anti-virus and evade easy removal. Therefore, you may need to restart your PC into Safe Mode with Networking.

As soon as you get rid of the malware, try to retrieve your files using alternative methods. Most of them require the installation of third-party data recovery programs. Our top selections are provided at the end of this article.

Computers get infected after opening malicious spam email attachments

Malicious spam email messages with ransomware-infected attachments are the most popular virus distribution technique for more than a decade. Less tech-savvy people lack knowledge about cyber security and quickly fall for opening emails that camouflage IRS, Amazon, Microsoft, and other well-known companies.

The ransomware is executed as soon as the potential victim opens a Word, PDF or Zip file. However, NoVirus.uk[3] specialists indicate the following techniques that are commonly used to spread ransomware as well:

  • Exploit Kits;
  • Fake software updates;
  • Illegal or obfuscated program in file-sharing sites or networks;
  • Malicious advertisements;
  • Hacked Remote Desktop Services (RDS).

Therefore, you should be careful with content you click or download online. Besides, make sure to keep your anti-virus and OS up-to-date.

RansomAES removal options

Manual ransomware removal is practically impossible. Any attempt to restart your PC, change registry entries or rename encrypted files can lead to permanent data loss. Therefore, we would strongly recommend you to perform automatic RansomAES removal with Reimage or another robust security tool.

The guide given below will explain you in details how to remove RansomAES if malicious processes keep your anti-virus disabled. Besides, you will find a list of data recovery possibilities down below. However, make sure that the ransomware is entirely deleted before any attempts to decrypt your files.

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove RansomAES ransomware you agree to our privacy policy and agreement of use.
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall RansomAES ransomware. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.
More information about this program can be found in Reimage review.
Press mentions on Reimage

Manual RansomAES virus Removal Guide:

Remove RansomAES using Safe Mode with Networking

The following instructions explain how to bypass restrictions to launch anti-virus scanner:

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove RansomAES

    Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete RansomAES removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove RansomAES using System Restore

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of RansomAES. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that RansomAES removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove RansomAES from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.

If your files are encrypted by RansomAES, you can use several methods to restore them:

We highly recommend using Data Recovery Pro

Data Recovery Pro is a powerful tool for retrieving data lost due to various circumstances, so it's worth given a try. 

Recover individual files from Previous Windows Version

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

Try ShadowExplorer

Windows creates Volume Shadow Copies by default. If RansomAES did not remove them, you will get each of your files back by following these steps:

  • Download Shadow Explorer (http://shadowexplorer.com/);
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

No RansomAES decryptor developed yet.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from RansomAES and other ransomwares, use a reputable anti-spyware, such as Reimage, Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus or Malwarebytes Anti Malware

About the author

Linas Kiguolis
Linas Kiguolis - Expert in social media

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Linas Kiguolis
About the company Esolutions

References