Selena virus Removal Guide
What is Selena ransomware?
Selena ransomware is another double-extortion ransomware that seeks to receive Bitcoins from victims
Selena ransomware detection rates
Selena ransomware is a malicious program designed to mainly attack businesses and organizations. Its main goal is to encrypt all usable files on the affected system and network and then demand ransom bitcoins from victims. Just like many other larger-scale ransomware gangs, this one also threatens to release sensitive data if the extortion requests are not met in time.
Once installed on the system, the virus would immediately look for files to encrypt – documents, pictures, databases, and other important data. During this time, all files are altered – they receive an extension .selena and also have additional strings added to the front of each file name (for example, id[d4TBDy8C].[Selena@onionmail.org].filename.jpg.selena).
Since the locking process is performed with a highly-advanced encryption algorithm, restoring files back to their original state becomes impossible without a unique key, accessible only to cybercriminals. In the ransom note selena.txt, they describe what has happened to all files and what victims have to do to retrieve them.
Evidently, the precise sum is not disclosed, as this is usually discussed via the provided emails – Selena@onionmail.org or Selena@cyberfear.com. Since the virus targets enterprise entities, the sum to be paid in bitcoins is likely to be very large.
|Type||Ransomware, file-locking malware, cryptovirus, double-extortion|
|File extension||Malware alters the file names in the following pattern: id[ID].[Selena@onionmail.org].filename.jpg.selena|
|Contact||Selena@onionmail.org or Selena@cyberfear.com|
|Data Recovery||If no backups are available, recovering data is almost impossible. We recommend you try alternative methods, which we list below|
|Malware removal||Manual virus removal is not recommended, as it might be difficult for regular users. Instead, SpyHunter 5Combo Cleaner or other anti-malware tools should be used|
|System fix||Malware can seriously tamper with Windows systems, causing errors, crashes, lag, and other stability issues after it is terminated. To remediate the system and avoid its complete corruption, we recommend scanning it with the ReimageIntego repair tool|
Since a ransom note is one of the first communication devices between the attackers and victims, most cybercriminals attempt to provide all the necessary information within the (text) file. Selena ransomware creators take it to another level and provide an extensive message that has everything victims need to know in order to recover their data:
::: Greetings :::
Your important data, including financial/development, accounting, strategies, and other vital documents and databases, have been downloaded and will be leaked soon if not paid.
Q: What's Happened?
A: Your files have been encrypted and now have the “Selena” extension. The file structure has been changed to unreadable format, but you can recover them all with our tool.
Q: How to recover files?
A: If you wish to decrypt your files, you will need to pay in bitcoins.
Q: What about guarantees?
A: It's just a business. We absolutely do not care about you and your deals, except getting benefits. Nobody will cooperate with us if we do not do our work and liabilities. It's not in our interests.
To check the ability to return files, you can send us two files (under 5MB) of any kind that do not contain critical information. We will decrypt them and send them back to you. That is our guarantee.
Q: How to contact us?
A: You can write us to our mailbox: Selena@onionmail.org and Selena@cyberfear.com
write this in the email title: ID:-
Q: How will the decryption process proceed after payment?
A: After payment, we will send you our decoder program and your ID's unique keys + detailed instructions for use. With this program, you will be able to decrypt all your encrypted files.
Q: If I don't want to pay bad people like you?
A: If you will not cooperate with our service, it does not matter to us. But you will lose your time and data cause we are the only ones that have the private key. In practice – time is much more valuable than money.
1.1 DON'T try to change encrypted files by yourself!
If you use any third-party software to restore your data or antivirus solutions, please make a backup of all encrypted files!
Any changes in encrypted files may entail damage to the private key and, as a result, the loss of all data.
.2. Any company/person claiming to decrypt your data without paying us, they're simply lying and will charge you a lot of extra money for that; they all contact us and buy the decryptor from us.
.3. message from Developers: to avoid any possible problems with this email agent, always as for test files, never pay anyone outside of these two emails, only pay to wallet address we send you along with the test file, this will guarantee you recover all your files with no risk
.4.To Facilitate the process of retrieving the files, DO NOT delete the C:/Selena folder (it's a hidden folder)
.5.Some files were encrypted but not renamed; these files will be restored after the decryption procedure is completed.
Despite the promises of the attackers, we strongly recommend not to pay. There is plenty of evidence that some victims did not receive the promised decryption keys after paying. Since there is little to no information about this ransomware developer, it would be hard to guess whether or not the decryptor would be actually sent.
Selena ransomware is a malicious program designed to encrypt all personal files
Instead, we recommend you check the instructions we provide below. While data recovery is almost impossible without working backups, there is a chance of restoring at least a portion of the affected files.
Ransomware removal and file recovery
1. Disconnect from the network
Network and internet can be used by cybercriminals for communication purposes – they can update malware, send additional payloads, etc. Thus, if the affected computer is connected to one of these or both, it is time to disconnect it. You can do that by simply pulling out the internet cable or disabling the WiFi connection, but you can also do it the following way:
- Type in Control Panel in Windows search and press Enter
- Go to Network and Internet
- Click Network and Sharing Center
- On the left, pick Change adapter settings
- Right-click on your connection (for example, Ethernet), and select Disable
- Confirm with Yes.
2. Remove the infection
Once the affected machine is disconnected from the network, it is time to begin the Selena virus removal process. Most ransomware is programmed to self-destruct after the job of the data encryption is complete, although this is not a rule. Besides, ransomware can also be installed in conjunction with other malware, so it is important to eliminate everything.
To do so, you will have to perform a full system scan with SpyHunter 5Combo Cleaner, Malwarebytes, or another powerful anti-malware software. This will ensure that all the malware components are removed, and it does not return. Note that System Restore should not be used in this case, as the infection could be reinstated accidentally.
3. Data recovery
Before you proceed with data recovery methods, we once more want to warn you against paying the ransom to cybercriminals. Next, you should make copies of all the encrypted files on your system, as their tampering might cause permanent damage, so even a working decryptor would not help.
Use a separate storage device such as a USB flash or external hard drive, or employ cloud services to back up your files virtually. If you need help with doing this, check the instructions at the very bottom of this post. Once done, you can try to restore the files located on the affected machine with the help of data recovery tools.
- Download Data Recovery Pro.
- Double-click the installer to launch it.
- Follow on-screen instructions to install the software.
- As soon as you press Finish, you can use the app.
- Select Everything or pick individual folders where you want the files to be recovered from.
- Press Next.
- At the bottom, enable Deep scan and pick which Disks you want to be scanned.
- Press Scan and wait till it is complete.
- You can now pick which folders/files to recover – don't forget you also have the option to search by the file name!
- Press Recover to retrieve your files.
Some ransomware is far from perfect and has bugs within their encryption process, allowing security experts to create a working decryption tool, providing it for victims free. Alternatively, law enforcement has previously seized the servers of malware authors, which allowed them to release keys to the public. Thus, use the following links to find a decryption tool, although you should keep in mind that it might take time before a working one is available, if at all.
- No More Ransom Project
- Free Ransomware Decryptors by Kaspersky
- Free Ransomware Decryption Tools from Emsisoft
- Avast decryptors
4. System repair
If your system is unstable and suffers from crashes, lag, errors, and other issues, it could be the result of system corruption. While you could reinstall the operating system altogether, there is an easier way of fixing it by using PC repair software. Antivirus can't fix damaged system components, thus it is best to use specialized software.
- Download ReimageIntego
- Click on the ReimageRepair.exe
- If User Account Control (UAC) shows up, select Yes
- Press Install and wait till the program finishes the installation process
- The analysis of your machine will begin immediately
- Once complete, check the results – they will be listed in the Summary
- You can now click on each of the issues and fix them manually
- If you see many problems that you find difficult to fix, we recommend you purchase the license and fix them automatically.
Getting rid of Selena virus. Follow these steps
Create data backups to avoid file loss in the future
One of the many countermeasures for home users against ransomware is data backups. Even if your Windows get corrupted, you can reinstall everything from scratch and retrieve files from backups with minimal losses overall. Most importantly, you would not have to pay cybercriminals and risk your money as well.
Therefore, if you have already dealt with a ransomware attack, we strongly advise you to prepare backups for future use. There are two options available to you:
- Backup on a physical external drive, such as a USB flash drive or external HDD.
- Use cloud storage services.
The first method is not that convenient, however, as backups need to constantly be updated manually – although it is very reliable. Therefore, we highly advise choosing cloud storage instead – it is easy to set up and efficient to sustain. The problem with it is that storage space is limited unless you want to pay for the subscription.
Using Microsoft OneDrive
OneDrive is a built-in tool that comes with every modern Windows version. By default, you get 5 GB of storage that you can use for free. You can increase that storage space, but for a price. Here's how to setup backups for OneDrive:
- Click on the OneDrive icon within your system tray.
- Select Help & Settings > Settings.
- If you don't see your email under the Account tab, you should click Add an account and proceed with the on-screen instructions to set yourself up.
- Once done, move to the Backup tab and click Manage backup.
- Select Desktop, Documents, and Pictures, or a combination of whichever folders you want to backup.
- Press Start backup.
After this, all the files that are imported into the above-mentioned folders will be automatically backed for you. If you want to add other folders or files, you have to do that manually. For that, open File Explorer by pressing Win + E on your keyboard, and then click on the OneDrive icon. You should drag and drop folders you want to backup (or you can use Copy/Paste as well).
Using Google Drive
Google Drive is another great solution for free backups. The good news is that you get as much as 15GB for free by choosing this storage. There are also paid versions available, with significantly more storage to choose from.
You can access Google Drive via the web browser or use a desktop app you can download on the official website. If you want your files to be synced automatically, you will have to download the app, however.
- Download the Google Drive app installer and click on it.
- Wait a few seconds for it to be installed.
- Now click the arrow within your system tray – you should see Google Drive icon there, click it once.
- Click Get Started.
- Enter all the required information – your email/phone, and password.
- Now pick what you want to sync and backup. You can click on Choose Folder to add additional folders to the list.
- Once done, pick Next.
- Now you can select to sync items to be visible on your computer.
- Finally, press Start and wait till the sync is complete. Your files are now being backed up.
Report the incident to your local authorities
Ransomware is a huge business that is highly illegal, and authorities are very involved in catching malware operators. To have increased chances of identifying the culprits, the agencies need information. Therefore, by reporting the crime, you could help with stopping the cybercriminal activities and catching the threat actors. Make sure you include all the possible details, including how did you notice the attack, when it happened, etc. Additionally, providing documents such as ransom notes, examples of encrypted files, or malware executables would also be beneficial.
Law enforcement agencies typically deal with online fraud and cybercrime, although it depends on where you live. Here is the list of local authority groups that handle incidents like ransomware attacks, sorted by country:
- USA – Internet Crime Complaint Center IC3
- United Kingdom – ActionFraud
- Canada – Canadian Anti-Fraud Centre
- Australia – ScamWatch
- New Zealand – ConsumerProtection
- Germany – Polizei
- France – Ministère de l'Intérieur
If your country is not listed above, you should contact the local police department or communications center.
Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Selena and other ransomwares, use a reputable anti-spyware, such as ReimageIntego, SpyHunter 5Combo Cleaner or Malwarebytes
How to prevent from getting ransomware
Choose a proper web browser and improve your safety with a VPN tool
Online spying has got momentum in recent years and people are getting more and more interested in how to protect their privacy online. One of the basic means to add a layer of security – choose the most private and secure web browser. Although web browsers can't grant full privacy protection and security, some of them are much better at sandboxing, HTTPS upgrading, active content blocking, tracking blocking, phishing protection, and similar privacy-oriented features. However, if you want true anonymity, we suggest you employ a powerful Private Internet Access VPN – it can encrypt all the traffic that comes and goes out of your computer, preventing tracking completely.
Lost your files? Use data recovery software
While some files located on any computer are replaceable or useless, others can be extremely valuable. Family photos, work documents, school projects – these are types of files that we don't want to lose. Unfortunately, there are many ways how unexpected data loss can occur: power cuts, Blue Screen of Death errors, hardware failures, crypto-malware attack, or even accidental deletion.
To ensure that all the files remain intact, you should prepare regular data backups. You can choose cloud-based or physical copies you could restore from later in case of a disaster. If your backups were lost as well or you never bothered to prepare any, Data Recovery Pro can be your only hope to retrieve your invaluable files.