Skip to content
  • Active
  • Severity: High
  • Ransomware
  • Windows
  • Verified · May 2022

How to remove Selena ransomware

A step-by-step removal guide for affected devices. Follow the verified procedure below — most readers complete it in under 10 minutes.

Lucia Danes · Virus researcher

Selena ransomware is another double-extortion ransomware that seeks to receive Bitcoins from victims

Selena ransomware virus

Selena ransomware is a malicious program designed to mainly attack businesses and organizations. Its main goal is to encrypt all usable files on the affected system and network and then demand ransom bitcoins from victims. Just like many other larger-scale ransomware gangs, this one also threatens to release sensitive data if the extortion requests are not met in time.

Once installed on the system, the virus would immediately look for files to encrypt – documents, pictures, databases, and other important data. During this time, all files are altered – they receive an extension .selena and also have additional strings added to the front of each file name (for example, id[d4TBDy8C].[Selena@onionmail.org].filename.jpg.selena).

Since the locking process is performed with a highly-advanced encryption[1] algorithm, restoring files back to their original state becomes impossible without a unique key, accessible only to cybercriminals. In the ransom note selena.txt, they describe what has happened to all files and what victims have to do to retrieve them.

Evidently, the precise sum is not disclosed, as this is usually discussed via the provided emails – Selena@onionmail.org or Selena@cyberfear.com. Since the virus targets enterprise entities, the sum to be paid in bitcoins is likely to be very large.

Name Selena ransomware
Type Ransomware, file-locking malware, cryptovirus, double-extortion
File extension Malware alters the file names in the following pattern: id[ID].[Selena@onionmail.org].filename.jpg.selena
Ransom note selena.txt
Contact Selena@onionmail.org or Selena@cyberfear.com
Data Recovery If no backups are available, recovering data is almost impossible. We recommend you try alternative methods, which we list below
Malware removal Manual virus removal is not recommended, as it might be difficult for regular users. Instead, SpyHunterCombo Cleaner or other anti-malware tools should be used
System fix Malware can seriously tamper with Windows systems, causing errors, crashes, lag, and other stability issues after it is terminated. To remediate the system and avoid its complete corruption, we recommend scanning it with the FortectIntego repair tool

Ransom note

Since a ransom note is one of the first communication devices between the attackers and victims, most cybercriminals attempt to provide all the necessary information within the (text) file. Selena ransomware creators take it to another level and provide an extensive message that has everything victims need to know in order to recover their data:

::: Greetings :::

Your important data, including financial/development, accounting, strategies, and other vital documents and databases, have been downloaded and will be leaked soon if not paid.

==================================

Little FAQ:
.1.
Q: What's Happened?
A: Your files have been encrypted and now have the “Selena” extension. The file structure has been changed to unreadable format, but you can recover them all with our tool.

.2.
Q: How to recover files?
A: If you wish to decrypt your files, you will need to pay in bitcoins.

.3.
Q: What about guarantees?
A: It's just a business. We absolutely do not care about you and your deals, except getting benefits. Nobody will cooperate with us if we do not do our work and liabilities. It's not in our interests.
To check the ability to return files, you can send us two files (under 5MB) of any kind that do not contain critical information. We will decrypt them and send them back to you. That is our guarantee.

.4.
Q: How to contact us?
A: You can write us to our mailbox: Selena@onionmail.org and Selena@cyberfear.com
write this in the email title: ID:-

.5.
Q: How will the decryption process proceed after payment?
A: After payment, we will send you our decoder program and your ID's unique keys + detailed instructions for use. With this program, you will be able to decrypt all your encrypted files.

.6.
Q: If I don't want to pay bad people like you?
A: If you will not cooperate with our service, it does not matter to us. But you will lose your time and data cause we are the only ones that have the private key. In practice – time is much more valuable than money.

:::BEWARE:::
1.1 DON'T try to change encrypted files by yourself!
If you use any third-party software to restore your data or antivirus solutions, please make a backup of all encrypted files!
Any changes in encrypted files may entail damage to the private key and, as a result, the loss of all data.
.2. Any company/person claiming to decrypt your data without paying us, they're simply lying and will charge you a lot of extra money for that; they all contact us and buy the decryptor from us.
.3. message from Developers: to avoid any possible problems with this email agent, always as for test files, never pay anyone outside of these two emails, only pay to wallet address we send you along with the test file, this will guarantee you recover all your files with no risk
.4.To Facilitate the process of retrieving the files, DO NOT delete the C:/Selena folder (it's a hidden folder)
.5.Some files were encrypted but not renamed; these files will be restored after the decryption procedure is completed.

Despite the promises of the attackers, we strongly recommend not to pay. There is plenty of evidence that some victims did not receive the promised decryption keys after paying. Since there is little to no information about this ransomware developer, it would be hard to guess whether or not the decryptor would be actually sent.

Selena ransomware

Instead, we recommend you check the instructions we provide below. While data recovery is almost impossible without working backups, there is a chance of restoring at least a portion of the affected files.

Ransomware removal and file recovery

1. Disconnect from the network 

Network and internet can be used by cybercriminals for communication purposes – they can update malware, send additional payloads, etc. Thus, if the affected computer is connected to one of these or both, it is time to disconnect it. You can do that by simply pulling out the internet cable or disabling the WiFi connection, but you can also do it the following way:

  • Type in Control Panel in Windows search and press Enter
  • Go to Network and InternetNetwork and internet
  • Click Network and Sharing CenterNetwork and internet 2
  • On the left, pick Change adapter settingsNetwork and internet 3
  • Right-click on your connection (for example, Ethernet), and select DisableNetwork and internet 4
  • Confirm with Yes.

2. Remove the infection

Once the affected machine is disconnected from the network, it is time to begin the Selena virus removal process. Most ransomware is programmed to self-destruct after the job of the data encryption is complete, although this is not a rule. Besides, ransomware can also be installed in conjunction with other malware, so it is important to eliminate everything.

To do so, you will have to perform a full system scan with SpyHunterCombo Cleaner, MalwarebytesMalwarebytes, or another powerful anti-malware software. This will ensure that all the malware components are removed, and it does not return. Note that System Restore[2] should not be used in this case, as the infection could be reinstated accidentally.

3. Data recovery

Before you proceed with data recovery methods, we once more want to warn you against paying the ransom to cybercriminals. Next, you should make copies of all the encrypted files on your system, as their tampering might cause permanent damage, so even a working decryptor would not help.

Use a separate storage device such as a USB flash or external hard drive, or employ cloud services to back up your files virtually. If you need help with doing this, check the instructions at the very bottom of this post. Once done, you can try to restore the files located on the affected machine with the help of data recovery tools.

  • Download Data Recovery Pro.
  • Double-click the installer to launch it.
  • Follow on-screen instructions to install the software.Install program
  • As soon as you press Finish, you can use the app.
  • Select Everything or pick individual folders where you want the files to be recovered from.
  • Press Next.
  • At the bottom, enable Deep scan and pick which Disks you want to be scanned.Select Deep scan
  • Press Scan and wait till it is complete.
  • You can now pick which folders/files to recover – don't forget you also have the option to search by the file name!
  • Press Recover to retrieve your files.Recover files

Some ransomware is far from perfect and has bugs[3] within their encryption process, allowing security experts to create a working decryption tool, providing it for victims free. Alternatively, law enforcement has previously seized the servers of malware authors, which allowed them to release keys to the public. Thus, use the following links to find a decryption tool, although you should keep in mind that it might take time before a working one is available, if at all.

No More Ransom Project

4. System repair

If your system is unstable and suffers from crashes, lag, errors, and other issues, it could be the result of system corruption. While you could reinstall the operating system altogether, there is an easier way of fixing it by using PC repair software. Antivirus can't fix damaged system components, thus it is best to use specialized software.

  • Download FortectIntego
  • Click on the ReimageRepair.exe
    Reimage download
  • If User Account Control (UAC) shows up, select Yes
  • Press Install and wait till the program finishes the installation processReimage installation
  • The analysis of your machine will begin immediatelyReimage scan
  • Once complete, check the results – they will be listed in the Summary
  • You can now click on each of the issues and fix them manually
  • If you see many problems that you find difficult to fix, we recommend you purchase the license and fix them automatically.Reimage results

Be the first to comment

Spyware news
Privacy preferences

We use cookies to improve your experience and analyze traffic. Some cookies enable embedded content like videos and social posts. Choose what you allow — you can change this anytime.