Skip to content
  • Active
  • Severity: High
  • Ransomware
  • Windows
  • Verified · Oct 2018

How to remove spaß ransomware

A step-by-step removal guide for affected devices. Follow the verified procedure below — most readers complete it in under 10 minutes.

Julie Splinters · Anti-malware specialist

spaß ransomware is a cryptovirus that targets German-speaking users

spaß ransomware 

spaß ransomware is a new variant of the already known file-locking ransomware that is geared towards German users. It belongs to the Jigsaw ransomware family which has been known since March 2016. Previously, hackers released versions targeting Poland and Turkey. This particular variant of the crypto malware is using AES[1] encryption algorithm to make users' files unreachable. It marks these files with .spaß file extension so that they could be recognized as encrypted. Immediately after this successful data-locking process, ransomware places HTA program window with the ransom note that is written in German. The main information that is provided there includes statements claiming that the virus will delete more and more of your files each day if you do not pay in time. Virus developers have also been stating that failing to pay them will result in the termination of 1000 files a day.

Name spaß ransomware
Type Cryptovirus
Related Jigsaw ransomware
File extension .spaß
Ransom note Displayed on the HTA program window, written in German
Targets German-speaking Windows users
Distribution Spam email attachments
Elimination Use FortectIntego or another anti-malware for spaß ransomware removal

spaß files virus focuses on data encryption and demands a hefty amount of cryptocurrency by making people think decryption is possible and going to happen if they pay in time. Unfortunately, if you wait for too long, your data might be deleted. According to the ransom note, virus developers delete 1000 files a day, and after three days there is no option to get a decryption key. However, we as cybersecurity researchers[2] do not recommend paying or contacting these people in any way. Beware that it may cause permanent data or money loss.

As typical ransomware would, spaß ransomware develops a message for its victims and places the note in German as an HTA program window on a screen that reads the following:

Alle deine Datein wurden Verschlüsselt:
Wenn du mich schliesst, kleiner machst oder den Pc ausmachst werden 1000 Datein gelöscht.
Das kann ich nicht mal verhindern.
Am 1.Tag werde ich ein paar Datein löschen.
Am 2.Tag werde ich ein paar 100 Datein löschen.
Am 3.Tag werde ich ein paar 1000 Datein löschen.
Jede Stunde werde ich 1 Datei löschen.
Wenn du deine Datein wiederbekommen möchtest, befolge die volgenden Regeln.
“Lege dir ein Bitcoin Wallet an.
Zum Beispiel https.//www.blockchain.com
Dann bezahle mir die Bitcoins.
Nur ich kan sie Entschlüsseln.
Viel spaß beim spielen created by /anonxd/

Translation :

All your files have been encrypted:
If you shut me down, you will make me delete 1000 files.
I can not prevent that.
On the first day, I will delete some files.
On the 2nd day, I will delete a few 100 files.
On the 3rd day, I will delete a few 1000 files.
Every hour I will delete 1 file.
If you want to get your files back, follow the rules below.
Make a Bitcoin Wallet.
For example, https.//www.blockchain.com
Then pay me the bitcoins.
Only I can decode the files.
Have fun playing created by / anonxd /

spaß ransomware virus is a variant of Jigsaw which already has more than 40 versions developed in the past two years. The main target is users' data stored on the device. Data encryption gives an opportunity for the developer to make a profit from ransom payments alone.

You should remove spaß ransomware instead of paying the ransom because decryption is not guaranteed and the best solution for data recovery is data backups from external devices or cloud services. You should develop a routine of file backing and make sure to use different methods. Have USB stick with your important files and store them on a service that connects to the internet.

Since this ransomware already attacked various victims have supplied the sample of the threat. JigsamRansomware.exe is the executable virus uses to infect the system. After a system scan using antivirus this file can be detected as:

  • HEUR/AGEN.1016250;
  • Win32:Trojan-gen;
  • Trojan-Ransom.Jigsaw (A);
  • Ransom.Jigsaw.Generic;
  • Trojan-Ransom.JigSaw;
  • MSIL.Trojan-Ransom.Jigsaw.B;
  • Trojan.Agent.FC.2460;
  • Trojan.Win32.Z.Jigsaw.60416;
  • etc.[3]

spaß ransomware removal can be performed with anti-malware tools like FortectIntego. The reputable anti-malware program detects various cyber threats including this ransomware and eliminates it from the system. Using these tools can also improve the performance of your device because it removes all PUPs and additional intruders.

If you are concerned about your encoded files, make sure to get rid of spaß ransomware and then use data recovery methods listed down below or replace your files from a backup. Remember to back up your files more occasionally, so you can avoid this issue in the future.

spaß ransomware virus

Safe-looking file attachments contain ransomware executable

The main method of spreading crypto-extortion based threats is spam email campaigns when hackers misuse well-known company names or disguise their products behind legitimate looking MS Word or Excel documents. This is a big issue regarding phishing email campaigns[4] and malware distribution. You need to avoid opening and downloading files attached to suspicious emails.

Various malware which is also distributed via spam email attachments can be used to spread direct payload of ransomware on the system. However, there are several other ways used to spread ransomware infections. Various threat developers have been actively using exploit kits or other certain tools. 

Employ reputable tools for spaß ransomware elimination 

To remove spaß ransomware from the device, you should use FortectIntego, SpyHunterCombo Cleaner or MalwarebytesMalwarebytes Keep in mind that you need to remove any malware residing on your computer and causing serious havoc there. The anti-malware program is designed to inspect the device thoroughly and eliminate components that could be hardly detected manually.

Once you perform spaß ransomware removal, you can move on to data recovery. Remember to clean the system first and then focus on file recovery because the malware can repeat files' encryption right after you reboot your computer system. The easiest method to do is using backups, but you can also rely on the following methods.

Be the first to comment

Spyware news
Privacy preferences

We use cookies to improve your experience and analyze traffic. Some cookies enable embedded content like videos and social posts. Choose what you allow — you can change this anytime.