Steriok ransomware (virus) - Free Instructions
Steriok virus Removal Guide
What is Steriok ransomware?
Steriok is a ransomware-type virus that encrypts all personal files and asks for money for their return
Steriok ransomware authors asks uses to create a special email account to contact them
Steriok ransomware is a malicious program for Windows that has started spreading around at the end of November 2021. Just like any other malware of this type, its main goal is to encrypt all personal files on the system and then demand a ransom. Victims of the virus pay cybercriminals when they see no other choice, as their files are extremely important to them. Unfortunately, this action is something that lets the illegal business of ransomware thrive.
There are plenty of ways one can get infected with ransomware – from the most prevalent malspam campaigns to malicious executables found on torrent sites – everything goes as long as it is effective. Without a doubt, victims do not install malware on their devices on purpose; social engineering, phishing, and even software vulnerabilities[1] are used to make the infection be successful.
As soon as a malicious installer manages to execute the code on a computer, it also looks for networked machines to do the same. There are many changes made within Windows for the Steriok virus to do its main job – encrypt all personal files. With the help of a sophisticated encryption algorithm, all pictures, documents, videos, and other files receive the .steriok extension – it also makes them lose their original icons, which are replaced by blank ones.
Suchlike files can no longer be opened or modified, no matter which application is used to do so. At this point, ransomware launches a file titled RESTORE_FILES_INFO.txt, which reads:
all your important files are encrypted!
Any attempts to restore your files with the thrid-party software will be fatal for your files!
RESTORE YOU DATA POSIBLE ONLY BUYING private key from us.
There is only one way to get your files back:
WARNING: 1) install the tor browser (https://www.torproject.org/download)
Сreate new email on servis http://mail2tor2zyjdctd.onion for contact !
write me on steriok@mail2tor.com or proper12132@tutanota.com
Send me your ID in the emailKey Identifier:
A ransom note serves as a communication file that is meant to help cybercriminals and victims seal the deal. Crooks provide instructions on how to download TOR browsers and create a new email account on a special email service and then write an email to them, which should also include the Key identifier.
It is unknown what the ransom might be, is it typically varies from person to person. Whether the asked sum is large or small for you personally, you should not cooperate with the attackers. They might fail to deliver the promised decryptor or provide one that does not work. Remember, they do not care about the interests of victims but just their own, so trusting them is highly risky.
They also claim that alternative data recovery methods would permanently damage your files, which might be true. However, there are ways that this could be prevented without causing damage to files – making copies of them.
Steriok ransomware is a creation of the Prometheus gang, which has its roots in REvil, which, leaks say, seems to be disbanded by this point.[2] The operations behind this group are massive, and it targeted many high-profile companies in the past. Luckily, some versions of the malware produced by the group can be decrypted for free.
Name | Steriok ransomware |
---|---|
Type | Ransomware, file-locking malware, cryptovirus |
Family | Thanos |
File extension | .steriok extension appears at the end of every file name |
Ransom note | RESTORE_FILES_INFO.txt |
Contact | steriok@mail2tor.com or proper12132@tutanota.com |
Data Recovery | The easiest and safest data recovery can be performed via existing backups. If none are available, data recovery software or an existing Prometheus Ransomware Decryptor might be of help in some cases |
Malware removal | Manual virus removal is not recommended, as it might be difficult for regular users. Instead, anti-malware tools should be used |
System fix | Malware can seriously tamper with Windows systems, causing errors, crashes, lag, and other stability issues after it is terminated. To remediate the system and avoid its complete corruption, we recommend scanning it with the FortectIntego repair tool |
Ransomware is without a doubt one of the most difficult to deal with computer infections. We have previously talked about Rigj, Palq, LOCK2G, and many other strains, and all of them have one thing in common. Unlike other types of malware, its removal is not the main thing that victims should be worried about – it's what the virus leaves behind. Many people get really upset when they realize that their files remain locked despite their efforts.
However, you should not immediately assume that the situation is completely dire, as some solutions could be available. It is vital that you perform the steps of Steriok ransomware removal in the correct order to have a chance of restoring your files.
Step 1. Remove the infection
There have been plenty of examples when ransomware simply self-destructs after it fulfills its duty – encrypts all the susceptible files on the system and network. This does not always happen, as some malware is programmed to continue encrypting the incoming files to cause even more damage. Likewise, ransomware can leave the system vulnerable and prone to other attacks.
Therefore, you should remove the virus with SpyHunter 5Combo Cleaner, Malwarebytes, or another powerful anti-malware software (if this process is being hindered by the malware itself, accessing Safe Mode can bypass this functionality). Although before you do this, you should disconnect your computer from the internet and network. You can find the instructions on how to perform these steps at the bottom of this post.
Step 2. Backup your files
Cybercriminals mention in their ransom note that using alternative recovery software would permanently damage the encrypted files. While there is no reason to believe them, this point ming be very true, so using recovery software or a decryption tool on your main files should be avoided at all costs.
Instead, you should first make backups of your files before you proceed, so if files actually get corrupted, you still have originals available to you. You can simply copy .steriok files to an external drive (for example, a USB stick) or upload them to the cloud.
Microsoft OneDrive
OneDrive is a built-in tool that comes with every modern Windows version. By default, you get 5 GB of storage that you can use for free. You can increase that storage space, but for a price. Here's how to set up backups for OneDrive:
- Click on the OneDrive icon within your system tray.
- Select Help & Settings > Settings.
- If you don't see your email under the Account tab, you should click Add an account and proceed with the on-screen instructions to set yourself up.
- Once done, move to the Backup tab and click Manage backup.
- Select Desktop, Documents, and Pictures, or a combination of whichever folders you want to backup.
- Press Start backup.
After this, all the files that are imported into the above-mentioned folders will be automatically backed for you. If you want to add other folders or files, you have to do that manually. For that, open File Explorer by pressing Win + E on your keyboard, and then click on the OneDrive icon. You should drag and drop folders you want to backup (or you can use Copy/Paste as well).
Google Drive
- Download the Google Drive app installer and click on it.
- Wait a few seconds for it to be installed.
- Now click the arrow within your system tray – you should see Google Drive icon there, click it once.
- Click Get Started.
- Enter all the required information – your email/phone, and password.
- Now pick what you want to sync and backup. You can click on Choose Folder to add additional folders to the list.
- Once done, pick Next.
- Now you can select to sync items to be visible on your computer.
- Finally, press Start and wait till the sync is complete. Your files are now being backed up.
Step 3. Repair system damage
Malware can cause tremendous damage to Windows systems to the point where a full reinstallation could be required. For example, an infection can alter the Windows registry database, damage vital bootup, and other sections, delete or corrupt DLL files, etc. Antivirus software can't repair damaged files, and a specialized app should be used instead.
- Download FortectIntego
- Click on the ReimageRepair.exe
- If User Account Control (UAC) shows up, select Yes
- Press Install and wait till the program finishes the installation process
- The analysis of your machine will begin immediately
- Once complete, check the results – they will be listed in the Summary
- You can now click on each of the issues and fix them manually
- If you see many problems that you find difficult to fix, we recommend you purchase the license and fix them automatically.
Step 4. Attempt to recover .steriok files
There are two types of outlooks of those who get infected with ransomware for the very first time. The first group of people have heard about this type of malware very little and believe that it's just another annoying infection they can simply get rid of with antivirus software, which would also restore their files.
The second group of people believes that their files were permanently corrupted and there is nothing they can do, or the only way out is to pay the ransom. None of these outlooks are entirely correct, as there are plenty of nuances that come with each ransomware infection.
In this case, malware comes from an already established family, so it is not brand new. Trusting cybercriminals is not recommended, although some people might see no other choice. Regardless of what you choose to do, we recommend you try alternative data recovery methods we provide below. Make sure you back up the encrypted files before you proceed with these steps.
Use data recovery software
- Download Data Recovery Pro.
- Double-click the installer to launch it.
- Follow on-screen instructions to install the software.
- As soon as you press Finish, you can use the app.
- Select Everything or pick individual folders where you want the files to be recovered from.
- Press Next.
- At the bottom, enable Deep scan and pick which Disks you want to be scanned.
- Press Scan and wait till it is complete.
- You can now pick which folders/files to recover – don't forget you also have the option to search by the file name!
- Press Recover to retrieve your files.
Try Prometheus decryptor
In the summer of this year, security researchers at Cycraft released a decryption tool for Prometheus ransomware versions. Visit the website, download the decryptor and use the instructions provided there. Keep in mind that the tool might not work for some virus versions.
Check for other decryptors
There are hundreds of security companies and organizations that are working hard to battle ransomware creators. In some cases, servers where decryption keys are held might get seized,[3] which allows them to be released to the public. Below you can find the most prominent parties that are involved in free data decryption services, which have already helped millions of victims. Keep in mind that an alternative decrytpion tool might take a while to create (if it is possible at all).
- No More Ransom Project
- Free Ransomware Decryptors by Kaspersky
- Free Ransomware Decryption Tools from Emsisoft
- Avast decryptors
Getting rid of Steriok virus. Follow these steps
Isolate the infected computer
Some ransomware strains aim to infect not only one computer but hijack the entire network. As soon as one of the machines is infected, malware can spread via network and encrypt files everywhere else, including Network Attached Storage (NAS) devices. If your computer is connected to a network, it is important to isolate it to prevent re-infection after ransomware removal is complete.
The easiest way to disconnect a PC from everything is simply to plug out the ethernet cable. However, in the corporate environment, this might be extremely difficult to do (also would take a long time). The method below will disconnect from all the networks, including local and the internet, isolating each of the machines involved.
- Type in Control Panel in Windows search and press Enter
- Go to Network and Internet
- Click Network and Sharing Center
- On the left, pick Change adapter settings
- Right-click on your connection (for example, Ethernet), and select Disable
- Confirm with Yes.
If you are using some type of cloud storage you are connected to, you should disconnect from it immediately. It is also advisable to disconnect all the external devices, such as USB flash sticks, external HDDs, etc. Once the malware elimination process is finished, you can connect your computers to the network and internet, as explained above, but by pressing Enable instead.
Manual removal using Safe Mode
Important! →
Manual removal guide might be too complicated for regular computer users. It requires advanced IT knowledge to be performed correctly (if vital system files are removed or damaged, it might result in full Windows compromise), and it also might take hours to complete. Therefore, we highly advise using the automatic method provided above instead.
Step 1. Access Safe Mode with Networking
Manual malware removal should be best performed in the Safe Mode environment.
Windows 7 / Vista / XP
- Click Start > Shutdown > Restart > OK.
- When your computer becomes active, start pressing F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
- Select Safe Mode with Networking from the list.
Windows 10 / Windows 8
- Right-click on Start button and select Settings.
- Scroll down to pick Update & Security.
- On the left side of the window, pick Recovery.
- Now scroll down to find Advanced Startup section.
- Click Restart now.
- Select Troubleshoot.
- Go to Advanced options.
- Select Startup Settings.
- Press Restart.
- Now press 5 or click 5) Enable Safe Mode with Networking.
Step 2. Shut down suspicious processes
Windows Task Manager is a useful tool that shows all the processes running in the background. If malware is running a process, you need to shut it down:
- Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
- Click on More details.
- Scroll down to Background processes section, and look for anything suspicious.
- Right-click and select Open file location.
- Go back to the process, right-click and pick End Task.
- Delete the contents of the malicious folder.
Step 3. Check program Startup
- Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
- Go to Startup tab.
- Right-click on the suspicious program and pick Disable.
Step 4. Delete virus files
Malware-related files can be found in various places within your computer. Here are instructions that could help you find them:
- Type in Disk Cleanup in Windows search and press Enter.
- Select the drive you want to clean (C: is your main drive by default and is likely to be the one that has malicious files in).
- Scroll through the Files to delete list and select the following:
Temporary Internet Files
Downloads
Recycle Bin
Temporary files - Pick Clean up system files.
- You can also look for other malicious files hidden in the following folders (type these entries in Windows Search and press Enter):
%AppData%
%LocalAppData%
%ProgramData%
%WinDir%
After you are finished, reboot the PC in normal mode.
Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Steriok and other ransomwares, use a reputable anti-spyware, such as FortectIntego, SpyHunter 5Combo Cleaner or Malwarebytes
How to prevent from getting ransomware
Choose a proper web browser and improve your safety with a VPN tool
Online spying has got momentum in recent years and people are getting more and more interested in how to protect their privacy online. One of the basic means to add a layer of security – choose the most private and secure web browser. Although web browsers can't grant full privacy protection and security, some of them are much better at sandboxing, HTTPS upgrading, active content blocking, tracking blocking, phishing protection, and similar privacy-oriented features. However, if you want true anonymity, we suggest you employ a powerful Private Internet Access VPN – it can encrypt all the traffic that comes and goes out of your computer, preventing tracking completely.
Lost your files? Use data recovery software
While some files located on any computer are replaceable or useless, others can be extremely valuable. Family photos, work documents, school projects – these are types of files that we don't want to lose. Unfortunately, there are many ways how unexpected data loss can occur: power cuts, Blue Screen of Death errors, hardware failures, crypto-malware attack, or even accidental deletion.
To ensure that all the files remain intact, you should prepare regular data backups. You can choose cloud-based or physical copies you could restore from later in case of a disaster. If your backups were lost as well or you never bothered to prepare any, Data Recovery Pro can be your only hope to retrieve your invaluable files.
- ^ Understanding Software Vulnerabilities and How to Prevent Them. Espeo. Business solutions.
- ^ Jonathan Greig. REvil ransomware operators claim group is ending activity again, victim leak blog now offline. ZDNet. Technology News, Analysis, Comments.
- ^ DarkSide Ransomware Gang Quits After Servers, Bitcoin Stash Seized. Krebs on Security. Security research blog.