Skip to content
  • Active
  • Severity: High
  • Ransomware
  • Windows
  • Verified · Nov 2021

How to remove Steriok ransomware

A step-by-step removal guide for affected devices. Follow the verified procedure below — most readers complete it in under 10 minutes.

Linas Kiguolis · Expert in social media

Steriok is a ransomware-type virus that encrypts all personal files and asks for money for their return

Steriok ransomware

Steriok ransomware is a malicious program for Windows that has started spreading around at the end of November 2021. Just like any other malware of this type, its main goal is to encrypt all personal files on the system and then demand a ransom. Victims of the virus pay cybercriminals when they see no other choice, as their files are extremely important to them. Unfortunately, this action is something that lets the illegal business of ransomware thrive.

There are plenty of ways one can get infected with ransomware – from the most prevalent malspam campaigns to malicious executables found on torrent sites – everything goes as long as it is effective. Without a doubt, victims do not install malware on their devices on purpose; social engineering, phishing, and even software vulnerabilities[1] are used to make the infection be successful.

As soon as a malicious installer manages to execute the code on a computer, it also looks for networked machines to do the same. There are many changes made within Windows for the Steriok virus to do its main job – encrypt all personal files. With the help of a sophisticated encryption algorithm, all pictures, documents, videos, and other files receive the .steriok extension – it also makes them lose their original icons, which are replaced by blank ones.

Suchlike files can no longer be opened or modified, no matter which application is used to do so. At this point, ransomware launches a file titled RESTORE_FILES_INFO.txt, which reads:

all your important files are encrypted!
Any attempts to restore your files with the thrid-party software will be fatal for your files!
RESTORE YOU DATA POSIBLE ONLY BUYING private key from us.
There is only one way to get your files back:
WARNING: 1) install the tor browser (https://www.torproject.org/download)
Сreate new email on servis http://mail2tor2zyjdctd.onion for contact !
write me on steriok@mail2tor.com or proper12132@tutanota.com
Send me your ID in the email

Key Identifier:

A ransom note serves as a communication file that is meant to help cybercriminals and victims seal the deal. Crooks provide instructions on how to download TOR browsers and create a new email account on a special email service and then write an email to them, which should also include the Key identifier.

It is unknown what the ransom might be, is it typically varies from person to person. Whether the asked sum is large or small for you personally, you should not cooperate with the attackers. They might fail to deliver the promised decryptor or provide one that does not work. Remember, they do not care about the interests of victims but just their own, so trusting them is highly risky.

They also claim that alternative data recovery methods would permanently damage your files, which might be true. However, there are ways that this could be prevented without causing damage to files – making copies of them.

Steriok ransomware is a creation of the Prometheus gang, which has its roots in REvil, which, leaks say, seems to be disbanded by this point.[2] The operations behind this group are massive, and it targeted many high-profile companies in the past. Luckily, some versions of the malware produced by the group can be decrypted for free.

Name Steriok ransomware
Type Ransomware, file-locking malware, cryptovirus
Family Thanos
File extension .steriok extension appears at the end of every file name
Ransom note RESTORE_FILES_INFO.txt
Contact steriok@mail2tor.com or proper12132@tutanota.com
Data Recovery The easiest and safest data recovery can be performed via existing backups. If none are available, data recovery software or an existing Prometheus Ransomware Decryptor might be of help in some cases
Malware removal Manual virus removal is not recommended, as it might be difficult for regular users. Instead, anti-malware tools should be used
System fix Malware can seriously tamper with Windows systems, causing errors, crashes, lag, and other stability issues after it is terminated. To remediate the system and avoid its complete corruption, we recommend scanning it with the FortectIntego repair tool

Ransomware is without a doubt one of the most difficult to deal with computer infections. We have previously talked about RigjPalqLOCK2G, and many other strains, and all of them have one thing in common. Unlike other types of malware, its removal is not the main thing that victims should be worried about – it's what the virus leaves behind. Many people get really upset when they realize that their files remain locked despite their efforts.

However, you should not immediately assume that the situation is completely dire, as some solutions could be available. It is vital that you perform the steps of Steriok ransomware removal in the correct order to have a chance of restoring your files.

Step 1. Remove the infection

There have been plenty of examples when ransomware simply self-destructs after it fulfills its duty – encrypts all the susceptible files on the system and network. This does not always happen, as some malware is programmed to continue encrypting the incoming files to cause even more damage. Likewise, ransomware can leave the system vulnerable and prone to other attacks.

Therefore, you should remove the virus with SpyHunterCombo Cleaner, MalwarebytesMalwarebytes, or another powerful anti-malware software (if this process is being hindered by the malware itself, accessing Safe Mode can bypass this functionality). Although before you do this, you should disconnect your computer from the internet and network. You can find the instructions on how to perform these steps at the bottom of this post.

Step 2. Backup your files

Cybercriminals mention in their ransom note that using alternative recovery software would permanently damage the encrypted files. While there is no reason to believe them, this point ming be very true, so using recovery software or a decryption tool on your main files should be avoided at all costs.

Instead, you should first make backups of your files before you proceed, so if files actually get corrupted, you still have originals available to you. You can simply copy .steriok files to an external drive (for example, a USB stick) or upload them to the cloud.

Microsoft OneDrive

OneDrive is a built-in tool that comes with every modern Windows version. By default, you get 5 GB of storage that you can use for free. You can increase that storage space, but for a price. Here's how to set up backups for OneDrive:

  1. Click on the OneDrive icon within your system tray.
  2. Select Help & Settings > Settings.
    Go to OneDrive settings
  3. If you don't see your email under the Account tab, you should click Add an account and proceed with the on-screen instructions to set yourself up.
    Add OneDrive account
  4. Once done, move to the Backup tab and click Manage backup.
    Manage backup
  5. Select Desktop, Documents, and Pictures, or a combination of whichever folders you want to backup.
  6. Press Start backup.
    Pick which folders to sync

After this, all the files that are imported into the above-mentioned folders will be automatically backed for you. If you want to add other folders or files, you have to do that manually. For that, open File Explorer by pressing Win + E on your keyboard, and then click on the OneDrive icon. You should drag and drop folders you want to backup (or you can use Copy/Paste as well).

Google Drive

  1. Download the Google Drive app installer and click on it.
    Install Google Drive app
  2. Wait a few seconds for it to be installed.Complete installation
  3. Now click the arrow within your system tray – you should see Google Drive icon there, click it once.
    Google Drive Sign in
  4. Click Get Started.Backup and sync
  5. Enter all the required information – your email/phone, and password.Enter email/phone
  6. Now pick what you want to sync and backup. You can click on Choose Folder to add additional folders to the list.
  7. Once done, pick Next.Choose what to sync
  8. Now you can select to sync items to be visible on your computer.
  9. Finally, press Start and wait till the sync is complete. Your files are now being backed up.

Step 3. Repair system damage

Malware can cause tremendous damage to Windows systems to the point where a full reinstallation could be required. For example, an infection can alter the Windows registry database, damage vital bootup, and other sections, delete or corrupt DLL files, etc. Antivirus software can't repair damaged files, and a specialized app should be used instead.

  • Download FortectIntego
  • Click on the ReimageRepair.exe
    Reimage download
  • If User Account Control (UAC) shows up, select Yes
  • Press Install and wait till the program finishes the installation processReimage installation
  • The analysis of your machine will begin immediatelyReimage scan
  • Once complete, check the results – they will be listed in the Summary
  • You can now click on each of the issues and fix them manually
  • If you see many problems that you find difficult to fix, we recommend you purchase the license and fix them automatically.Reimage results

Step 4. Attempt to recover .steriok files

There are two types of outlooks of those who get infected with ransomware for the very first time. The first group of people have heard about this type of malware very little and believe that it's just another annoying infection they can simply get rid of with antivirus software, which would also restore their files.

The second group of people believes that their files were permanently corrupted and there is nothing they can do, or the only way out is to pay the ransom. None of these outlooks are entirely correct, as there are plenty of nuances that come with each ransomware infection.

In this case, malware comes from an already established family, so it is not brand new. Trusting cybercriminals is not recommended, although some people might see no other choice. Regardless of what you choose to do, we recommend you try alternative data recovery methods we provide below. Make sure you back up the encrypted files before you proceed with these steps.

Use data recovery software

  • Download Data Recovery Pro.
  • Double-click the installer to launch it.
  • Follow on-screen instructions to install the software.Install program
  • As soon as you press Finish, you can use the app.
  • Select Everything or pick individual folders where you want the files to be recovered from.Select what to recover
  • Press Next.
  • At the bottom, enable Deep scan and pick which Disks you want to be scanned.Select Deep scan
  • Press Scan and wait till it is complete.Scan
  • You can now pick which folders/files to recover – don't forget you also have the option to search by the file name!
  • Press Recover to retrieve your files.Recover files

Try Prometheus decryptor

In the summer of this year, security researchers at Cycraft released a decryption tool for Prometheus ransomware versions. Visit the website, download the decryptor and use the instructions provided there. Keep in mind that the tool might not work for some virus versions.

Check for other decryptors

There are hundreds of security companies and organizations that are working hard to battle ransomware creators. In some cases, servers where decryption keys are held might get seized,[3] which allows them to be released to the public. Below you can find the most prominent parties that are involved in free data decryption services, which have already helped millions of victims. Keep in mind that an alternative decrytpion tool might take a while to create (if it is possible at all).

No More Ransom Project

Be the first to comment

Spyware news
Privacy preferences

We use cookies to improve your experience and analyze traffic. Some cookies enable embedded content like videos and social posts. Choose what you allow — you can change this anytime.