Steriok ransomware (virus) - Free Instructions

Steriok virus Removal Guide

What is Steriok ransomware?

Steriok is a ransomware-type virus that encrypts all personal files and asks for money for their return

Steriok ransomwareSteriok ransomware authors asks uses to create a special email account to contact them

Steriok ransomware is a malicious program for Windows that has started spreading around at the end of November 2021. Just like any other malware of this type, its main goal is to encrypt all personal files on the system and then demand a ransom. Victims of the virus pay cybercriminals when they see no other choice, as their files are extremely important to them. Unfortunately, this action is something that lets the illegal business of ransomware thrive.

There are plenty of ways one can get infected with ransomware – from the most prevalent malspam campaigns to malicious executables found on torrent sites – everything goes as long as it is effective. Without a doubt, victims do not install malware on their devices on purpose; social engineering, phishing, and even software vulnerabilities[1] are used to make the infection be successful.

As soon as a malicious installer manages to execute the code on a computer, it also looks for networked machines to do the same. There are many changes made within Windows for the Steriok virus to do its main job – encrypt all personal files. With the help of a sophisticated encryption algorithm, all pictures, documents, videos, and other files receive the .steriok extension – it also makes them lose their original icons, which are replaced by blank ones.

Suchlike files can no longer be opened or modified, no matter which application is used to do so. At this point, ransomware launches a file titled RESTORE_FILES_INFO.txt, which reads:

all your important files are encrypted!
Any attempts to restore your files with the thrid-party software will be fatal for your files!
RESTORE YOU DATA POSIBLE ONLY BUYING private key from us.
There is only one way to get your files back:
WARNING: 1) install the tor browser (https://www.torproject.org/download)
Сreate new email on servis http://mail2tor2zyjdctd.onion for contact !
write me on steriok@mail2tor.com or proper12132@tutanota.com
Send me your ID in the email

Key Identifier:

A ransom note serves as a communication file that is meant to help cybercriminals and victims seal the deal. Crooks provide instructions on how to download TOR browsers and create a new email account on a special email service and then write an email to them, which should also include the Key identifier.

It is unknown what the ransom might be, is it typically varies from person to person. Whether the asked sum is large or small for you personally, you should not cooperate with the attackers. They might fail to deliver the promised decryptor or provide one that does not work. Remember, they do not care about the interests of victims but just their own, so trusting them is highly risky.

They also claim that alternative data recovery methods would permanently damage your files, which might be true. However, there are ways that this could be prevented without causing damage to files – making copies of them.

Steriok ransomware is a creation of the Prometheus gang, which has its roots in REvil, which, leaks say, seems to be disbanded by this point.[2] The operations behind this group are massive, and it targeted many high-profile companies in the past. Luckily, some versions of the malware produced by the group can be decrypted for free.

Name Steriok ransomware
Type Ransomware, file-locking malware, cryptovirus
Family Thanos
File extension .steriok extension appears at the end of every file name
Ransom note RESTORE_FILES_INFO.txt
Contact steriok@mail2tor.com or proper12132@tutanota.com
Data Recovery The easiest and safest data recovery can be performed via existing backups. If none are available, data recovery software or an existing Prometheus Ransomware Decryptor might be of help in some cases
Malware removal Manual virus removal is not recommended, as it might be difficult for regular users. Instead, anti-malware tools should be used
System fix Malware can seriously tamper with Windows systems, causing errors, crashes, lag, and other stability issues after it is terminated. To remediate the system and avoid its complete corruption, we recommend scanning it with the ReimageIntego repair tool

Ransomware is without a doubt one of the most difficult to deal with computer infections. We have previously talked about Rigj, Palq, LOCK2G, and many other strains, and all of them have one thing in common. Unlike other types of malware, its removal is not the main thing that victims should be worried about – it's what the virus leaves behind. Many people get really upset when they realize that their files remain locked despite their efforts.

However, you should not immediately assume that the situation is completely dire, as some solutions could be available. It is vital that you perform the steps of Steriok ransomware removal in the correct order to have a chance of restoring your files.

Step 1. Remove the infection

There have been plenty of examples when ransomware simply self-destructs after it fulfills its duty – encrypts all the susceptible files on the system and network. This does not always happen, as some malware is programmed to continue encrypting the incoming files to cause even more damage. Likewise, ransomware can leave the system vulnerable and prone to other attacks.

Therefore, you should remove the virus with SpyHunter 5Combo Cleaner, Malwarebytes, or another powerful anti-malware software (if this process is being hindered by the malware itself, accessing Safe Mode can bypass this functionality). Although before you do this, you should disconnect your computer from the internet and network. You can find the instructions on how to perform these steps at the bottom of this post.

Step 2. Backup your files

Cybercriminals mention in their ransom note that using alternative recovery software would permanently damage the encrypted files. While there is no reason to believe them, this point ming be very true, so using recovery software or a decryption tool on your main files should be avoided at all costs.

Instead, you should first make backups of your files before you proceed, so if files actually get corrupted, you still have originals available to you. You can simply copy .steriok files to an external drive (for example, a USB stick) or upload them to the cloud.

Microsoft OneDrive

OneDrive is a built-in tool that comes with every modern Windows version. By default, you get 5 GB of storage that you can use for free. You can increase that storage space, but for a price. Here's how to set up backups for OneDrive:

  1. Click on the OneDrive icon within your system tray.
  2. Select Help & Settings > Settings.
    Go to OneDrive settings
  3. If you don't see your email under the Account tab, you should click Add an account and proceed with the on-screen instructions to set yourself up.
    Add OneDrive account
  4. Once done, move to the Backup tab and click Manage backup.
    Manage backup
  5. Select Desktop, Documents, and Pictures, or a combination of whichever folders you want to backup.
  6. Press Start backup.
    Pick which folders to sync

After this, all the files that are imported into the above-mentioned folders will be automatically backed for you. If you want to add other folders or files, you have to do that manually. For that, open File Explorer by pressing Win + E on your keyboard, and then click on the OneDrive icon. You should drag and drop folders you want to backup (or you can use Copy/Paste as well).

Google Drive

  1. Download the Google Drive app installer and click on it.
    Install Google Drive app
  2. Wait a few seconds for it to be installed.Complete installation
  3. Now click the arrow within your system tray – you should see Google Drive icon there, click it once.
    Google Drive Sign in
  4. Click Get Started.Backup and sync
  5. Enter all the required information – your email/phone, and password.Enter email/phone
  6. Now pick what you want to sync and backup. You can click on Choose Folder to add additional folders to the list.
  7. Once done, pick Next.Choose what to sync
  8. Now you can select to sync items to be visible on your computer.
  9. Finally, press Start and wait till the sync is complete. Your files are now being backed up.

Step 3. Repair system damage

Malware can cause tremendous damage to Windows systems to the point where a full reinstallation could be required. For example, an infection can alter the Windows registry database, damage vital bootup, and other sections, delete or corrupt DLL files, etc. Antivirus software can't repair damaged files, and a specialized app should be used instead.

  • Download ReimageIntego
  • Click on the ReimageRepair.exe
    Reimage download
  • If User Account Control (UAC) shows up, select Yes
  • Press Install and wait till the program finishes the installation processReimage installation
  • The analysis of your machine will begin immediatelyReimage scan
  • Once complete, check the results – they will be listed in the Summary
  • You can now click on each of the issues and fix them manually
  • If you see many problems that you find difficult to fix, we recommend you purchase the license and fix them automatically.Reimage results

Step 4. Attempt to recover .steriok files

There are two types of outlooks of those who get infected with ransomware for the very first time. The first group of people have heard about this type of malware very little and believe that it's just another annoying infection they can simply get rid of with antivirus software, which would also restore their files.

The second group of people believes that their files were permanently corrupted and there is nothing they can do, or the only way out is to pay the ransom. None of these outlooks are entirely correct, as there are plenty of nuances that come with each ransomware infection.

In this case, malware comes from an already established family, so it is not brand new. Trusting cybercriminals is not recommended, although some people might see no other choice. Regardless of what you choose to do, we recommend you try alternative data recovery methods we provide below. Make sure you back up the encrypted files before you proceed with these steps.

Use data recovery software

  • Download Data Recovery Pro.
  • Double-click the installer to launch it.
    Steriok ransomware
  • Follow on-screen instructions to install the software.Install program
  • As soon as you press Finish, you can use the app.
  • Select Everything or pick individual folders where you want the files to be recovered from.Select what to recover
  • Press Next.
  • At the bottom, enable Deep scan and pick which Disks you want to be scanned.Select Deep scan
  • Press Scan and wait till it is complete.Scan
  • You can now pick which folders/files to recover – don't forget you also have the option to search by the file name!
  • Press Recover to retrieve your files.Recover files

Try Prometheus decryptor

In the summer of this year, security researchers at Cycraft released a decryption tool for Prometheus ransomware versions. Visit the website, download the decryptor and use the instructions provided there. Keep in mind that the tool might not work for some virus versions.

Check for other decryptors

There are hundreds of security companies and organizations that are working hard to battle ransomware creators. In some cases, servers where decryption keys are held might get seized,[3] which allows them to be released to the public. Below you can find the most prominent parties that are involved in free data decryption services, which have already helped millions of victims. Keep in mind that an alternative decrytpion tool might take a while to create (if it is possible at all).

No More Ransom Project

Offer
do it now!
Download
Reimage Happiness
Guarantee
Download
Intego Happiness
Guarantee
Compatible with Microsoft Windows Compatible with macOS
What to do if failed?
If you failed to fix virus damage using Reimage Intego, submit a question to our support team and provide as much details as possible.
Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

Getting rid of Steriok virus. Follow these steps

Isolate the infected computer

Some ransomware strains aim to infect not only one computer but hijack the entire network. As soon as one of the machines is infected, malware can spread via network and encrypt files everywhere else, including Network Attached Storage (NAS) devices. If your computer is connected to a network, it is important to isolate it to prevent re-infection after ransomware removal is complete.

The easiest way to disconnect a PC from everything is simply to plug out the ethernet cable. However, in the corporate environment, this might be extremely difficult to do (also would take a long time). The method below will disconnect from all the networks, including local and the internet, isolating each of the machines involved.

  • Type in Control Panel in Windows search and press Enter
  • Go to Network and Internet Network and internet
  • Click Network and Sharing Center Network and internet 2
  • On the left, pick Change adapter settings Network and internet 3
  • Right-click on your connection (for example, Ethernet), and select Disable Network and internet 4
  • Confirm with Yes.

If you are using some type of cloud storage you are connected to, you should disconnect from it immediately. It is also advisable to disconnect all the external devices, such as USB flash sticks, external HDDs, etc. Once the malware elimination process is finished, you can connect your computers to the network and internet, as explained above, but by pressing Enable instead.

Manual removal using Safe Mode

Important! →
Manual removal guide might be too complicated for regular computer users. It requires advanced IT knowledge to be performed correctly (if vital system files are removed or damaged, it might result in full Windows compromise), and it also might take hours to complete. Therefore, we highly advise using the automatic method provided above instead.

Step 1. Access Safe Mode with Networking

Manual malware removal should be best performed in the Safe Mode environment. 

Windows 7 / Vista / XP
  1. Click Start > Shutdown > Restart > OK.
  2. When your computer becomes active, start pressing F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
  3. Select Safe Mode with Networking from the list. Windows 7/XP
Windows 10 / Windows 8
  1. Right-click on Start button and select Settings.
    Settings
  2. Scroll down to pick Update & Security.
    Update and security
  3. On the left side of the window, pick Recovery.
  4. Now scroll down to find Advanced Startup section.
  5. Click Restart now.
    Reboot
  6. Select Troubleshoot. Choose an option
  7. Go to Advanced options. Advanced options
  8. Select Startup Settings. Startup settings
  9. Press Restart.
  10. Now press 5 or click 5) Enable Safe Mode with Networking. Enable safe mode

Step 2. Shut down suspicious processes

Windows Task Manager is a useful tool that shows all the processes running in the background. If malware is running a process, you need to shut it down:

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Click on More details.
    Open task manager
  3. Scroll down to Background processes section, and look for anything suspicious.
  4. Right-click and select Open file location.
    Open file location
  5. Go back to the process, right-click and pick End Task.
    End task
  6. Delete the contents of the malicious folder.

Step 3. Check program Startup

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Go to Startup tab.
  3. Right-click on the suspicious program and pick Disable.
    Startup

Step 4. Delete virus files

Malware-related files can be found in various places within your computer. Here are instructions that could help you find them:

  1. Type in Disk Cleanup in Windows search and press Enter.
    Disk cleanup
  2. Select the drive you want to clean (C: is your main drive by default and is likely to be the one that has malicious files in).
  3. Scroll through the Files to delete list and select the following:

    Temporary Internet Files
    Downloads
    Recycle Bin
    Temporary files

  4. Pick Clean up system files.
    Delete temp files
  5. You can also look for other malicious files hidden in the following folders (type these entries in Windows Search and press Enter):

    %AppData%
    %LocalAppData%
    %ProgramData%
    %WinDir%

After you are finished, reboot the PC in normal mode.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Steriok and other ransomwares, use a reputable anti-spyware, such as ReimageIntego, SpyHunter 5Combo Cleaner or Malwarebytes

How to prevent from getting ransomware

Choose a proper web browser and improve your safety with a VPN tool

Online spying has got momentum in recent years and people are getting more and more interested in how to protect their privacy online. One of the basic means to add a layer of security – choose the most private and secure web browser. Although web browsers can't grant full privacy protection and security, some of them are much better at sandboxing, HTTPS upgrading, active content blocking, tracking blocking, phishing protection, and similar privacy-oriented features. However, if you want true anonymity, we suggest you employ a powerful Private Internet Access VPN – it can encrypt all the traffic that comes and goes out of your computer, preventing tracking completely.

 

Lost your files? Use data recovery software

While some files located on any computer are replaceable or useless, others can be extremely valuable. Family photos, work documents, school projects – these are types of files that we don't want to lose. Unfortunately, there are many ways how unexpected data loss can occur: power cuts, Blue Screen of Death errors, hardware failures, crypto-malware attack, or even accidental deletion.

To ensure that all the files remain intact, you should prepare regular data backups. You can choose cloud-based or physical copies you could restore from later in case of a disaster. If your backups were lost as well or you never bothered to prepare any, Data Recovery Pro can be your only hope to retrieve your invaluable files.

About the author
Linas Kiguolis
Linas Kiguolis - Expert in social media

If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Linas Kiguolis
About the company Esolutions

References