A new updated version of Amnesia Ransomware has been released recently. Specialists tend to call it Amnesia 2 Ransomware because it is a new version of already existing ransomware. Although it is known to be the latest version, we cannot say that it differs much from its predecessor. Generally speaking, there is one main activity it performs on users’ computers. First, it sneaks onto computers illegally and then encrypts important users’ files like pictures, images, and media files the second it finds where they are stored. Ransomware infections lock users’ files seeking to extract money from them easier. Cyber criminals know well that users will not send them money voluntarily, so to obtain money from them, they create ransomware infections locking files and then demanding money in exchange for the private decryption key. Amnesia 2 Ransomware demands money too but we have not found this surprising at all because all ransomware infections perform this activity. Do not transfer your money to malware developers because there are no guarantees that you will get your files back. Also, we believe that there is no point in giving cyber criminals money because these ruined files can be decrypted with a free decryptor which has already been released by specialists (you can easily download it from the web).
Ransomware infections enter computers having the only goal - to encrypt users’ files, so Amnesia 2 Ransomware will find and lock files the first thing after slithering onto the computer too. Although it locks those files without permission, it does not take long to notice which files have been corrupted. They all get a new extension, either .01 or .02. In addition, it changes original names of all files it encrypts. They get a random name consisting of alphanumeric characters. For example, your file picture.jpg might become 3w000000002-HXHJsGRWVDQfY8noDv79.02. After the encryption, a new file RECOVER-FILES.html explaining how to get files back is created in every folder containing encrypted files. Users find out that only a special decryptor can unlock their files, and, of course, nobody is going to give it for them for free. They are told that they can purchase it for 0.5 Bitcoin (~ $1400) from cyber criminals. Only two days are given to users to make a payment, and the clock is ticking down. After paying a ransom, users also have to submit their email addresses and click Enter. Do not even consider paying a ransom because there is a huge possibility that you will be left without your files and without money. It does not mean that it is impossible to get files back – users can recover their files with the help of a free decryption tool. Also, files can be recovered from a backup located outside the system. Before you start the data recovery, uninstall a ransomware infection fully.
Researchers at 411-spyware.com have also carried out research to find more about the distribution of this malicious application. It has revealed that Amnesia 2 Ransomware is spread just like its predecessor Amnesia Ransomware. First, it might be distributed via spam emails. Users, of course, are not told that malware will enter their PCs if they open attachments found in them. Second, it might be spread via Remote Desktop Protocol (RDP) brute force attacks. Unfortunately, ransomware infections are threats that are not easy to prevent from entering PCs. To be frank, we do not think that inexperienced users could do that even if we tell them what to do, so we highly recommend installing a reputable security application – it will protect the system 24/7.
Your files will not be unlocked if you delete Amnesia 2 Ransomware, but you could download a free tool and decrypt them using it after getting rid of this ransomware infection. Its removal does not require having specific knowledge – you simply need to have general knowledge about computers. Also, our manual removal guide will help you delete it, so it should not be a very daunting task. What you will need to do is to find and delete all suspicious recently downloaded files. If you find this process too difficult, or simply cannot find any suspicious files downloaded recently, you should use an automatic malware remover – download it from the web, install it on your PC, and launch it to scan your system fully. Even though your files will not be unlocked, all active components of the ransomware infection will be erased.