Rastakhiz Ransomware Removal Guide

You need to keep your operating system protected against Rastakhiz Ransomware because once this malicious file-encrypting threat slithers in, it might determine the end of some of your personal files. This devious threat derives from the Hidden-Tear family as it was created using the same code as other threats, including Onion3Cry Ransomware, Explorer Ransomware, and FlatChestWare Ransomware. The developers of these threats might be different, but they all want one thing, and that is your money. The infections are created to serve this evil desire because they encrypt files so that cyber criminals could demand ransom fees in return for alleged decryptors. Of course, the creators of ransomware do not keep their promises, and those who are tricked into paying for decryption software or keys end up with empty wallets and encrypted files. You can find more information about the encryption of your personal files in this report, but we mainly focus on how to delete Rastakhiz Ransomware. If you are interested in removal, this is the article you need to read.

Do you keep any of your personal files in the %USERPROFILE% directory? According to our research team, Rastakhiz Ransomware specifically targets files in the Contacts, Desktop, Documents, Downloads, Favorites, Links, Music, OneDrive, Pictures, Saved Games, Searches, and Videos folders within this directory. The threat is also selective about the files it encrypts. Naturally, it does not go after files that can be replaced or recovered. Instead, it encrypts photos (e.g., JPG files), documents (e.g., PDF, DOC, and DOCX files), or media files (e.g., MP3, MP4, and MOV files). When files are encrypted, the unique “.RASTAKHIZ” extension is added to their names. That should make it much easier for you to see which files were hit by Rastakhiz Ransomware, and that, of course, is very important to do because you need to assess the damage. Maybe you will find that the corrupted files are backed up? Backing up data is important not only because of carelessness or potential computer damage but also because more and more ransomware threats that target your personal files emerge every day. If you are not using backups yet, you should start as soon as the malicious ransomware is deleted from your system.

We cannot confirm this yet, but it appears that the file used by Rastakhiz Ransomware should be called “#R3@D_M3#.txt”. The purpose of this file should be to introduce you to the Bitcoin Address set up by cyber criminals. According to our analysis, this address is 1Q5VprvKoBmPBncC7yZLURkcQ7FG9xnMKv. Whatever you do, do not rush to transfer any money, even if a decryptor is offered in return. Cyber crooks are trying to scam you, and once the money is received, they do not need to do anything. If you think that they will waste their time providing you with a decryption tool, you are mistaken. All that the developer of Rastakhiz Ransomware cares about is your money, and they could not care less about your files being lost for good. For them, you are just another number indicating another victory.

When the malicious Rastakhiz Ransomware slithers into your operating system, its launcher is copied to the %HOMEDRIVE%\rastakhiz\ folder as “rastakh1z.exe”. This is the file you need to focus on removing, but, of course, you must not forget about the launcher file as well. Afterward, all there is left for you to do is to erase the ransom note file, and, possibly, the corrupted files as well. If backups exist, you should not hesitate about this because you will be able to transfer the unaffected copies back onto your PC. Of course, you should do this only after you remove Rastakhiz Ransomware. If backups do not exist, you might want to store all corrupted files in one folder. Although that is highly unlikely to happen, a decryptor could become available, and so you want to keep your options open. You also need to think about protection. If you do not protect your operating system, other threats could invade your operating system in the future! This is why you must consider employing anti-malware software, the kind of software that can protect your system and automatically erase all existing threats.

How to delete Rastakhiz Ransomware

1. Identify the launcher file, right-click it, and select Delete.
2. Launch Explorer by tapping Win+E and then enter %HOMEDRIVE% into the bar at the top.
3. Right-click and Delete the folder named rastakhiz with the malicious rastakh1z.exe file inside.
4. Move to the Desktop and right-click and Delete the file named #R3@D_M3#.txt.
5. Empty Recycle Bin and quickly perform a full system scan to check for malware leftovers.