Space_rangers@aol.com Ransomware Removal Guide

Ransomware is one of the most dangerous malware type you can encounter. Space_rangers@aol.com Ransomware is a newly discovered ransomware that you ought to remove as soon as possible. It sets out to infect your computer secretly and encrypt your most valuable files and then demand that you purchase the decryption tool for decrypting them. This ransomware is distributed via email spam and can infect your unprotected PC when you open the featured file attachment. Once on your computer, it will wreak havoc on it and make most of the files on it inaccessible.

Space_rangers@aol.com Ransomware uses the RSA cryptosystem with a 2048-bit key. Hence, the encryption is quite strong, and it is widely acknowledged that the RSA encryption algorithm is undecryptable. Still, if security researchers manage to find a vulnerability in this ransomware’s design, then they may develop a free decryption tool. However, whether someone will be able to do that remains to be seen. So, in the meantime, the only way you can get your files back is by purchasing the decryption tool from this ransomware’s developer, but we want to stress that there is no guarantee that you will receive this tool once you have paid for it. Based on our experience with previously released ransomware including Melme@india.com Ransomware, Malevich Ransomware, and so on, we are of the opinion that the decryption tool for this new ransomware should cost at least 2 BTC, an approximate 1,300 USD. Nevertheless, the sum can go up as it really depends on each case. This ransomware does not state the amount to be paid in its ransom note, but it is revealed once you contact the developer using the provided email address.

Now, let us get into some of the technical information regarding Space_rangers@aol.com Ransomware. Our research has revealed that its main executable is named randomly, and the name consists of uppercase and lowercase characters arranged in a random manner. This executable is set to be placed in one of seven predetermined locations. While testing this program, the main executable was dropped in %WINDIR%\Syswow64, but our research suggests that it can also be dropped in %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup, %ALLUSERSPROFILE%\Start Menu\Programs\Startup, and several other locations as well and you have to check all of them if you want to delete this infection on your own.

Furthermore, Space_rangers@aol.com Ransomware will create an REG_SZ registry string at HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run whose Value data line contains the file path of the executable. This string is set to launch this ransomware on each system startup. After encrypting the files, it will drop two non-malicious files that act as ransom notes: a file called How to decrypt your files.jpg that is set as the desktop wallpaper and How to decrypt your files.txt that is dropped on the desktop. Both of these files say that you have to write to Space_rangers@aol.com to get your files back.

Our research has concluded that this ransomware is set to encrypt more than a hundred file formats and in this case, these formats include but are not limited to xml .ppt, .pptx, .pdf, .php, .jpg, .png, .exe, .dll, and .odt, .csv, .sql, .mdb, and .hwp. We also want to mention that Space_rangers@aol.com Ransomware is set to encrypt files in nearly all folders on your PC, but it should skip the folders of the operating system. In short, this ransomware sets out to make your computer useless and compel you to purchase the expensive decryption tool.

However, there is no guarantee that you will get the decryptor once you have paid for it. The bottom line is that the amount of money asked for it is unreasonable and very few users can afford to pay it. So, if you want to get rid of it, then we invite you to make use of the manual removal guide provided below. Nevertheless, you can also opt to use an antimalware tool. We recommend SpyHunter because our tests have shown that it is fully capable of locating and removing Space_rangers@aol.com Ransomware in its entirety.

How to delete this ransomware manually

1. Press Windows+E keys.
2. Enter the following paths in the address line.
   • %WINDIR%\Syswow64
   • %WINDIR%\System32
   • %ALLUSERSPROFILE%\Start Menu\Programs\Startup
   • %USERPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup
   • %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup
   • %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\Startup
   • %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
3. Find the executable, right-click it and click Delete.
4. Then, go to C:\Users\{your user name}
5. Find and delete how to decrypt your files.jpg
6. Go to the desktop and delete How to decrypt your files.txt
7. Empty the Recycle Bin.
8. Close File Explorer.
9. Simultaneously press Windows+R keys.
10. Enter regedit in the box and click OK.
11. Go to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
12. Find the REG_SZ string with the Value data line of the executable’s file path (e.g. %WINDIR%\System32\ransomware.exe)