If you can locate 0_HELP_DECRYPT_FILES.txt, 0_HELP_DECRYPT_FILES.html, 0_HELP_DECRYPT_FILES2.txt, and 0_HELP_DECRYPT_FILES2.html on your PC, Styx Ransomware must have infiltrated your computer. This threat belongs to the category of one of the most harmful infections – crypto-malware, so it causes a lot of trouble to users whose computers it manages to infiltrate successfully. Like all other ransomware infections, it wants users’ money, so it goes to encrypt their files mercilessly the first thing after the entrance. It uses AES-256, a strong cipher, to lock victims’ files. Also, it deletes all Shadow Volume Copies of files with the command vssadmin.exe delete shadows /all /quiet in order to make it impossible for users to decrypt those encrypted files for free. Some users make a decision to purchase “the private key and a decrypt program” from cyber criminals behind this ransomware infection because they find all important files, including pictures and documents completely locked and need them back, but you should definitely not be one of them. No matter what your final decision is, i.e. you decide to purchase the decryption key from crooks or not, you should know that this ransomware infection will not disappear from your system, meaning that you will need to delete it with your own hands. If you do not eliminate it completely from your system, you might discover even more files locked on your system because this threat will definitely not miss an opportunity to encrypt new data if you ever launch it accidentally again.
Styx Ransomware does not encrypt files right away. Once the malicious file is executed and the ransomware infection starts working, first of all it collects some details about victims. Also, it tries to establish communication with the C&C server. If it manages to do that, the encryption of files starts. Research conducted by specialists working at 411-spyware.com has shown that Styx Ransomware targets a bunch of different files, including those with .docx, .hwp, .vbk, .xml, .rtf, .sxw, .pot, .pdf, .ac, .xlsm, .ppsm, .ppsx, .rtf, .java, .php, and other filename extensions. When the file is encrypted, it gets the .styx extension appended, so it is not hard to say which files have been locked. Styx Ransomware not only locks data it finds on compromised machines, but also drops several ransom notes (they are listed at the beginning of this report) in such directories as %USERPROFILE%\Desktop, %USERPROFILE%\Documents, %USERPROFILE%\Pictures, %USERPROFILE%\Music, %APPDATA%, and %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup. No matter you open the ransom note in the .html or .txt format, you will find out that “All of your files have been encrypted!.” Also, you will find out how you can unlock your files – you need to pay 300 USD worth of Bitcoin to crooks. Unfortunately, there are no other options available. Crooks promise to send the decryption key to victims who pay the ransom within 1 hour, but, to be frank, it might be a lie. They will not return your money to you if you do not get the decryptor, so we are strictly against sending money to malicious software developers.
Even though there are hundreds of ransomware infections that enter users’ computers illegally and then encrypt files on them, Styx Ransomware is the one that should be blamed for encrypting your personal files if they now have the .styx extension appended. Our specialists say that it is often distributed via malicious emails, so the chances are high that users often allow it to enter their systems themselves by opening attachments from these malicious emails. If you are sure it has entered your system in a different way, you still need to remove this ransomware infection fully from your computer. Then, go to enable security software on your computer if you do not want to find your personal files encrypted ever again.
There are only two things you need to do to remove Styx Ransomware fully from your computer. First, find and erase the malicious file launched. Second, remove all ransom notes dropped by this threat. You can also delete it automatically if you want to, but it should not be hard to erase it manually as well. Once this threat is removed from the computer, you should check your USB flash drive if it was connected to your PC at the time of its entrance because it could have made a copy of itself there too.
|#||File Name||File Size (Bytes)||File Hash|
|1||0_HELP_DECRYPT_FILES2.html||2919 bytes||MD5: b55ddd40acf0b8e49fb5b5442f872c9a|
|2||0_HELP_DECRYPT_FILES.html||2919 bytes||MD5: b55ddd40acf0b8e49fb5b5442f872c9a|
|3||Styx Ransom.exe||35840 bytes||MD5: d3a28981bf09718ebc54f9cbeaa0eb99|
|4||0_HELP_DECRYPT_FILES2.txt||2016 bytes||MD5: b4c28c9a0bc931b5285eda94361cba34|
|5||0_HELP_DECRYPT_FILES.txt||2016 bytes||MD5: b4c28c9a0bc931b5285eda94361cba34|
|#||Process Name||Process Filename||Main module size|
|1||Styx Ransom.exe||Styx Ransom.exe||35840 bytes|