Symbiom Ransomware is supposed to lock user’s data with a strong encryption algorithm called AES, although the sample our researchers tested for some reason failed to complete this task. Nonetheless, it was determined that the application has the ability to encrypt specific file types that we will list further in the text. Either way, we advise you to eliminate the infection with no hesitation no matter if it succeeds to lock your files or not. To help users erase it faster, we are offering our recommended removal steps located below the text. It would be naïve to believe the cyber criminals behind Symbiom Ransomware care about the harm they cause you. In other words, they can easily take the money you transfer without helping you to decrypt your data. There are a couple of other options users could try to get the encrypted files back and if you continue reading the text you will learn of them, as well as the threat’s working manner, possible distribution methods, and some other important details.
So far the actual Symbiom Ransomware’s distribution method is still unknown, but since we have encountered numerous other similar threats; we can list a couple of the most popular ways to spread such malware. For starters, we should probably mention Spam emails as we often encounter infections that travel this way. The targeted victim should receive email carrying malicious application’s launcher. This file could be delivered with a message urging to open it, or there could be no text at all. Also, hackers quite often disguise such data by making it look like text documents, pictures, and so on. Therefore, you should be extra cautious with files coming from unknown sources or raising even the slightest suspicion. The other way to distribute such infections is through malicious software installers or fake updates shared on unreliable file-sharing web pages, etc.
The interesting part is that the malware might drop its ransom note before it even begins encrypting your data. This means users may have a chance to stop the infection if they manage to notice a file called README_Ransomware_Symbiom.txt in time. In such case, we would recommend to go to your Task Manager and try to kill the malicious application’s process or turn off the computer to do so. However, if you do not notice anything, the infection may encrypt files with the following extensions: .txt, .doc, .docx, .xls, .xlsx, .pptx, .ppt, .odt, .hwp, .pdf, .rtf, .swx, .psd, .jpg, .jpeg, .png, .mp3, .mp4, .avi, .wmv, .mov, .swf, .wav, .raw, .zip, .rar, .tar, and so on. All of the locked files should have a second extension called .symbiom_ransomware_locked. Like we said earlier, data marked by this extension is locked with a secure cryptosystem making it impossible to access it.
The mentioned ransom note should offer user help with data decryption in exchange for a payment of 0.1 BTC or around 282 US dollars. The sum might seem insignificant compared to the precious files that might have been lost, but keep it in mind the money could be lost in vain as there is not knowing whether the hackers will keep up to their promise. Plus, users could try various recovery tools or use their backup copies to get data back. Moreover, it was determined Symbiom Ransomware is based on an open source malware called Hidden Tear Ransomware. Luckily, there is a decryption tool for the mentioned threat, and it might work on files encrypted by Symbiom Ransomware too.
Of course, before any attempts, you should erase the malicious application and make copies of locked data to try recovery tools on the copies first, in case something goes wrong. To remove the malware manually, have a look at the recommended deletion steps available below the paragraph. If the process seems complicated or you fear there could be other threats on the system besides Symbiom Ransomware, it would be best to use a reliable security tool. Just set it to scan the system and wait till results show up. Then click the removal button, and all of the detections should be eliminated at once.