8chan Ransomware Removal Guide

A new ransomware infection – 8chan Ransomware – was discovered by the research team at 411-spyware.com. The infection was analyzed thoroughly, and now researchers can say with confidence that this malicious application is not completely new crypto-malware. According to them, it is very likely that 8chan Ransomware is a new version of Scarab Ransomware (you can find more about it at 411-spyware.com). Unlike its predecessor, this threat should be decryptable, specialists say. In other words, it might be possible to unlock files encrypted by this ransomware infection. Yes, 8chan Ransomware is one of those infections that mercilessly lock files on victims’ computers. It performs this activity purposefully – it wants users’ money. A ransom note dropped and opened for users does not tell them that they will need to transfer a ransom. Victims are only told to drop an email message to the author of the ransomware infection. If you are not going to send a cent to crooks behind this malicious application, do not bother writing an email too. Instead, focus on the removal of 8chan Ransomware. It should be noted that it deletes itself once it performs all its malicious activities, but there are still several components you will have to erase from your computer. Continue reading to find out more!

8chan Ransomware will lock files found on your computer without mercy. According to specialists, it should not differ much from previously-analyzed ransomware infections. That is, they think that this malicious application will lock important documents, pictures, music, videos, and other files the majority of users consider valuable and important. As research has shown, it will append one of three extensions to encrypted files:  .decrypts@8chan.co, .777@8chan.co, or .recover@8chan.co. Because of this, you will not need to do research to find out which of your files have been locked – it will be enough to check how your personal data looks. 8chan Ransomware does not limit itself to this one activity. It will also drop a ransom note on your computer once it is done with your personal files. HOW TO RECOVER ENCRYPTED FILES-[the extension used].txt contains a short message. Users are instructed to write an email message to the email address indicated in the file. We can assure you – you will be asked to send the ransom sooner or later. If you are not going to do this, do not waste your time on contacting cyber criminals. Instead, remove the ransomware infection fully ASAP and then recover your data. As mentioned, there is a possibility that 8chan Ransomware is decryptable. Alternatively, if you have ever created a backup of the most important files, you could restore all encrypted files from it with the single click.

It seems that 8chan Ransomware does not differ from other ransomware infections at all if we talk about its distribution. As has been observed by researchers, it is also mainly distributed via spam emails. Additionally, it might illegally enter users’ computers if their Remote Desktop Protocol credentials are unsafe. If you ever get infected with 8chan Ransomware, there is a huge possibility that additional infections will be dropped on your system by this ransomware infection too. The sample of 8chan Ransomware tested by our malware analysts dropped the Trojan downloader to %APPDATA%\Microsoft and %TEMP%. Of course, it might drop other threats too. Do not forget to remove all active infections from your computer!

Cyber criminals will not stop developing new applications soon, so you should not keep your system unprotected. Of course, you should become more cautious yourself too, but you should definitely install a security application to prevent even the most harmful infections from entering your computer ASAP. Make sure the application you install on your PC to protect yourself against malware is 100% trustworthy – hundreds of malicious applications pretend to be powerful antimalware scanners.

Even though the ransomware infection deletes itself after locking data on victims’ computers, it does not mean that there is nothing to remove. 8chan Ransomware creates a Value in the Run registry key for its ransom note so that it would be displayed to victims automatically. Also, you might need to remove malicious components of the additional infection dropped on your computer.

Delete 8chan Ransomware

1. Press Win+R.
2. Type regedit and then tap Enter.
3. Move to HKU\[users_ID]\Software\Microsoft\Windows\CurrentVersion\Run.
4. Locate the Value representing 8chan Ransomware.
5. Select it and press Delete on your keyboard.
6. Delete the Value of the Trojan downloader too if you can locate it there.
7. Close Registry Editor.
8. Go to %APPDATA%\Microsoft and %TEMP%.
9. Remove all recently added suspicious files.
10. Delete the ransom note (HOW TO RECOVER ENCRYPTED FILES-[extension_used_by_ransomware].txt) from all affected directories on your PC.
11. Right-click on your Recycle Bin and select Empty Recycle Bin.
12. Scan your system with a diagnostic antimalware scanner.