CONTI Ransomware Removal Guide

If your personal files were corrupted by CONTI Ransomware, you might be thinking about contacting the cybercriminals who created this malware. Hopefully, you have not initiated communication yet because exposing yourself to cyber attackers in such a way is extremely dangerous. If you are 100% sure that you want to email the attackers, you should at least create an email account that you could remove afterward. Why is this important? That is because once cybercriminals record your email address, they can terrorize you and try to scam you again and again, and we are sure that that is not what you want. Of course, even if you create a new email account, you are still at risk of being exposed to malware because even though you are unlikely to obtain a decryptor that is meant to restore the encrypted files, the attackers could send you malware posing as a decryptor. To learn more about this and also how to delete CONTI Ransomware, continue reading.

CONTI Ransomware is similar to BlueCheeser Ransomware, JackSparrow Ransomware, Dewar Ransomware, and a ton of other file-encrypting threats that are primarily built as tools for money extortion. They usually use spam emails, RDP vulnerabilities, and malicious downloaders to slither in without notice, and if trusted security software is not installed to catch and remove malware in time, attacks are performed silently. Just like most other threats of its kind, CONTI Ransomware encrypts files, and it does that using a unique encryptor that only the attackers can decipher. In some cases, free decryptors are built by malware researchers. This is the case, for example, with most STOP Ransomware variants. Unfortunately, the vast majority of file encryptors remain undecryptable. That is why this kind of malware is thriving. Once files are encrypted – and the “.CONTI” extension is appended to their names to mark them – the attackers make their demands. CONTI drops a file named “CONTI_README.txt” for this purpose.

The text file is dropped to every folder that has encrypted files inside, and so you cannot miss it. Opening this file is safe, but you will want to delete every single copy in the end. The message inside reads: “Your system is LOCKED. Write us on the emails.” The only demand from the CONTI Ransomware creator is that you email mantiticvi1976@protonmail.com and fahydremu1981@protonmail.com, but of course, this is not the action that would lead to the decryption of files. The attackers want you to contact them so that they could make further demands, and these are likely to include paying a ransom. As we mentioned already, sending messages to the attackers is risky and, therefore, should not be done. When it comes to a ransom, we definitely do not recommend paying it because there are zero guarantees that you would be offered anything in return for it. Hopefully, you do not need to take such a risk at all because copies of all of your personal files exist outside the computer. In this case, you should focus on the CONTI Ransomware removal.

Whether or not you have backups, we advise removing CONTI Ransomware as soon as possible. This malware was created to terrorize you, and cybercriminals behind it have no intention of helping you. All they care about is money, and they are likely to trick you into giving it away in return for alleged decryption software. If you do not have backups, you might be willing to take a risk, but make sure you weigh all pros and cons beforehand. If you have backups stored outside the infected computer, delete CONTI Ransomware, secure your operating system, and then, if need be, transfer the copies of your files to replace the infected ones. To remove the infection, you have two main options. You can either delete the threat manually, which can be impossible if you cannot locate the launcher (it could be located anywhere on the computer), or you can employ anti-malware software. Without a doubt, we suggest going with the latter option because besides clearing malware, this software will also support Windows protection to keep other threats away in the future.

How to delete CONTI Ransomware

1. Right-click the .exe file that launched the infection.
2. Click Delete to eliminate the malicious file.
3. Right-click and Delete the file named CONTI_README.txt.
4. Empty Recycle Bin.
5. Install a malware scanner to check for potential malware leftovers.