Ransomware Removal Guide

Threat Level:
Rate this Article:
Comments (0)
Article Views: 614
Category: Trojans Ransomware could be the worst nightmare you have ever seen penetrating your operating system because it could be quite likely that you would lose all your important files in this attack. However, we have found that this ransomware is actually a new variant of the infamous JigSaw Ransomware, which practically has been cracked by malware hunters. This means that it is possible to find a free tool on the web that you could use to recover your files that got encrypted by this otherwise dangerous ransomware infection. But even if there is a tool on the web, we do not advise inexperienced users to try to download it and use it either. If you are not an advanced user, try to find a friend or an IT professional to help you with this. The only difference we have discovered compared to previous variants is the insanely high ransom fee. We do not recommend in this case at all that you even consider paying this amount to get a supposed decryption key or tool. It is never safe to transfer money to cyber criminals. We advise you to act immediately and remove Ransomware from your system right now. For further details, please carry on reading.

This dangerous threat infects its unsuspecting victims via spamming campaigns. This means that you must have opened the wrong e-mail and you downloaded and ran the attached file. A lot of users think that they could easily spot a spam mail and they would never fall for such tricks. But let us tell you how it is still possible. Spam mails nowadays can be very convincing and may look totally fine for the untrained eye. The sender, for example, can appear to be any well-known company or even authorities you would not dare to "mess with." The subject line can be anything that would catch your eyes right away even if you find this mail in your spam folder, including unpaid parking tickets, issues with your credit card details you gave to book a hotel room, and so on. These criminals make sure that you open this spam mail even if you feel unrelated to the subject matter.

However, once you open this spam you will not be any closer to the supposed issue because the body of the mail does not usually reveal anything really. All you will see is most likely some instructions to download and open the attached file, which allegedly will show you what you need to know. But, of course, instead, you will only activate this vicious ransomware. No wonder why we always emphasize the importance of malware attack prevention. Once such a malware infection hits you, you could lose all your files and even if you delete Ransomware, they will not be restored just like that. In this particular case, however, you may be in the luck if you manage to apply the free tool to recover your files.

We have discovered that there are two versions of this Jigsaw variant out there; an English one and a German one. When you initiate this attack, two executable files are dropped onto your system: "firefox.exe" and "drpbx.exe." Using such diversions makes it harder to detect and locate this ransomware. In addition to that, it also creates a Run registry entry to make sure that it starts up automatically with your Windows OS every time you reboot your system. This malware infection attacks your most important files and encrypts them. The infected files get a ".epic" extension. It seems that this beast also steals private information from you, such as user names, passwords, e-mail and private conversations, and claims to upload these to a secret server to make them public if you fail to pay.

Once the encryption is over, the usual ransom note window comes up that locks your screen. The image of a masked person can be seen in the background that looks like the good old Guy Fawkes mask also used by the well-known Anonymous hacker group. The ransom note is typed on your screen one letter at a time, which is typical for the variants in this family. You are threatened not to close this window or restart your compromised PC because it would cost you the removal of 1,000 encrypted random files. Every hour 1 file is deleted until you pay the demanded ransom fee. You are given 72 hours in this case to transfer the insanely high "at least" $5,000 worth of Bitcoins or €3,000 in the German version. Whenever the ransom fee is this high, cyber criminals mostly target corporations, such as IT companies and hospitals. It is most likely that a private user would not have this kind of money to recover a few old pictures and documents. In any case, we do not recommend that you pay this amount because there is a way to recover your files even after encryption. But first, you need to delete Ransomware.

If you are brave enough to face this beast, let us tell you what you need to do to defeat it. First, you need to kill the malicious process via Task Manager. Then, you need to delete the related files, and finally, remove the Run registry entry. These steps are required if you want to make sure that no leftovers remain on your system after you remove Ransomware. We have prepared an easy-to-follow guide for you below this article. Please follow these steps if you want to put an end to this infection manually. Once this beast is gone and you restart your computer, you can download and use the recovery tool. But, as we have said, only do so at your own risk. If you do not trust your IT knowledge and experience, you would be better off asking a friend. This is also the stage when you could transfer your backed up files if you have any. If this nightmarish attack proved to you that you need to be much more careful not to infect your computer, may be it is time for you to consider installing a proper anti-malware program, such as SpyHunter.

How to remove Ransomware from Windows

  1. Press Ctrl+Shift+Esc to open Task Manager.
  2. Locate the malicious process that is either called "firefox.exe" or "drpbx.exe"
  3. Press End Task.
  4. Exit the Task Manager.
  5. Press Win+E.
  6. Locate and delete "%LOCALAPPDATA%\Drpbx\drpbx.exe" and "%APPDATA%\Frfx\firefox.exe"
  7. Bin the downloaded file.
  8. Press Win+R and type regedit. Click OK.
  9. Delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run\firefox.exe"
  10. Exit the editor.
  11. Restart your computer.
Download Remover for Ransomware *
*SpyHunter scanner, published on this site, is intended to be used only as a detection tool. To use the removal functionality, you will need to purchase the full version of SpyHunter. Ransomware Screenshots: Ransomware


Your email address will not be published.


Enter the numbers in the box to the right *