Enigma Ransomware Removal Guide

Enigma Ransomware is not an enigma to our malware researchers. We have recently tested this devious infection in our internal lab, and we know what this malicious pest truly is. Unfortunately, the most important feature of this infection is its silent entrance into your operating system, and, if it does, there is little you can do to stop it. In fact, the majority of Window users who face this threat notice it only after it encrypts their personal files. Yes, this devious threat targets your personal files, and the reason behind this is very straightforward. This ransomware was designed to force you into paying a ransom for the release of the files encrypted, and this attack would not be successful if the files corrupted were easily replaced. Unless your files are backed up (e.g., in an external hard drive), the only way to decrypt your files might be to pay the ransom. Will deleting Enigma Ransomware help you free your files? Unfortunately, it will not, but removing this ransomware is crucial.

The malicious Enigma Ransomware is different from other infamous infections in the same category (e.g., Mobef Ransomware or CryptoHasYou Ransomware) in a sense that it is targeted at a specific geographical region. This infection can be located on computers in those countries were Russian is spoken, including Russia, Belarus, and Kazakhstan. Another surprising thing is the distribution of this ransomware. Most infections hide malware installers behind social engineering scams or exploit kits, and this threat relies on a JavaScript installer to execute the ransomware. First, the victim has to download this installer, and users might be tricked into doing this via the mentioned social engineering scams. For example, an HTML attachment might hide in a spam email attachment. If you open this attachment, it will open the default web browser and execute the JavaScript installer. A .JS file will be created, and it will create the executable for the ransomware (e.g., 7a988ce6485haa6a3d12c33543f5lm32.exe). If you do not interfere in this process, soon enough all of your personal files will be encrypted, and an intimidating notification demanding for a payment will show up.

The creators of Enigma Ransomware demand a ransom using a notification that is represented in Russian. According to this notification, the files are encrypted with the AES algorithm and a private key is needed for the decryption process. This message also informs that an extension (“.enigma”) is attached to the encrypted files, which should make their identification much easier. Additionally, this notification provides the steps that you supposedly need to follow to initiate the decryption process. The first step is downloading the Tor Browser, and we have seen plenty of ransomware infections using this browser because it ensures anonymous transactions. The second step is finding an identification key that you need in the step three, which is applying this key on a certain website (e.g., f6lohswy737xq34e.onion). If you follow these steps, you will be provided with additional instructions on how to buy Bitcoins and pay the ransom. The ransom requested by this infection is 0.429 (~$195), but the ransom might be adjusted in every case. In order to reassure its victims, Enigma Ransomware offers to decrypt one file for free, but we are not sure if that is an indication of its effectiveness. Unfortunately, it is possible that you will be scammed if you pay the ransom.

If you are cautious, you will have your files backed up, in which case you can remove Enigma Ransomware from your operating system without further delay. We offer a manual removal guide that shows how to erase the files and registry values associated with this infection. Note that the names of these files, as well as their locations, might change. Needless to say, the manual option is too unpredictable, which is why you have to consider implementing automated malware detection and removal software. The good news is that this threat does not disrupt your operating system and browsers so that you can download anti-malware software without any obstacles. If your files are not backed up, you must be considering paying the ransom, which is not what we recommend. According to our research, if System Restore was set up, you might be able to recover your files because the Shadow Volume Copies might remain untouched. In either case, do not forget to erase the malicious ransomware, and if you are struggling with this task, contact us via the comments section below!

How to delete Enigma Ransomware

1. Simultaneously tap Win+R to launch RUN.
2. Type regedit.exe and click OK to launch the Registry Editor.
3. Move to HKCU\Software\Microsoft\Windows\CurrentVersion\Run.
4. Right-click and Delete these values: MyProgram, MyProgramOk.
5. Simultaneously tap Win+E to launch Explorer.
6. Enter %Temp% and Delete the testttt.txt file.
7. Enter %AppData% and Delete the testStart.txt file.
8. Enter %UserProfile%\Desktop\ and Delete these files: allfilefinds.dat, enigma.hta, ENIGMA_807.RSA, enigma_encr.txt.
9. Enter %UserProfile%\Downloads\ and Delete the executable with a random name (e.g., 7a988ce6485haa6a3d12c33543f5lm32.exe).