Russian Eda2 Ransomware Removal Guide

Threat Level:
Rate this Article:
Comments (0)
Article Views: 838
Category: Trojans

Russian Eda2 Ransomware is an open-source ransomware that used to target users living in Russia. Its developer claims that it was created for educational purposes; however, specialists do not believe that. At the time of writing, Russian Eda2 Ransomware is no longer active, and it is unlikely that you will encounter it these days; however, it has been noticed that cyber criminals use its source code, which is available on, to create other ransomware infections, e.g. Locked Ransomware, that are quite prevalent these days. Further in the article we will tell you how to recognize the Russian Eda2 Ransomware-based threat. Also, you will know how to delete it from your computer if you read this article from beginning to end.

According to specialists at who have carried out research, Russian Eda2 Ransomware used to encrypt a bunch of different files, including pictures, images, and other important files. To be more specific, it used to encrypt files containing the following extensions: .pdf, .docm, .docx, .java, .js, .resx, .php3, .rb, .rbw, .sd7, .asm, .c, .h, .cpp, .hpp, .ml, .pl, .pm, .xls, .xlsm, .ods, etc. In addition, it used to add the .locked filename extension next to original extensions of these encrypted files. We believe that ransomware infections that are based on Russian Eda2 Ransomware might act in a similar manner too. In other words, they will encrypt the majority of your files and then will demand a ransom.

Russian Eda2 Ransomware used to change Desktop background too. It said that users have to check the README.html file left on Desktop to find out how to unlock files. As all the information was provided in Russian only, there is no doubt that it was primarily targeted at users whose place of residence is Russia. We are sure that its descendants might act slightly differently even though they use the code of this ransomware. We have managed to find out that they tend to provide ransom notes in English only or in two languages, e.g. Russian and English. Also, the amount of money they ask users to transfer might differ completely (Russian Eda2 Ransomware used to ask 0.1 BTC). Finally, they might use another extension instead of .locked to assign to encrypted files. Even though Russian Eda2 Ransomware and its descendants are not identical, they share the same purpose - to extort money from users.

Researchers working at do not think that it is a very good idea to transfer money to cyber criminals no matter if you have encountered the original Russian Eda2 Ransomware or any of its variants. It is because nobody knows whether the key to unlock files will be sent to the user after he/she makes a payment. Specialists say that the free tool which can decrypt files free of charge exists too, and users simply need to acquire it, install it, and then use it to unlock files. Remember, you need to remove the ransomware infection from your computer first because it might encrypt the decryptor too, which means that you will not be allowed to use it.

There are so many ransomware infections on the web, so you should know how they travel in order to be able to prevent them from slithering onto the computer. Specialists say that ransomware is usually spread as an attachment in spam emails. In addition, it might pretend to be a useful program and hide on third-party websites, so you should think twice before downloading software from questionable websites in the future. It is not that easy to protect the system from harm, so specialists also recommend installing security software on it. As long as you keep it there enabled, it will protect your PC from malicious software.

Russian Eda2 Ransomware or other ransomware infections based on its code are very dangerous and have to be removed from the system as soon as possible. You could use your PC normally again only if you eliminate the ransomware infection, so we suggest doing that as soon as possible. Below you will find instructions that will help you to eliminate Russian Eda2 Ransomware or any of its variants; however, if it happens that this threat does not disappear, you should use the SpyHunter antimalware scanner. You could also contact us and we will help you to get rid of the ransomware infection.

Delete Russian Eda2 Ransomware

  1. Find and delete the malicious .exe file you have downloaded and opened.
  2. Open the Windows Explorer and go to %APPDATA%.
  3. Find the .exe file with the same name as a malicious file or a random name.
  4. Delete it.
  5. Go to %USERPROFILE%.
  6. Delete Decrypter.exe and ransom.jpg.
  7. Remove READ_IT.txt (or README.html) from Desktop.
  8. Empty the recycle bin.
Download Remover for Russian Eda2 Ransomware *
*SpyHunter scanner, published on this site, is intended to be used only as a detection tool. To use the removal functionality, you will need to purchase the full version of SpyHunter.


Your email address will not be published.


Enter the numbers in the box to the right *