Smpl Ransomware Removal Guide

Smpl Ransomware can ruin the day of anyone who gets to face it. This malware is not shy about encrypting all personal files that are found on the system it infects, and that often leaves victims locked out of important documents, photos, projects, presentations, archives, videos, and audio files. Has this happened to you? If it has, you should see the “.id-{unique ID}.[crimecrypt@aol.com].smpl” extension attached to your files’ original names. Unfortunately, your personal files cannot be restored by changing the name or removing the extension. What you need to do is decrypt the files, and that is easier said than done. Much easier. In most cases, Windows users who face ransomware are left to their own devices because the encryptors used by infections are usually impenetrable. That is not the case in this situation. Keep reading to learn more about that as well as how to delete Smpl Ransomware.

Have you heard the name Dharma Ransomware or Crysis Ransomware? This is the infection that gave way for Smpl Ransomware and hundreds of clone infections alike. A few of them include Bmtf Ransomware, WCH Ransomware, NCOV Ransomware, and SySS Ransomware. For the most part, these infections look and work the same with a few minor changes. While some variants have more components, others rely on fewer of them. That is the case with Smpl Ransomware as well. According to our researchers, the only files that you need to delete to get rid of this malware are the launcher file with a random name and placed in an unknown location, and also a ransom note file named “FILES ENCRYPTED.txt.” Ultimately, an encryptor and a text file are the basic elements of any ransomware infection. In the case of the Smpl variant, the launcher file is also responsible for launching a window with a second version of the ransom note.

The basic ransom note represented via the text file informs that victims of Smpl Ransomware can recover their files, but only if they email crimecrypt@aol.com or crimecrypt@airmail.cc. The second ransom note that is represented via the window entitled “crimecrypt@aol.com” (the same as the first email address) also informs that victims must send a unique ID code. This should create an illusion that the attackers can identify you, but even if they could, that does not mean that they would help you. Once you establish communication, cybercriminals can push you to pay a ransom payment in return for a decryptor. Even if the asked sum is manageable for you, do not give your money up! We do not recommend paying the ransom under any circumstances, because we do not believe that the attackers would give a decryptor, but if you are willing to risk your savings, you should at the very least look at other options first. One of them is using the Rakhini Decryptor that was built to protect the victims of all Dharma/Crysis Ransomware variants. We do not know if this tool will help you, but you certainly should look into it. Of course, in the best-case scenario, you have personal files backed up, and you can swiftly use copies to replace the corrupted files, but only after removing Smpl Ransomware.

As we mentioned already, the launcher file of Smpl Ransomware should have a unique name, and its location is unknown as well. The threat is most likely to spread through the backdoors opened by spam emails, malicious downloaders, and remote access vulnerabilities, but even with this information at hand, we still do not know where the file could be dropped on your system. If you can locate and identify the launcher of the threat, you can remove it as a normal file. If that is not something you can handle on your own, implementing an anti-malware program that could examine the system to find the malicious file is the most logical step. We advocate for the implementation of anti-malware software not just because it can automatically remove Smpl Ransomware but, most importantly, because it can secure your operating system in the future. Needless to say, you cannot expect different results by taking the same actions. Therefore, if you want your system secured, this is the time to take a different approach.

How to delete Smpl Ransomware

1. Delete all recently downloaded suspicious files.
2. Delete the ransom note file named FILES ENCRYPTED.txt.
3. Empty Recycle Bin once you think that you have removed all malware components.
4. Install a trusted malware scanner.
5. Run a full system scan to check if you have succeeded or if you need to remove anything else.