Snatch Ransomware Removal Guide

If you are tricked into letting Snatch Ransomware in, you will find a bunch of your personal files corrupted. This infection does not remove them per se, but they are as good as gone after the attack. The threat changes the data of the affected file using an encryptor, and, after that, it can no longer be read. Unfortunately, decrypting files is not easy, and legitimate decryption software can help only in those cases when the used encryptor is not complicated. That is not the case with this particular infection. Once your personal photos, videos, documents, and other kinds of files are encrypted, you are stuck between a rock and a hard place. This kind of malware is exactly the reason why everyone must back up their personal files. Hopefully, you have a backup outside your operating system, and your files are not lost. In either case, you need to delete Snatch Ransomware, and the sooner you get to it, the better.

There are several different versions of Snatch Ransomware; although they are all expected to spread via spam and using remote access vulnerabilities. These different versions are recognized by unique extensions and then unique messages that are created by malware. The extensions that we have spotted thus far include .snatch, .FileSlack, and .jupstb, which is why the threat is also known by such names as FileSlack Ransomware and Jupstb Ransomware. There is a good chance that these different versions are created by different parties because the contact information presented via their messages is unique in every case. The message is always named “Readme_Restore_Files.txt,” but the content can be unique. Jupstb Ransomware message asks to email johnsonwhate@protonmail.com and johnsonwhate@tutanota.com, while Snatch Ransomware pushes to email imBoristheBlade@protonmail.com. Finally, gomersimpson@keemail.me is presented to those who are dealing with FileSlack Ransomware. Although it might seem like a good idea to email the attackers and figure out what they want you to do, we suggest removing the TXT file right away.

If you contact the creator of Snatch Ransomware – regardless of the version you are dealing with – you will be asked to pay money, a.k.a., a ransom. Although you might be assured that that is the only way for you to recover your personal files, keep in mind that you are communicating with cyber criminals! Everything that they say or promise is likely to be a complete hoax, and you could end up losing money for no good reason. In fact, that is what is most likely to happen if you contact them and pay the ransom. It is understandable if you want to use all options to recover your personal files, but you should not consider the “option” offered by cyber criminals to be a real solution. If you want to restore encrypted files, the only logical things to do are to find an expert or install legitimate decryption software. Unfortunately, at the time of research, tools that could decrypt the files affected by Snatch Ransomware did not exist.

The TXT file created by Snatch Ransomware is not functional, and it does not make the threat run or run better. That being said, we recommend deleting every single copy of it. You should find it everywhere where you can find encrypted files. Also, the file should be created in the Startup folder, and we show how to reach it and delete the file in the manual removal guide below. Unfortunately, we cannot lead you to the .exe file that launched the infection. Just like the launcher’s location, its name is random too. Due to this, we do not recommend removing Snatch Ransomware manually. You can install an anti-malware program that will find and eliminate all malicious components automatically instead. The best part about this program is that it will protect you against ransomware and other types of malware in the future, and so we recommend implementing it without further hesitation.

How to delete Snatch Ransomware

1. Find and Delete the launcher ({unknown name}.exe) of the ransomware.
2. Delete the ransom note file, Readme_Restore_Files.txt.
3. Delete this file from the Startup folder. Tap Win+E to launch Explorerand then enter the following paths one at a time into the field at the top to access the folder:
   • %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\Startup
   • %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup
   • %ALLUSERSPROFILE%\Start Menu\Programs\Startup
   • %APPDATA%\Microsoft\Windows\Start Menu\Startup
   • %USERPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup
4. After you Empty Recycle Bin, install a legitimate malware scanner.
5. Run a full system scan to see if you have erased everything.