Security experts discovered a new virus called Erebus 2017 ransomware which is descendant from the original Erebus malware, continue reading our removal guide to find out more about it.
| Name | Erebus 2017 Ransomware |
| File Extensions | .*** |
| Ransom | 0.085 Bitcoins |
| Solution #1 | You can skip all steps and remove Erebus 2017 Ransomware with the help of an anti-malware tool. |
| Solution #2 | Erebus 2017 Ransomware ransomware can be removed manually, though it can be very hard for most home users. See the detailed tutorial below. |
| Distribution | Spam Email Campaigns, malicious ads & etc. |
Erebus 2017 Ransomware Description
The Erebus 2017 ransomware strain has emerged, from the name we can see that this is a descendant of the core Erebus threat which was identified a few weeks ago.
The security analysis that this is different virus and it introduces significant code changes. At the moment the security analysis is still ongoing. However from the preliminary observation we can conclude that it comes with several dangerous features.
- The malware is able manipulate various processes – spawning, querying and extracting information about them.
- The virus engine can query the Internet cache settings, a strategy often used to hide the malicious footprints in the index.dat or the Internet cache.
- Erebus 2017 is able to scan for any installed or running security software solutions.
- The virus is able to modify configuration files, drop files, delete data and execute various processes.
- The creators of the virus can use it to execute arbitrary commands on the infected hosts.
- Network communications with the remote C&C servers allow for remote control and spying.
The Erebus 2017 ransomware also deletes all Shadow Volume Copies which makes data recovery very difficult.
As usual the ransomware encrypts target user data which includes the most popular file type extensions – documents, photos, music, configuration files, backup images and etc. All affected data receive the .*** extension.
The following ransomware note is crafted and displayed to the victims:
Your files are still Encrypted
Your files have been Encrypted and are unusable unless you purchase a decryption key. The key will be deleted in 96 hours.
you still have 95 hours 59 minutes 50 seconds before the key deletion, once the key is destroyed, you will not be able to recover your files
Pay via Bitcoin
To buy the private key (decryption key) and decrytor you will need some bitcoins.
Bitcoin is a currency, just like dollars and euros but entirely on the internet.
1 : Get a wallet
Just like in real life you need a wallet to hołd your coins when you’ll buy them
we suggest https://blockchain.info/ it’s a website easy to use, you’ll be set in no time!
2 : Buy some bitcoins
Depending on your country you can buy them using various ways (paypal/credit card/ cash etc).
Look at this website https://www.buybitcoinworldwide.com to find where to buy some or just search on google yourslef.
Note that one of the fastest and easiest way is via https://localbitcoins.com/ because you buy bitcoins directly to other people.
you could have a meeting tomorrow and buy them using cash instantly.
3 : Payment
you need to buy 0,085 btc (bitcoins) and send them to this address : [redacted] once you’ve paid, wait a bit. the process can take up to 24 hours for us to check the payment. Then, you will recieve on this same page your private key and a link to the decryption program that will automatically decrypt all your files so you can use them as before
you still have 0.085 bitcoins left to pay
—
Data crypted
Every important file (documents, photos, videos etc) on this computer has been encrypted using an unique key for this computer.
It is impossible to recover your files without this key. You can try to open them they won’t work and will stay that way.
That is, unless you buy a decryption key and decrypt your files.
Click ‘recover my files’ below to go to the website allowing you to buy the key.
From now on you have 96 hours to recover the key after this time it will be deleted and your files will stay unusable forever
Your id is : ***
” you can find this page on your desktop and document folder
Use it to if the button below doesn’t work you need to download a web browser called ‘tor browser’ download by clicking here then install the browser, it’s like chrome, firefox or internet explorer except it allows you to browse to special websites.
once it’s launched browse to
button ‘Recover my files’
Crypted Files :
—
Hello, please enter your id
‘Submit’
All network traffic from and to the remote C&C servers is encrypted with SSL.
Erebus 2017 Ransomware Distribution
The Erebus 2017 is primarily distributed using the most popular infection methods:
- Software Bundles – Many viruses are bundled with software downloaded from the Internet. In some cases the user may opt to remove them from the installation package by unticking a certain box. Such bundles are frequently found on untrusted or hacked download sites and P2P networks like Bittorrent.
- Email Messages – Hackers can use spam messages that contain the virus samples directly attached to them or link it in the body text. The criminal operators may opt to use social engineering tricks and disguise the virus as an important document.
- Dangerous Redirects Malicious ads, browser hijackers and hacked sites can also lead to virus infections.
The C&C servers that distribute the virus have been identified in the following countries – The USA, France, Italy, Albania and Ukraine.
Erebus 2017 Ransomware – How To Remove it and Prevent It From Coming Back
There are two ways of removal:
- With an anti-malware tool – this will also help prevention
- Manually – using the instructions below
Erebus 2017 Ransomware Ransomware Removal
For a faster solution, you can run a scan with an advanced malware removal tool and delete Erebus 2017 Ransomware completely with a few mouse clicks.
STEP I: Start the PC in Safe Mode with Network
This will isolate all files and objects created by the ransomware so they will be removed efficiently.
- 1) Hit WIN Key + R
- 2) A Run window will appear. In it, write “msconfig” and then press Enter
3) A Configuration box shall appear. In it Choose the tab named “Boot”
4) Mark “Safe Boot” option and then go to “Network” under it to tick it too
5) Apply -> OK
Or check our video guide – “How to start PC in Safe Mode with Networking”
STEP II: Show Hidden Files
- 1) Open My Computer/This PC
2) Windows 7
- – Click on “Organize” button
– Select “Folder and search options”
– Select the “View” tab
– Go under “Hidden files and folders” and mark “Show hidden files and folders” option
3) Windows 8/ 10
- – Open “View” tab
– Mark “Hidden items” option
4) Click “Apply” and then “OK” button
STEP III: Enter Windows Task Manager and Stop Malicious Processes
- 1) Hit the following key combination: CTRL+SHIFT+ESC
2) Get over to “Processes”
3) When you find suspicious process right click on it and select “Open File Location”
4) Go back to Task Manager and end the malicious process. Right click on it again and choose “End Process”
5) Next you should go folder where the malicious file is located and delete it
STEP IV: Remove Completely Erebus 2017 Ransomware Ransomware Using SpyHunter Anti-Malware Tool
SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter
STEP V: Repair Windows Registry
- 1) Again type simultaneously the Windows Button + R key combination
2) In the box, write “regedit”(without the inverted commas) and hit Enter
3) Type the CTRL+F and then write the malicious name in the search type field to locate the malicious executable
4) In case you have discovered registry keys and values related to the name, you should delete them, but be careful not to delete legitimate keys
Further help for Windows Registry repair
STEP VI: Recover Encrypted Files
- 1) Use present backups
2) Restore your personal files using File History
- – Hit WIN Key
– Type “restore your files” in the search box
– Select “Restore your files with File History”
– Choose a folder or type the name of the file in the search bar
- – Hit the “Restore” button
3) Using System Restore Point
- – Hit WIN Key
– Select “Open System Restore” and follow the steps
STEP VII: Preventive Security Measures
- 1) Enable and properly configure your Firewall.
2) Install and maintain reliable anti-malware software.
3) Secure your web browser.
4) Check regularly for available software updates and apply them.
5) Disable macros in Office documents.
6) Use strong passwords.
7) Don’t open attachments or click on links unless you’re certain they’re safe.
8) Backup regularly your data.
SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter
