Razy Ransomware Virus (Removal Steps and Protection Updates)

The Razy ransomware is a threat that is derived from the Crypto family of ransomware which targets Microsoft Windows computer users. Learn more about the ransomware and how to remove it in this article.

Razy Ransomware

File Extensions
.razy or .razy1337

Varies between 0.5 to 10 Bitcoins

Solution #1
Use the help of an anti-malware tool to remove Razy Ransomware and any additional cyber-security threats.

Solution #2
Razy Ransomware can be removed manually, though it can be very hard for most home users. See the detailed tutorial below.

The Razy Ransomware spreads mostly through infected software downloads from untrusted sites and P2P networks.

Razy Ransomware Description

The Razy Ransomware has recently started to infect new targets again, according to the security research it is a variant of the Crypto ransomware family.

When the infection has been complete the virus starts to encrypt target user files and adds the “.razy” extension to the affected data. This is a high-impact threat that also works with locally mounted drives, as well as network shares using the AES cipher. The private key is stored safely on the remote malicious servers operated by the attackers.

Razy Ransomware infects the Microsoft Windows operating system by injecting itself in the Explorer.exe and svchost.exe system processes. Other system modifications include registry entries addition and disabling of the Automatic Repair feature. The Razy ransomware also has several stealth features that hide it from anti-virus and anti-spyware solutions. The malware contains code that actively tracks the user and may steal their account credentials, browsing history and stored data. According to several sources the ransomware was created initially for education purposes.

The following files are placed on the user’s desktop: css.vbs, index.html and razy.jpg.

The JPG image file instructs the users to open the HTML document for payment instructions. The file itself contains four links – two of them lead to payment gateways and the Twitter and Facebook page for the Razy ransomware which are inactive.

The pop-up message window displayed by Razy is similar to the one presented by Jigsaw.



Razy ransomware has a new variant. The attackers have modified some of its features. The basic shift is that following encryption Razy ransomware appends the extension .razy1337 to the encrypted data filenames. Yet another change concerns the appearance of the displayed ransom note and the depicted text on it as well. The new Razy’s ransom note looks like this:


And the text on it reads:


All your files have been encrypted with AES 128 bit and you need the key to decrypt your files!
To get the key you need to pay 0.5 bitcoins.
If you don’t have bitcoins you can but it at www.localbitcoins.com
When you bought bitcoins send me 0.5 to the address and leave your ID as message so we can identify you!
This window is your only chance to decrpyt your files, trying anything to get rid of me can destroy the encryption key.
You have 24 hours to buy the decryption key, after 24 hours your decryption key will be deleted and all your files will be deleted.

pay 0.5 btc to this address:
Your Personal ID:
Your Time:

Razy Ransomware Distribution

The Razy ransomware typically spreads bundled with freeware software downloaded from untrusted sites as well as various adware toolbars. Other means of infection include email spam campaigns with social engineering tricks.

Razy Ransomware Removal

For a faster solution, you can run a scan with an advanced malware removal tool and delete Razy completely with a few mouse clicks.

STEP I: Start the PC in Safe Mode with Network
This will isolate all files and objects created by the ransomware so they will be removed efficiently.

    1) Hit WIN Key + R


    2) A Run window will appear. In it, write “msconfig” and then press Enter
    3) A Configuration box shall appear. In it Choose the tab named “Boot
    4) Mark “Safe Boot” option and then go to “Network” under it to tick it too
    5) Apply -> OK

Or check our video guide – “How to start PC in Safe Mode with Networking

STEP II: Show Hidden Files

    1) Open My Computer/This PC
    2) Windows 7

      – Click on “Organize” button
      – Select “Folder and search options
      – Select the “View” tab
      – Go under “Hidden files and folders” and mark “Show hidden files and folders” option

    3) Windows 8/ 10

      – Open “View” tab
      – Mark “Hidden items” option


    4) Click “Apply” and then “OK” button

STEP III: Enter Windows Task Manager and Stop Malicious Processes

    1) Hit the following key combination: CTRL+SHIFT+ESC
    2) Get over to “Processes
    3) When you find suspicious process right click on it and select “Open File Location
    4) Go back to Task Manager and end the malicious process. Right click on it again and choose “End Process
    5) Next you should go folder where the malicious file is located and delete it

STEP IV: Remove Completely Razy Ransomware Using SpyHunter Anti-Malware Tool

Manual removal of Razy requires being familiar with system files and registries. Removal of any important data can lead to permanent system damage. Prevent this troublesome effect – delete Razy ransomware with SpyHunter malware removal tool.

SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter

STEP V: Repair Windows Registry

    1) Again type simultaneously the Windows Button + R key combination
    2) In the box, write “regedit”(without the inverted commas) and hit Enter
    3) Type the CTRL+F and then write the malicious name in the search type field to locate the malicious executable
    4) In case you have discovered registry keys and values related to the name, you should delete them, but be careful not to delete legitimate keys

Further help for Windows Registry repair

STEP VI: Recover Encrypted Files

    1) Use present backups
    2) Restore your personal files using File History

      – Hit WIN Key
      – Type “restore your files” in the search box
      – Select “Restore your files with File History
      – Choose a folder or type the name of the file in the search bar


      – Hit the “Restore” button

    3) Using System Restore Point

      – Hit WIN Key
      – Select “Open System Restore” and follow the steps


STEP VII: Preventive Security Measures

    1) Enable and properly configure your Firewall.
    2) Install and maintain reliable anti-malware software.
    3) Secure your web browser.
    4) Check regularly for available software updates and apply them.
    5) Disable macros in Office documents.
    6) Use strong passwords.
    7) Don’t open attachments or click on links unless you’re certain they’re safe.
    8) Backup regularly your data.

SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter

Was this content helpful?

Author : Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *