R980 Ransomware is a new encryption threat which supposedly encode files and make them inaccessible. This nasty threat was discovered by malware researcher Jaromir Horejsi. The working of this threat is similar to the Petya Ransomware which was a nightmare of computer user’s in 2016. According to malware researcher, this ransomware is still under development because it doesn’t encrypt files as it claims. Like other file encrypting threat, it also lurk down the targeted system silently and start its malicious process. After successful invasion, it scan the available folder and encrypt them using asymmetric encryption algorithm as it claim. It also fill the desktop with random named trash files, change desktop image and drop ransom note. However, it is not considered among the deadly ransomware but you need to alert because it might get updated and after that it become dangerous.
Ransom note of R980 Ransomware
Like all the ransomware, R980 Ransomware also drop a ransom note which inform victim about the encryption. Withe the help of this ransom note, hoax demand money in exchange of the decryption key which is needed to decode the files. The ransom note contain instructions about how to recover the encrypted files and how much amount to be pay for that According to the ransom note, victim will have to pay 0.5 Bit-coin ($330 USD ) to get the decryption key. The decryption software is stored on the Command and Control server of the criminals and it is inaccessible for the victims. But as advised by the experts, user should avoid paying the ransom. Here is the snap of the ransom note:
How to deal with R980 Ransomware?
Do not pay the ransom even if your files are really important because the only purpose of ransomware developer is to extort money. Hence, there is no guarantee that you will get the decryption tool even after paying the ransom. Creating backup of your important file is a good practice because it help you to restore your files without paying. In case you don’t have backup then you can opt for other alternative such as recovery program or system restore. But before you restore your files, because ransomware are known to create backdoor in the victim system which allow other infection to attack and make chaos. So remove R980 Ransomware with the help of a strong removal tool.
Intrusion method of R980 Ransomware?
Like other file encrypting threat, R980 Ransomware is also distributed using several deceptive ways. Developer of ransomware spread them via drive-by downloads, malvertising and specially through spam email campaigns. Cyber criminals send a safe looking file to the targeted user via spam email. The email contains attachment like a simple document file which is disguise to be send by reputed company. But in real, the email contain execution file which activate the ransomware upon opening. Hence, if you want to protect your computer then avoid opening unknown email attachment, refrain from downloading software from unreliable site.
Removal instruction of R980 Ransomware
However, R980 Ransomware is under development and not encrypt files but it is necessary to remove it because it might get updated and then it cause more problems. You can remove it through two ways, manually or automatic (Recommended). In order to remove it manually, you can follow the below steps
Step 1: Restart system in Safe Mode with Networking
- Click start button then click Shutdown button.
- Now Click on Restart and click OK.
- Continue pressing F8 key once your PC become active.
- It launch the Advanced Boot Options window.
- Select Safe Mode with Networking
Step 2 : Uninstall ransomware via control panel
- Click on Start menu > Control Panel
- Now go to programs and click on Uninstall a Program.
- Look for ransomware related files
- Select the malicious program and click Uninstall/Change
- Click OK to save the changes.
Step 3 : Stop malicious process From Task Manager
- Press Windows + R button together.
- A run box will open on your screen
- Now you have to type “taskmgr” in run box
- After that click on OK button.
- In the Process tab and select suspicious process
- Click on End process tab
If you are having issues in removing the ransomware manually then don’t worry. You can use Free-scanner, which removes the threat completely from your PC.