What Does Erebus 2017 Ransomware Do
The Erebus 2017 ransomware has recently been discovered by malware experts. This is a new iteration of the old Erebus virus which was discovered not long ago.
The initial security analysis shows that the Erebus 2017 ransomware is capable of manipulating system and application-provided processes. Upon infection the virus can spawn, extract information and query all running applications and services on the infected host.
The significant code changes brought new stealth detection options – the malware is able to query the Internet cache settings. Experts state that this strategy is popular among experienced malware developers as they can hide the virus footprints in the internet cache or the index.dat file. In addition it can also scan for any running or installed security software.
Like other similar threats the Erebus 2017 ransomware can modify important configuration files, delete important data, execute various commands and also drop malicious files onto the target system.
The initiated remote network communication with the C&C servers can be used to spy on the victims at all times.
The ransomware’s encryption engine targets the most popular file type extensions – photos, documents, music, configuration files, backup images and etc. All affected user data receive the .*** extension.
When the process is complete the following ransomware message is crafted and displayed to the victims:
Your files are still Encrypted
Your files have been Encrypted and are unusable unless you purchase a decryption key. The key will be deleted in 96 hours.
you still have 95 hours 59 minutes 50 seconds before the key deletion, once the key is destroyed, you will not be able to recover your files
Pay via Bitcoin
To buy the private key (decryption key) and decrytor you will need some bitcoins.
Bitcoin is a currency, just like dollars and euros but entirely on the internet.
1 : Get a wallet
Just like in real life you need a wallet to hołd your coins when you’ll buy them
we suggest https://blockchain.info/ it’s a website easy to use, you’ll be set in no time!
2 : Buy some bitcoins
Depending on your country you can buy them using various ways (paypal/credit card/ cash etc).
Look at this website https://www.buybitcoinworldwide.com to find where to buy some or just search on google yourslef.
Note that one of the fastest and easiest way is via https://localbitcoins.com/ because you buy bitcoins directly to other people.
you could have a meeting tomorrow and buy them using cash instantly.
3 : Payment
you need to buy 0,085 btc (bitcoins) and send them to this address : [redacted] once you’ve paid, wait a bit. the process can take up to 24 hours for us to check the payment. Then, you will recieve on this same page your private key and a link to the decryption program that will automatically decrypt all your files so you can use them as before
you still have 0.085 bitcoins left to pay
—
Data crypted
Every important file (documents, photos, videos etc) on this computer has been encrypted using an unique key for this computer.
It is impossible to recover your files without this key. You can try to open them they won’t work and will stay that way.
That is, unless you buy a decryption key and decrypt your files.
Click ‘recover my files’ below to go to the website allowing you to buy the key.
From now on you have 96 hours to recover the key after this time it will be deleted and your files will stay unusable forever
Your id is : ***
” you can find this page on your desktop and document folder
Use it to if the button below doesn’t work you need to download a web browser called ‘tor browser’ download by clicking here then install the browser, it’s like chrome, firefox or internet explorer except it allows you to browse to special websites.
once it’s launched browse to
button ‘Recover my files’
Crypted Files :
—
Hello, please enter your id
‘Submit’
How Does Padcrypt 3 Ransomware Infect
The Erebus 2017 ransomware uses the most popular distribution methods to infect the targets. Among them are the following:
- Malicious Redirects – Virus infections can be caused by malicious ads, browser hijackers and other types of hacked sites which link or deliver the Erebus 2017 ransomware file.
- Email Messages – Spam is one of the most popular ways of distributing ransomware and other types of malware. Depending on the targets and the complexity of the templates the operators of the attack campaign may employ different strategies such as social engineering, infected macros and others.
- Infected Installers – Malware can be bundled with software installers downloaded from untrusted or malicious sites. Often they can also be found on iliegal BitTorrent trackers.
Remove Erebus 2017 Ransomware
For the removal of this ransomware virus, recommendations are to use the instructions we have provided below. For fastest and most efficient removal however, you may want to download and scan your computer with an advanced anti-malware program. It will make sure to protect you in the future as well.
Booting in Safe Mode
For Windows:
1) Hold Windows Key and R
2) A run Window will appear, in it type “msconfig” and hit Enter
3) After the Window appears go to the Boot tab and select Safe Boot
Cut out Erebus 2017 in Task Manager
1) Press CTRL+ESC+SHIFT at the same time.
2) Locate the “Processes” tab.
3) Locate the malicious process of Erebus 2017, and end it’s task by right-clicking on it and clicking on “End Process”
Eliminate Erebus 2017‘s Malicious Registries
For most Windows variants:
1) Hold Windows Button and R.
2) In the “Run” box type “Regedit” and hit “Enter”.
3) Hold CTRL+F keys and type Erebus 2017 or the file name of the malicious executable of the virus which is usually located in %AppData%, %Temp%, %Local%, %Roaming% or %SystemDrive%.
4) After having located malicious registry objects, some of which are usually in the Run and RunOnce subkeys delete them ermanently and restart your computer. Here is how to find and delete keys for different versions.
For Windows 7: Open the Start Menu and in the search type and type regedit –> Open it. –> Hold CTRL + F buttons –> Type Erebus 2017 Virus in the search field.
Win 8/10 users: Start Button –> Choose Run –> type regedit –> Hit Enter -> Press CTRL + F buttons. Type Erebus 2017 in the search field.
Automatic Removal of Erebus 2017
Recover files encrypted by the Erebus 2017 Ransomware.
Method 1: Using Shadow Explorer. In case you have enabled File history on your Windows Machine one thing you can do is to use Shadow Explorer to get your files back. Unfortunately some ransomware viruses may delete those shadow volume copies with an administrative command to prevent you from doing just that.
Method 2: If you try to decrypt your files using third-party decryption tools. There are many antivirus providers who have decrypted multiple ransomware viruses the last couple of years and posted decryptors for them. Chances are if your ransomware virus uses the same encryption code used by a decryptable virus, you may get the files back. However, this is also not a guarantee, so you might want to try this method with copies of the original encrypted files, because if a third-party program tampers with their encrypted structure, they may be damaged permanently. Here are the vendors to look for:
- Kaspersky.
- Emsisoft.
- TrendMicro.
Method 3: Using Data Recovery tools. This method is suggested by multiple experts in the field. It can be used to scan your hard drive’s sectors and hence scramble the encrypted files anew as if they were deleted. Most ransomware viruses usually delete a file and create an encrypted copy to prevent such programs for restoring the files, but not all are this sophisticated. So you may have a chance of restoring some of your files with this method. Here are several data recovery programs which you can try and restore at least some of your files: