Computers on Focus - Online Security Guide

03:43 am
31 October 2024

.Merry File Ransomware Remove and Decrypt Files for Free

A virus which was initially detected in the beginning of 2017, known as Merry Christmas has come up with it’s latest version, using the .MERRY file extension. The ransomware aims to encrypt the files on the infected computers and then ask users to read the “MERRY_I_LOVE_YOU_BRUCE.HTA” which It drops after encryption. In the file, there are instructions on how to pay the ransom fee and restore the encrypted files this way. But, do not be worried, because this ransomware type of infection is now decryptable. If you want to remove Merry X-mas ransomware and decrypt your files for free, we recommend to read our article about it.

What Does Merry Christmas .MERRY File Virus Do?

After it has already caused an infection, the ransomware virus adds it’s own ransom note and changes the wallpaper of the infected computer to the following “evil Santa” image.

ransomware-merry-x-mas-sensorstechforum-2

The note which the virus leaves is called MERRY_I_LOVE_YOU_BRUCE.HTA and it has the following content:

ALL COMPUTER DATA ENCRYPTED
TIME AFTER ALL FILES WILL BE DELETED
YOUR ID
NOW YOU NEED TO PAY TO RECOVER YOUR DATA
AFTER MONEY TRANSFER YOU WILL RECIEVE THE DECRYPTOR
CONTACTS
TELEGRAM @comodosecunty
EMAIL [email protected]
Any attempts to return your files with the third-party tools can be fatal for your encrypted files! The most part of the third-party software change data within the encrypted file to restore it but this causes damage to the files.
Finally it will be impossible to decrypt your files! There are several plain steps to restore your files but if you do not follow them we will not be able to help you!

But this is not where the terror of this ransomware infection end. The malware is also capable of performing several other activities such as deleting the shadow copies by inserting variants of the following command:

vssadmin delete shadows /for={volume} /shadow={id} /quiet

In addition to this, after infection, the malware also cuts out any internet connection, because it deletes drivers of your local network. This type of danger is new and completely different from what has been met before. Luckily, the virus is decryptable.

How Did I Get Infected with This Virus
To get infected with this ransomware virus, one does not need much. All it takes is to open a malicious e-mail and to not have any anti-malware protection installed. Usually the .MERRY ransomware virus may come standard with the infection method – as a malicious e-mail attachment which may pretend to be a document or another type of file. Most inexperienced users are misled that this is an actual e-mail from legitimate services, like PayPal, e-Bay and other companies and open the attachment.

From there, the infection sets off. The .MERRY ransomware creates mutexes, “touches” files and modifies(deletes) or adds new registry values that make it’s executable to encrypt files on system startup, for example.

The virus may also connect to a remove C2 server and download the payload of .MERRY ransomware after which place it in crucial Windows directories, such as:

  • %AppData%
  • %Roaming%
  • %Local%
  • %LocalRow%

How To Remove .Merry Extension Virus and Decrypt The Files

In order to remove this ransomware virus, we strongly urge you to follow our removal instructions below. For maximum effectiveness and automatic and fill removal, experts recommend using an anti-malware software. Furthermore, after having removed the .Merry file extension ransomware, you may want to focus on decrypting your files, web link for which you can find in the red box below.

Booting in Safe Mode

For Windows:
1) Hold Windows Key and R
2) A run Window will appear, in it type “msconfig” and hit Enter
3) After the Window appears go to the Boot tab and select Safe Boot

Cut out .Merry Ransomware in Task Manager

1) Press CTRL+ESC+SHIFT at the same time.
2) Locate the “Processes” tab.
3) Locate the malicious process of .Merry Ransomware, and end it’s task by right-clicking on it and clicking on “End Process”

Eliminate .Merry Ransomware‘s Malicious Registries

For most Windows variants:
1) Hold Windows Button and R.
2) In the “Run” box type “Regedit” and hit “Enter”.
3) Hold CTRL+F keys and type .Merry Ransomware or the file name of the malicious executable of the virus which is usually located in %AppData%, %Temp%, %Local%, %Roaming% or %SystemDrive%.
4) After having located malicious registry objects, some of which are usually in the Run and RunOnce subkeys delete them ermanently and restart your computer. Here is how to find and delete keys for different versions.
For Windows 7: Open the Start Menu and in the search type and type regedit –> Open it. –> Hold CTRL + F buttons –> Type .Merry Ransomware Virus in the search field.
Win 8/10 users: Start Button –> Choose Run –> type regedit –> Hit Enter -> Press CTRL + F buttons. Type .Merry Ransomware in the search field.

Automatic Removal of .Merry Ransomware

DOWNLOAD REMOVAL TOOL FOR .Merry Ransomware
The free version of SpyHunter will only scan your computer to detect any possible threats. To remove them permanently from your computer, purchase its full version. Spy Hunter malware removal tool additional information/SpyHunter Uninstall Instructions

Decrypt Files Encrypted by The .Merry Ransomware Ransomware.

For the decryption, please follow this web link:

https://decrypter.emsisoft.com/mrcr

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload the CAPTCHA.