When you start your machine, it opens a ransom instructions titled with YOUR FILES ARE STRIKED and telling that your files are encrypted, instead of usual Desktop background? It means your personal computer has become the victim of Striked virus that falls under the category of ransomware. If you get it on your personal computer, this ransomware virus can encrypt all personal files stored on the PC drives.
Table of contents
- What is Striked ransomware virus
- How to decrypt firstname.lastname@example.org files
- How to remove Striked ransomware
- Restoring files encrypted by Striked ransomware
- How to prevent your system from becoming infected by Striked virus?
- To sum up
The Striked ransomware virus uses a strong encryption algorithm with a big key. When the ransomware virus encrypts a file, it will add the “#email@example.com#id#usersid” extension to each encrypted file. Once the ransomware finished enciphering of all photos, documents and music, it will create a file named “README_DECRYPT.html” with guidance on how to decrypt all personal files.
The ransom demanding message encourages victim to contact Striked’s makers in order to decrypt all personal files. These persons will require to pay a ransom (usually demand for $300-1000 in Bitcoins). We do not recommend paying a ransom, as there is no guarantee that you will be able to decrypt your files. Especially since you have a chance to restore your photos, documents and music for free using free utilities such as ShadowExplorer and PhotoRec.
Instructions which is shown below, will help you to remove Striked ransomware infection as well as recover encrypted photos, documents and music stored on your personal computer drives.
What is Striked ransomware virus
Striked ransomware is a variant of crypto viruses (malware that encrypt personal files and demand a ransom). It affects all current versions of Windows operating systems such as Windows XP, Windows Vista, Windows 7, Windows 8, Windows 10. This virus uses RSA-2048 key (AES 256-bit encryption method) to eliminate the possibility of brute force a key that will allow to decrypt encrypted photos, documents and music.
When the virus infects a computer, it uses system directories to store own files. To run automatically whenever you turn on your system, Striked ransomware infection creates a registry entry in Windows: sections HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run, HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ RunOnce, HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run, HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ RunOnce.
Immediately after the launch, the virus scans all available drives, including network and cloud storage, to determine which files will be encrypted. The ransomware virus uses the file name extension, as a way to define a group of files that will be subjected to encrypting. Encrypted almost all types of files, including common as:
.ai, .bc6, .hplg, .m2, .wpl, .cer, .wbz, .psk, .icxs, .ysp, .map, wallet, .svg, .3ds, .mp4, .cfr, .qic, .xbdoc, .pem, .asset, .slm, .wmf, .rwl, .yal, .upk, .re4, .fpk, .wmv, .cdr, .vdf, .iwd, .accdb, .d3dbsp, .xxx, .p7b, .rtf, .x3d, .wpb, .nrw, .epk, .mlx, .layout, .sum, .qdf, .y, .cas, .x3f, .hkx, .sr2, .yml, .m4a, .webdoc, .dwg, .bkf, .xx, .xls, .bay, .pptm, .sidd, .zi, .t12, .dba, .xlsb, .itm, .vtf, .sql, .xll, .zip, .vcf, .ppt, .kdb, .pptx, .pdf, .doc, .p7c, .arch00, .wbd, .fos, .odb, .wp6, .xf, .xml, .mrwref, .orf, .xmmap, .fsh, .csv, .wp5, .wav, .big, .syncdb, .wpd, .wcf, .wbm, .wmv, .bik, .hkdb, .ntl, .zip, .zw, .avi, .rw2, .sidn, .wsd, .litemod, .itdb, .zdc, .mdf, .bkp, .rim, .ncf, .srw, .ff, .wsh, .kdc, .png, .t13, .xlk, .psd, .wbc, .wpd, .dcr, .pef, .dmp, .rgss3a, .jpeg, .wpe, .xyp, .mdbackup, .odc, .mov, .7z, .lbf, .webp, .x3f, .tax, .cr2, .wpw, .mcmeta, .zdb, .snx, .xbplate, .w3x, .odp, .sis, .desc, .arw, .wmd, .blob, .xar, .ybk, .wot, .forge, .r3d, .sav, .wbmp, .dxg, .pst, .xmind, .pak, .xlsx, .wpt, .wn, .xpm, .vfs0, .vpk, .wotreplay, .sie, .crw, .sb, .wp7, .sid, .pkpass, .odt, .dng, .eps, .hvpl, .js, .wpg, .jpe, .der, .rb, .txt, .wm, .xdb, .rofl, .ws, .docx, .1, .mdb, .wmo, .xlgc, .wsc, .lvl, .odm, .menu, .wri, .crt, .ibank, .wps
Once a file is encrypted, its extension replaced to “#firstname.lastname@example.org#id#usersid”. Next, the ransomware creates a file called “README_DECRYPT.html”. This file contain instructions on how to decrypt all encrypted documents, photos and music. An example of the guidance is:
YOUR FILES ARE STRIKED!
ALL OF YOUR FILES ARE ENCRYPTED!
Your persoanl identifier: xxxxx
Your documents, photos, databases, save games and other important data were encrypted.
For a data recovery requires a decryptor.
To decrypt your files send an email to email@example.com
In the perl letter you will receive a program for decryption.
After starting the decryption program, all your files will be restored.
!!! Attention !!!!!! Attention !!!!!! Attention !!!
*** Do not attempt to uninstall the program or run antivirus software
*** Attempts to decrypt files by themselves will result in the loss of your data
The Striked ransomware virus actively uses scare tactics by giving the victim a brief description of the encryption algorithm and showing a ransom demanding message on the desktop. It is trying to force the user of the infected machine, do not hesitate to pay a ransom, in an attempt to recover their files.
How to decrypt firstname.lastname@example.org files
Currently there is no available solution to decrypt all encrypted files. The ransomware repeatedly tells the victim that uses a strong encryption algorithm with a large key. What does it mean to decrypt the files is impossible without the private key. Use a “brute forcing” is also not a method because of the big length of the key. Therefore, unfortunately, the only payment to the developers of the Striked ransomware infection entire amount requested – the only method to try to get the decryption key and decrypt all your files.
There is absolutely no guarantee that after pay a ransom to the makers of the Striked ransomware, they will provide the necessary key to decrypt your files. In addition, you must understand that paying money to the cyber criminals, you are encouraging them to create a new virus.
How to remove Striked ransomware
We can help you remove Striked ransomware, without the need to take your computer to a professional. Simply follow the removal steps below if you currently have the ransomware on your machine and want to remove it. If you’ve any difficulty while trying to remove the ransomware virus, feel free to ask for our help in the comment section below. Read it once, after doing so, please print this page as you may need to close your web-browser or restart your PC.
Get rid of Striked ransomware virus with Zemana Anti-malware
We recommend you to run the Zemana Anti-malware that are completely clean your PC of this ransomware virus. Moreover, the tool will allow you to remove PUPs, malware, toolbars and ad-supported software that your personal computer can be infected too.
Download Zemana anti malware from the following link and save it to your Desktop.
Author: Zemana Ltd
Category: Security tools
Update: April 20, 2017
After the download is complete, close all applications and windows on your machine. Double-click the set up file named Zemana.AntiMalware.Setup. If the “User Account Control” dialog box pops up as displayed in the following example, click the “Yes” button.
It will open the “Setup wizard” that will help you install Zemana antimalware on your system. Follow the prompts and don’t make any changes to default settings.
Once installation is finished successfully, Zemana anti-malware will automatically start and you can see its main screen as shown in the figure below.
Now click the “Scan” button . This tool will now begin checking your machine for the Striked virus . While the application is checking, you can see number of objects it has identified as threat.
When it has finished scanning your PC, it’ll open a screen that contains a list of malicious software that has been detected. Next, you need to press “Next” button. The Zemana anti-malware will begin removing Striked virus and other security threats. Once disinfection is finished, you may be prompted to reboot the PC system.
Remove Striked ransomware virus with Malwarebytes
Delete Striked ransomware manually is difficult and often the virus is not completely removed. Therefore, we recommend you to use the Malwarebytes Free that are completely clean your machine. Moreover, the free application will help you to remove malware, potentially unwanted applications, toolbars and adware that your PC system can be infected too.
Download Malwarebytes on your PC by clicking on the following link.
Category: Security tools
Update: May 12, 2017
After the download is finished, close all software and windows on your system. Double-click the set up file named mb3-setup. If the “User Account Control” dialog box pops up as displayed in the following example, click the “Yes” button.
It will open the “Setup wizard” which will help you install Malwarebytes on your computer. Follow the prompts and don’t make any changes to default settings.
Once installation is done successfully, click Finish button. Malwarebytes will automatically start and you can see its main screen as on the image below.
Now click the “Scan Now” button to start checking your system for the Striked ransomware infection and other trojans and dangerous software. This process can take some time, so please be patient. When a threat is detected, the count of the security threats will change accordingly.
When it has done scanning your system, it will open a scan report. Review the scan results and then click “Quarantine Selected” button. The Malwarebytes will begin removing Striked ransomware virus and other security threats. Once disinfection is complete, you may be prompted to restart the PC.
We suggest you look at the following video, which completely explains the process of using the Malwarebytes to remove virus and other malware.
Get rid of Striked ransomware virus with KVRT
KVRT is a free removal tool that can be downloaded and run to delete ransomware infections, ‘ad supported’ software, malware, potentially unwanted applications, toolbars and other threats from your computer. You can run this utility to detect threats even if you have an antivirus or any other security application.
Download Kaspersky virus removal tool (KVRT) by clicking on the link below. Save it on your Desktop.
Author: Kaspersky® lab
Category: Security tools
Update: November 3, 2015
When the download is finished, double-click on the KVRT icon. Once initialization process is finished, you will see the Kaspersky virus removal tool screen like below.
Click Change Parameters and set a check near all your drives. Press OK to close the Parameters window. Next click Start scan button to perform a system scan for the Striked ransomware infection and other known infections. A scan can take anywhere from 10 to 30 minutes, depending on the number of files on your computer and the speed of your computer. When a malicious software, ad-supported software or virus are found, the number of the security threats will change accordingly.
When this utility has done scanning, it will display a list of detected threats like below.
In order to get rid of all threats, simply click on Continue to start a cleaning task.
Recovering files encrypted with Striked ransomware infection
In some cases, you can recover files encrypted by Striked ransomware virus. Try both methods. Important to understand that we cannot guarantee that you will be able to restore all encrypted documents, photos and music.
Run ShadowExplorer to recover email@example.com files
If automated backup (System Restore) is enabled, then you can use it to restore all encrypted files to previous versions.
Download ShadowExplorer on your MS Windows Desktop by clicking on the following link.
Category: Security tools
Update: February 12, 2016
After downloading is finished, open a directory in which you saved it. Right click to ShadowExplorer-0.9-portable and select Extract all. Follow the prompts. Next please open the ShadowExplorerPortable folder as on the image below.
Double click ShadowExplorerPortable to start it. You will see the a window as displayed on the image below.
In top left corner, select a Drive where encrypted files are stored and a latest restore point as displayed on the image below (1 – drive, 2 – restore point).
On right panel look for a file that you want to recover, right click to it and select Export as on the image below.
Run PhotoRec to restore firstname.lastname@example.org files
Before a file is encrypted, the Striked ransomware makes a copy of this file, encrypts it, and then deletes the original file. This can allow you to restore your photos, documents and music using file recover applications like PhotoRec.
Download PhotoRec by clicking on the link below. Save it on your Desktop.
Category: Security tools
Update: March 23, 2016
After the download is finished, open a directory in which you saved it. Right click to testdisk-7.0.win and choose Extract all. Follow the prompts. Next please open the testdisk-7.0 folder as shown on the screen below.
Double click on qphotorec_win to run PhotoRec for Windows. It’ll open a screen as displayed in the figure below.
Choose a drive to recover as on the image below.
You will see a list of available partitions. Select a partition that holds encrypted files as displayed in the following example.
Press File Formats button and choose file types to recover. You can to enable or disable the recovery of certain file types. When this is done, click OK button.
Next, click Browse button to choose where recovered files should be written, then click Search.
Count of restored files is updated in real time. All restored documents, photos and music are written in a folder that you have selected on the previous step. You can to access the files even if the restore process is not finished.
When the recovery is finished, press on Quit button. Next, open the directory where restored files are stored. You will see a contents as shown in the figure below.
All restored personal files are written in recup_dir.1, recup_dir.2 … sub-directories. If you are looking for a specific file, then you can to sort your restored files by extension and/or date/time.
How to prevent your system from becoming infected by Striked ransomware?
Most antivirus programs already have built-in protection system against the ransomware virus. Therefore, if your PC system does not have an antivirus program, make sure you install it. As an extra protection, run the CryptoPrevent.
Use CryptoPrevent to protect your PC from Striked ransomware
Download CryptoPrevent by clicking on the following link and save it directly to your MS Windows Desktop.
Run it and follow the setup wizard. Once the install is finished, you’ll be shown a window where you can select a level of protection, as on the image below.
Now press the Apply button to activate the protection.
To sum up
After completing the guide shown above, your computer should be clean from Striked ransomware and other malware. Your PC system will no longer encrypt your photos, documents and music. Unfortunately, if the few simple steps does not help you, then you have caught a new variant of ransomware, and then the best way – ask for help.
- Download HijackThis from the link below and save it to your Desktop.
Category: Security tools
Update: November 7, 2015
- Double-click on the HijackThis icon. Next press “Do a system scan only” button.
- When the system scan is finished, the scan button will read “Save log”, click it. Save this log to your desktop.
- Create a Myantispyware account here. Once you’ve registered, check your e-mail for a confirmation link, and confirm your account. After that, login.
- Copy and paste the contents of the HijackThis log into your post. If you are posting for the first time, please start a new thread by using the “New Topic” button in the Spyware Removal forum. When posting your HJT log, try to give us some details about your problems, so we can try to help you more accurately.
- Wait for one of our trained “Security Team” or Site Administrator to provide you with knowledgeable assistance tailored to your problem with the Striked ransomware.