If your documents, photos and music does not open normally and .Yatron file extension added at the end of their name then your system is infected with a new Yatron ransomware from a family of file-encrypting ransomware. Once started, it have encrypted all personal files stored on your PC system drives and attached network drives.
The .Yatron ransomware is a malware which created in order to encrypt files. It hijack a whole machine or its data and demand a ransom in order to unlock (decrypt) them. The authors of the .Yatron ransomware virus have a strong financial motive to infect as many PCs as possible. The files that will be encrypted include the following file extensions:
.dazip, .wbd, .xmmap, .xls, .p7b, .csv, .ntl, .xxx, .pst, .orf, .ibank, .kdc, .rar, .ff, .3fr, .m2, .wp5, .dcr, .xlsm, .pef, .xls, .upk, .crw, .sid, .big, .0, .wn, .wbmp, .docx, .zdc, .d3dbsp, .sie, .bar, .xlsx, .db0, .wbz, .blob, .xy3, .wsd, .jpeg, .avi, .layout, .pkpass, .wmv, .wpw, .t12, .wotreplay, .rwl, .xll, .fpk, .zw, .hvpl, .mdf, .mlx, .js, .mpqge, .asset, .vtf, .css, .forge, .sql, .zip, .z3d, .wpl, .wpe, .bkf, .wb2, .sum, .xlsm, .xbplate, .das, .yml, .desc, .apk, .rgss3a, .webp, .zi, .xpm, .wps, .p12, .ppt, .snx, .der, .sis, .sidn, .fsh, .kdb, .x3f, .lbf, .wire, .xx, .xdb, .vdf, .wpd, .odc, .litemod, .pptx, .odb, .bkp, .hkdb, .icxs, .odp, .doc, .ws, .docm, .mrwref, .psd, .raf, .srw, .mcmeta, .wpg, .erf, .m4a, .wpb, .vpk, .cdr, .slm, .wcf, .mov, .7z, .1st, .vfs0, .crt, .y, .xmind, .xml, .srf, wallet, .ai, .iwd, .ysp, .ztmp, .ncf, .tax, .gho, .arw, .wdp, .kf, .fos, .mp4, .t13, .wdb, .rofl, .pptm, .wmo, .ltx, .sidd, .3ds, .png, .x, .xbdoc, .m3u, .wsc, .cr2, .map, .wma, .bsa, .wmf, .wmv, .arch00, .itm, .dxg, .rim, .wp6, .vpp_pc, .gdb, .wot, .dba, .wbc, .ptx, .xlsb, .pfx, .bc7, .xf, .ods, .esm, .ybk, .bay, .pak, .zabw, .cfr, .sr2, .xyp, .wbm, .wp7, .cer, .zdb, .syncdb, .2bp, .rw2, .yal, .flv, .r3d, .nrw, .wpt, .wps, .x3d, .wbk, .pdf, .pem, .vcf, .indd, .svg, .rb, .xwp, .wgz, .mdbackup, .jpg, .wm, .hplg, .itdb, .mef, .txt, .w3x, .pdd, .wsh, .mdb, .itl, .dwg, .menu, .xyw, .3dm, .sav, .hkx, .cas, .sb, .p7c, .mddata, .odm, .webdoc, .wmd, .wpa, .xdl, .dng, .jpe, .zip, .psk, .x3f, .qic, .qdf, .eps, .zif, .wri, .wp4, .xar, .xlk, .iwi, .wma, .wpd, .bc6, .epk, .lvl, .py, .wav, .odt, .1, .accdb, .tor, .raw
When encrypting a file it will add the .Yatron file extension to every encrypted file name to identify that the file has been encrypted. For example, a file named
sample.doc would be encrypted and renamed to
sample.doc.Yatron. Once the procedure is finished, it will display the ransom note. It includes instructions on how to purchase a private key to decrypt all personal files. An example of the ransomnote is:
your important files are encrypted ! Your documents, photos, databases and Other personal files are encrypted ? the files that you looked for not readable ? We are the only ones who can decrypt your files Through the unique key. what should I do for decrypting my files? If you want to recover your files, you must purchase a the unique key send300$ btc to address:36Bz7B1gsc1WdBf7tnRNbKUGiQjQ2qHGoo Send us your ID after your payment Email to contact us : email@example.com As proof you can email us 2 files to decrypt and we will send you the recover files to prove that we can decrypt your files
Use the step-by-step steps below to remove .Yatron ransomware itself and try to restore encrypted personal files for free.
Table of contents
- How to remove .Yatron ransomware
- How to decrypt .Yatron files
- How to restore .Yatron files
- How to protect your machine from .Yatron ransomware virus?
- Finish words
How to remove .Yatron ransomware
Before you start the procedure of restoring photos, documents and music that has been encrypted, make sure .Yatron ransomware is not running. Firstly, you need to delete this ransomware permanently. Luckily, there are several malware removal utilities that will effectively scan for and delete .Yatron ransomware virus and other crypto virus malicious software from your personal computer.
How to delete .Yatron ransomware with Zemana Anti-malware
Zemana Anti-malware is a utility that can remove ransomware, trojans, worms, adware software, PUPs and other malicious software from your PC easily and for free. Zemana Anti-malware is compatible with most antivirus software. It works under Windows (10 – XP, 32 and 64 bit) and uses minimum of PC resources.
Installing the Zemana Anti Malware is simple. First you will need to download Zemana Anti Malware (ZAM) by clicking on the following link.
Author: Zemana Ltd
Category: Security tools
Update: February 14, 2019
After the downloading process is complete, close all applications and windows on your PC. Double-click the install file named Zemana.AntiMalware.Setup. If the “User Account Control” dialog box pops up as shown in the figure below, click the “Yes” button.
It will open the “Setup wizard” which will help you setup Zemana on your system. Follow the prompts and don’t make any changes to default settings.
Once installation is finished successfully, Zemana Free will automatically start and you can see its main screen as shown on the screen below.
Now click the “Scan” button . Zemana program will scan through the whole computer for the .Yatron ransomware virus related files, folders and registry keys. A scan can take anywhere from 10 to 30 minutes, depending on the number of files on your computer and the speed of your computer. During the scan Zemana will search for threats present on your system.
When Zemana Free has finished scanning your computer, Zemana Anti-Malware will display a screen which contains a list of malware that has been detected. In order to get rid of all items, simply press “Next” button. The Zemana Anti Malware (ZAM) will begin to remove .Yatron ransomware virus and other malware. When finished, you may be prompted to restart the personal computer.
Automatically get rid of .Yatron ransomware with MalwareBytes
We recommend using the MalwareBytes Free which are completely clean your computer of the Yatron ransomware. This free tool is an advanced malware removal program created by (c) Malwarebytes lab. This program uses the world’s most popular anti-malware technology. It’s able to help you get rid of ransomware, PUPs, malware, adware, trojans, and other security threats from your PC for free.
Installing the MalwareBytes Anti-Malware (MBAM) is simple. First you will need to download MalwareBytes on your Windows Desktop by clicking on the following link.
Category: Security tools
Update: February 5, 2019
When the downloading process is done, close all programs and windows on your PC system. Double-click the install file named mb3-setup. If the “User Account Control” dialog box pops up as on the image below, click the “Yes” button.
It will open the “Setup wizard” that will help you setup MalwareBytes Anti Malware (MBAM) on your system. Follow the prompts and don’t make any changes to default settings.
Once installation is finished successfully, press Finish button. MalwareBytes Anti-Malware (MBAM) will automatically start and you can see its main screen like below.
Now click the “Scan Now” button for checking your computer for the .Yatron ransomware virus and other malicious software. Depending on your PC system, the scan can take anywhere from a few minutes to close to an hour. While the MalwareBytes Anti Malware is scanning, you can see count of objects it has identified either as being malware.
When the scan is done, you’ll be displayed the list of all found items on your computer. In order to remove all threats, simply press “Quarantine Selected” button. The MalwareBytes AntiMalware will remove .Yatron ransomware virus and other kinds of potential threats. After that process is done, you may be prompted to reboot the computer.
We suggest you look at the following video, which completely explains the process of using the MalwareBytes Free to remove adware, hijacker and other malware.
Double-check for ransomware with KVRT
KVRT is a free removal tool that can be downloaded and run to delete viruses, adware, malicious software, potentially unwanted applications, ransomware and other threats from your computer. You may run this tool to search for threats even if you have an antivirus or any other security program.
Download Kaspersky virus removal tool (KVRT) on your Microsoft Windows Desktop by clicking on the link below.
Author: Kaspersky® lab
Category: Security tools
Update: March 5, 2018
Once the download is finished, double-click on the Kaspersky virus removal tool icon. Once initialization process is finished, you’ll see the KVRT screen like below.
Click Change Parameters and set a check near all your drives. Click OK to close the Parameters window. Next press Start scan button . Kaspersky virus removal tool application will scan through the whole PC system for the .Yatron ransomware and other trojans and harmful applications. A scan can take anywhere from 10 to 30 minutes, depending on the number of files on your personal computer and the speed of your computer. While the tool is scanning, you can see count of objects and files has already scanned.
When finished, the results are displayed in the scan report like below.
Review the results once the utility has finished the system scan. If you think an entry should not be quarantined, then uncheck it. Otherwise, simply click on Continue to start a cleaning procedure.
How to decrypt .Yatron files
The .Yatron ransomware uses strong encryption mode. What does it mean to decrypt the files is impossible without the private key. Use a “brute forcing” is also not a way because of the big length of the key. Therefore, unfortunately, the only payment to the makers of the .Yatron ransomware entire amount requested – the only way to try to get the decryption key and decrypt all your files.
We don’t recommend paying a ransom, as there is no guarantee that you will be able to decrypt your files. In addition, you must understand that paying money to the cyber criminals, you are encouraging them to create a new ransomware virus.
Especially since you have a chance to restore your personal files for free using free utilities like ShadowExplorer and PhotoRec.
How to restore .Yatron files
In some cases, you can restore files encrypted by .Yatron ransomware virus. Try both methods. Important to understand that we cannot guarantee that you will be able to restore all encrypted files.
Restore .Yatron encrypted files using Shadow Explorer
If automated backup (System Restore) is enabled, then you can use it to recover all encrypted files to previous versions.
ShadowExplorer can be downloaded from the following link. Save it on your Microsoft Windows desktop.
Category: Security tools
Update: February 27, 2018
Once the downloading process is finished, open a directory in which you saved it. Right click to ShadowExplorer-0.9-portable and select Extract all. Follow the prompts. Next please open the ShadowExplorerPortable folder as displayed on the image below.
Double click ShadowExplorerPortable to start it. You will see the a window as on the image below.
In top left corner, select a Drive where encrypted files are stored and a latest restore point as on the image below (1 – drive, 2 – restore point).
On right panel look for a file that you want to restore, right click to it and select Export as shown in the following example.
Recover .Yatron files with PhotoRec
Before a file is encrypted, the .Yatron ransomware virus makes a copy of this file, encrypts it, and then deletes the original file. This can allow you to recover your photos, documents and music using file recover software such as PhotoRec.
Download PhotoRec on your Microsoft Windows Desktop by clicking on the link below.
Category: Security tools
Update: March 1, 2018
When downloading is finished, open a directory in which you saved it. Right click to testdisk-7.0.win and select Extract all. Follow the prompts. Next please open the testdisk-7.0 folder as displayed on the screen below.
Double click on qphotorec_win to run PhotoRec for MS Windows. It will open a screen as shown below.
Select a drive to recover like below.
You will see a list of available partitions. Choose a partition that holds encrypted photos, documents and music like below.
Click File Formats button and choose file types to recover. You can to enable or disable the restore of certain file types. When this is finished, press OK button.
Next, click Browse button to choose where recovered photos, documents and music should be written, then press Search.
Count of restored files is updated in real time. All restored personal files are written in a folder that you have selected on the previous step. You can to access the files even if the recovery process is not finished.
When the recovery is finished, click on Quit button. Next, open the directory where recovered files are stored. You will see a contents as on the image below.
All recovered files are written in recup_dir.1, recup_dir.2 … sub-directories. If you are searching for a specific file, then you can to sort your recovered files by extension and/or date/time.
How to protect your machine from .Yatron ransomware virus?
Most antivirus programs already have built-in protection system against the virus. Therefore, if your computer does not have an antivirus program, make sure you install it. As an extra protection, run the HitmanPro.Alert.
Run HitmanPro.Alert to protect your PC system from .Yatron ransomware virus
HitmanPro.Alert is a small security tool. It can check the system integrity and alerts you when critical system functions are affected by malware. HitmanPro.Alert can detect, remove, and reverse ransomware effects.
Download HitmanPro Alert from the following link. Save it on your Desktop.
Category: Security tools
Update: March 6, 2019
When downloading is done, open the folder in which you saved it. You will see an icon like below.
Double click the HitmanPro.Alert desktop icon. After the utility is opened, you’ll be shown a window where you can select a level of protection, as shown in the following example.
Now press the Install button to activate the protection.
Once you’ve finished the few simple steps above, your computer should be clean from .Yatron ransomware virus and other malicious software. Your PC will no longer encrypt your files. Unfortunately, if the steps does not help you, then you have caught a new variant of virus, and then the best way – ask for help here.