If your photos, documents and music does not open normally, their names modified or .SAVEfiles, .DATAWAIT, .INFOWAIT added at the end of their name then your system is infected with a new Savefiles@india.com ransomware from the family of the STOP ransomware. Once started, it have encrypted all files stored on a PC system drives and attached network drives.
The Savefiles@india.com ransomware is a malicious software that created in order to encrypt personal files. It hijack a whole system or its data and demand a ransom in order to unlock (decrypt) them. The authors of the Savefiles@india.com ransomware have a strong financial motive to infect as many PC systems as possible. The files that will be encrypted include the following file extensions:
.bkf, .upk, .dazip, .xlsm, .wmv, .wpd, .wm, .odt, .zdc, .flv, .wmd, .vpk, .xbdoc, .dbf, .xls, .ff, .blob, .eps, .mcmeta, .hvpl, .mef, .w3x, .mdb, .wsd, .mddata, .lvl, .wbz, .wdp, .cer, .ntl, .yml, .erf, .mpqge, wallet, .arw, .psd, .kdc, .wbc, .js, .png, .kdb, .cdr, .forge, .t12, .wb2, .pst, .wmf, .srf, .dxg, .xbplate, .odp, .m3u, .raw, .qdf, .indd, .wn, .icxs, .jpg, .xar, .tax, .1st, .dng, .doc, .dcr, .xdl, .das, .xlsm, .txt, .kf, .itl, .dmp, .asset, .ncf, .mrwref, .wpa, .ai, .ptx, .odc, .wire, .pptx, .hkx, .fos, .wps, .rwl, .wp7, .wp6, .x3d, .xml, .apk, .ltx, .sql, .rb, .pdf, .rar, .xlgc, .cas, .xy3, .bc6, .big, .itm, .sr2, .pdd, .x, .pfx, .yal, .wp5, .wav, .wma, .itdb, .wotreplay, .fpk, .sidn, .vcf, .wpw, .wcf, .wbm, .bkp, .tor, .pak, .der, .psk, .xlsx, .3ds, .arch00, .slm, .mp4, .odb, .esm, .avi, .mov, .xls, .wsh, .jpeg, .odm, .wpl, .hplg, .xll, .csv, .menu, .y, .hkdb, .pkpass, .ibank, .wmo, .mdf, .wps, .zabw, .wgz, .rofl, .bik, .syncdb, .0, .xpm, .xwp, .xx, .pef, .rtf, .rw2, .d3dbsp, .zw, .raf, .sid, .wpe, .epk, .gdb, .xmind, .xyw, .css, .ztmp, .wma, .snx, .crw, .wbmp, .wpg, .wmv, .vpp_pc, .sie, .t13, .p12, .1, .jpe, .z, .bay, .wdb, .xmmap, .7z, .cfr, .wpt, .webp, .lbf, .r3d, .xdb, .db0, .sum, .3dm, .zif, .xlk, .pptm, .zip, .nrw, .mdbackup
When the ransomware encrypts a file, it will append the .SAVEfiles, .DATAWAIT, .INFOWAIT extension to each encrypted file. Once the ransomware finished enciphering of all documents, photos and music, it will create a file called “!readme.txt” with ransom instructions on how to decrypt all files. An example of the ransom note is:
WARNING!
Your files, photos, documents, databases and other important files are encrypted and have the extension: .SAVEfiles
The only method of recovering files is to purchase an decrypt software and unique private key.
After purchase you will start decrypt software, enter your unique private key and it will decrypt all your data.
Only we can give you this key and only we can recover your files.
You need to contact us by e-mail BM-2cXonzj9ovn5qdX2MrwMK4j3qCquXBKo4h@bitmessage.ch send us your personal ID and wait for further instructions.
For you to be sure, that we can decrypt your files – you can send us a 1-3 any not very big encrypted files and we will send you back it in a original form FREE.
Price for decryption $300.
This price avaliable if you contact us first 72 hours.E-mail address to contact us:
BM-2cXonzj9ovn5qdX2MrwMK4j3qCquXBKo4h@bitmessage.chReserve e-mail address to contact us:
savefiles@india.comYour personal id:
The ransomnote encourages victim to contact ransomware’s makers via Savefiles@india.com in order to decrypt all files. These persons will require to pay a ransom (usually demand for $300-1000 in Bitcoins).
We do not recommend paying a ransom, as there is no guarantee that you will be able to decrypt your documents, photos and music. Especially since you have a chance to restore your files for free using free utilities such as ShadowExplorer and PhotoRec.
Table of contents
- How to decrypt SAVEfiles files
- How to remove Savefiles@india.com ransomware virus
- How to restore SAVEfiles files for free
- How to protect your machine from Savefiles@india.com ransomware?
How to decrypt SAVEfiles files
You will need to contact Dr. Web antivirus company for help with SAVEfiles files decryption. They do charge a fee, if you were not a Dr. Web antivirus customer at the time of ransomware attack and they are able to decrypt it. Use the link below.
https://support.drweb.com/new/free_unlocker/for_decode/
Dr.Web offers a help to decrypt files encrypted by Savefiles@india.com ransomware
Except for Savefiles@india.com ransomware decryptor that was made by the Dr. Web antivirus company, at the moment there is no other free way to decrypt encrypted files. But you have a chance to restore encrypted files for free.
How to remove Savefiles@india.com ransomware virus
In order to remove Savefiles@india.com ransomware from your PC system, you need to stop all ransomware processes and delete its associated files including Windows registry entries. If any ransomware components are left on the computer, the ransomware virus can reinstall itself the next time the personal computer boots up. Usually ransomwares uses random name consist of characters and numbers that makes a manual removal procedure very difficult. We suggest you to use a free virus removal tools that will help get rid of Savefiles@india.com ransomware virus from your computer. Below you can found a few popular malware removers that detects various ransomware.
Remove Savefiles@india.com ransomware with Zemana Anti-malware
Zemana Anti-malware highly recommended, because it can look for security threats such Savefiles@india.com ransomware virus, ad supported software and other malicious software which most ‘classic’ antivirus programs fail to pick up on. Moreover, if you have any Savefiles@india.com ransomware removal problems which cannot be fixed by this tool automatically, then Zemana Anti-malware provides 24X7 online assistance from the highly experienced support staff.
- Visit the following page to download Zemana Anti Malware (ZAM). Save it directly to your MS Windows Desktop.
Zemana AntiMalware
164979 downloads
Author: Zemana Ltd
Category: Security tools
Update: July 16, 2019
- Once the download is finished, close all apps and windows on your personal computer. Open a folder in which you saved it. Double-click on the icon that’s named Zemana.AntiMalware.Setup.
- Further, press Next button and follow the prompts.
- Once installation is complete, click the “Scan” button to begin checking your machine for the Savefiles@india.com ransomware virus and other malicious software and potentially unwanted applications. This procedure can take some time, so please be patient. When a malicious software, ad supported software or potentially unwanted software are detected, the count of the security threats will change accordingly.
- When finished, you’ll be displayed the list of all found items on your machine. Make sure all items have ‘checkmark’ and click “Next”. When the clean-up is finished, you can be prompted to restart your personal computer.
Use MalwareBytes Anti Malware (MBAM) to delete Savefiles@india.com ransomware
We recommend using the MalwareBytes Anti-Malware (MBAM) that are completely clean your machine of the ransomware. This free tool is an advanced malicious software removal application made by (c) Malwarebytes lab. This program uses the world’s most popular antimalware technology. It’s able to help you get rid of virus, potentially unwanted apps, malware, adware, toolbars, and other security threats from your system for free.
Installing the MalwareBytes Anti Malware (MBAM) is simple. First you’ll need to download MalwareBytes Free on your PC system by clicking on the following link.
327222 downloads
Author: Malwarebytes
Category: Security tools
Update: April 15, 2020
After downloading is done, run it and follow the prompts. Once installed, the MalwareBytes Anti Malware will try to update itself and when this process is complete, click the “Scan Now” button . MalwareBytes program will scan through the whole machine for the Savefiles@india.com ransomware and other malicious software and PUPs. This task may take quite a while, so please be patient. While the utility is checking, you may see how many objects and files has already scanned. In order to remove all items, simply press “Quarantine Selected” button.
The MalwareBytes Anti Malware (MBAM) is a free program that you can use to delete all detected folders, files, services, registry entries and so on. To learn more about this malware removal utility, we suggest you to read and follow the few simple steps or the video guide below.
Use KVRT to get rid of Savefiles@india.com ransomware virus from the PC
KVRT is a free removal utility that may be downloaded and use to delete ransomwares, adware, malicious software, PUPs, toolbars and other threats from your PC. You can use this utility to look for threats even if you have an antivirus or any other security program.
Download Kaspersky virus removal tool (KVRT) by clicking on the following link.
129279 downloads
Author: Kaspersky® lab
Category: Security tools
Update: March 5, 2018
Once downloading is complete, double-click on the Kaspersky virus removal tool icon. Once initialization process is finished, you’ll see the Kaspersky virus removal tool screen as displayed in the figure below.
Click Change Parameters and set a check near all your drives. Click OK to close the Parameters window. Next click Start scan button to perform a system scan with this tool for the Savefiles@india.com ransomware and other trojans and harmful programs. This process can take quite a while, so please be patient. While the Kaspersky virus removal tool is checking, you can see count of objects it has identified either as being malicious software.
As the scanning ends, KVRT will open a screen that contains a list of malicious software that has been found as on the image below.
Review the scan results and then press on Continue to begin a cleaning process.
How to restore SAVEfiles files for free
In some cases, you can recover files encrypted by Savefiles@india.com ransomware virus. Try both methods. Important to understand that we cannot guarantee that you will be able to restore all encrypted photos, documents and music.
Use shadow copies to recover SAVEfiles files
If automated backup (System Restore) is enabled, then you can use it to restore all encrypted files to previous versions.
Click the link below to download ShadowExplorer. Save it to your Desktop so that you can access the file easily.
439621 downloads
Author: ShadowExplorer.com
Category: Security tools
Update: September 15, 2019
When the downloading process is finished, extract the saved file to a folder on your computer. This will create the necessary files like below.
Launch the ShadowExplorerPortable application. Now choose the date (2) that you wish to recover from and the drive (1) you want to recover files (folders) from as displayed below.
On right panel navigate to the file (folder) you want to recover. Right-click to the file or folder and press the Export button as shown on the image below.
And finally, specify a directory (your Desktop) to save the shadow copy of encrypted file and press ‘OK’ button.
Run PhotoRec to restore SAVEfiles files
Before a file is encrypted, the Savefiles@india.com ransomware virus makes a copy of this file, encrypts it, and then deletes the original file. This can allow you to restore your files using file recover software such as PhotoRec.
Download PhotoRec on your computer from the following link.
When the download is finished, open a directory in which you saved it. Right click to testdisk-7.0.win and choose Extract all. Follow the prompts. Next please open the testdisk-7.0 folder as displayed in the figure below.
Double click on qphotorec_win to run PhotoRec for Microsoft Windows. It will display a screen like below.
Choose a drive to recover as displayed below.
You will see a list of available partitions. Select a partition that holds encrypted files as displayed on the screen below.
Click File Formats button and select file types to restore. You can to enable or disable the restore of certain file types. When this is finished, click OK button.
Next, click Browse button to choose where recovered documents, photos and music should be written, then click Search.
Count of recovered files is updated in real time. All restored photos, documents and music are written in a folder that you have chosen on the previous step. You can to access the files even if the recovery process is not finished.
When the recovery is done, press on Quit button. Next, open the directory where restored personal files are stored. You will see a contents as shown on the screen below.
All recovered personal files are written in recup_dir.1, recup_dir.2 … sub-directories. If you’re searching for a specific file, then you can to sort your recovered files by extension and/or date/time.
How to protect your machine from Savefiles@india.com ransomware?
Most antivirus programs already have built-in protection system against the ransomware virus. Therefore, if your personal computer does not have an antivirus application, make sure you install it. As an extra protection, use the CryptoPrevent.
Run CryptoPrevent to protect your machine from Savefiles@india.com ransomware virus
Download CryptoPrevent on your system by clicking on the following link.
www.foolishit.com/download/cryptoprevent/
Run it and follow the setup wizard. Once the setup is finished, you will be shown a window where you can choose a level of protection, as displayed below.
Now press the Apply button to activate the protection.
Finish words
Now your system should be clean of the Savefiles@india.com ransomware. Uninstall KVRT and MalwareBytes Free. We suggest that you keep Zemana Free (to periodically scan your computer for new malware). Probably you are running an older version of Java or Adobe Flash Player. This can be a security risk, so download and install the latest version right now.
If you are still having problems while trying to get rid of Savefiles@india.com ransomware virus from your machine, then ask for help here.
i have datawait virus i need decrypteur