Golden Axe ransomware is a malicious software from family of file-encrypting ransomware. It is developed to encrypt photos, documents and music found on infected machine using very strong hybrid encryption with a large key, appending a random extension to all encrypted files.
‘Golden Axe ransomware’ – ransom note
Golden Axe ransomware virus encrypts almost of files, including common as:
.pfx, .asset, .wbk, .epk, .xll, .wp6, .orf, .hvpl, .rar, .2bp, .map, .das, .z3d, .xls, .pkpass, .wbd, .fpk, .mef, .fos, .pef, .hkx, .1, .wgz, .slm, .flv, .wpd, .nrw, .x3f, .crw, .odm, .wpd, .bay, .zdb, .xy3, .sb, .pdf, .vtf, .wm, .eps, .sr2, .pst, .zip, .psd, .xlsm, .wpg, .xdl, .re4, .pptx, .rofl, .big, .ztmp, .xmmap, .desc, .wp, .hkdb, .mlx, .lvl, .jpg, .rw2, .t13, .icxs, .rtf, .3ds, .wdp, .xmind, .upk, .p7c, .hplg, .p12, .1st, .rb, .zif, .der, .wcf, .odc, .mrwref, .x3d, .doc, .dcr, .blob, .wbmp, .gdb, .wn, .wpe, .cer, .css, .crt, .raw, .js, .mp4, .ods, .srf, .vdf, .xpm, .xx, .kdc, .vpp_pc, .3dm, .wpb, .webdoc, .raf, .wma, .wire, .wotreplay, .rgss3a, .apk, .zdc, .wpw, .wbm, .vpk, .menu, .docm, .pem, .cfr, .xbdoc, .gho, .mcmeta, .tor, .ysp, .x, .yml, .mov, .py, .kf, .wmv, .ibank, .mdbackup, .sie, .arw, .csv, .ptx, .wb2, .litemod, .dmp, .xlsx, .accdb, .0, .wp7, .zi, .xbplate, .xyp, .ppt, .mddata, .xar, .xlsx, .zabw, .lbf, .layout, .p7b, .dwg, .forge, .bkp, .jpe, .ncf, .wmd, .db0, .cr2, .xyw, .xlsb, .sql, .qdf, .tax, .bar, .z, .qic, .vfs0, .docx, .xdb, .xlgc, .wot, .syncdb, .sav, .fsh, .rwl, .itdb, wallet, .kdb, .xml, .indd, .3fr, .wsc, .zip, .ws, .sid, .pptm, .wsh, .erf, .sum, .sidn, .cdr, .pak, .ff, .dxg, .ybk, .lrf, .wdb, .wbc, .avi, .bc7, .itm, .ai, .ntl, .dng, .jpeg, .sis, .xf, .mdf, .y, .odt, .cas, .m4a, .odp, .m2, .wma, .srw, .mpqge, .itl, .odb, .m3u, .xld, .wbz, .wmv, .ltx, .pdd, .d3dbsp, .t12, .bik, .wpt, .7z, .psk, .vcf, .iwd, .dbf, .bsa, .xlk, .xlsm, .wpl, .wp5, .zw, .xxx, .xls, .wps, .wmo, .yal, .rim, .sidd, .dba, .wsd, .esm, .wp4, .png, .wav, .svg, .dazip, .webp, .iwi, .bc6
Once the encryption procedure is finished, it will drop a ransom demanding message named “# instructions-ID#.jpg, # instructions-ID#.txt, and # instructions-ID#.vbs” offering decrypt all users personal files if a payment is made. You can see an one of the variants of the ransom note below:
*** UNDER ANY CIRCUMSTANCES UNTIL DECRYPT YOUR FILES DO NOT DELETE THIS INSTRUCTIONS FILE *** # What Happened? All your files, documents, photos, databases, and other important files are encrypted by ‘Golden Axe’ ransomware! It means you will not be able to access them anymore until they are decrypted. Recovery process impossible without purchasing your special decryption package from us! # Free Decryption Guarantee! We will decrypt one of your files before you making payment to show our honesty. Pick up and attach one of your random encrypted files less than ~1 megabytes in the first contact with us. * Make sure you will send the file as clear. Not archived, compressed or etc… # How to contact with you? Send your message with your ‘DATA’ block on the blow of this file to our email address – xxback@keemail.me and wait for our response. Write in email message what you think necessary. Do not forget, write to us in English or get help for a professional translator. Also do not forget! When we does not reply your email after 24 hour, send your message to our backup email – darkusmbackup@protonmail.com # How to Purchase Decryption Package? We will send you next step instructions about payment and decryption in the email. The decryption price base on how fast you contact with us! We accept only cryptocurrency named Bitcoin (BTC) as a payment method. # How to Purchase Bitcoin? Use the global and trusted Bitcoin exchange website – https://localbitcoins.com for fast and easy Bitcoin purchase. For more information search about ‘How to buy Bitcoin’ on the internet. # Attention! * DO NOT MODIFY, MOVE OR RENAME ENCRYPTED FILES. THIS CAUSES A CORRUPT YOUR FILES!
Instructions which is shown below, will help you to remove Golden Axe ransomware virus as well as recover encrypted documents, photos and music stored on your computer drives.
Table of contents
- How to remove Golden Axe ransomware
- How to decrypt files encrypted by Golden Axe ransomware
- How to restore files encrypted by Golden Axe ransomware
- How to protect your PC system from Golden Axe ransomware?
- To sum up
How to remove Golden Axe ransomware
Before you launch the process of recovering photos, documents and music which has been encrypted, make sure Golden Axe ransomware virus is not running. Firstly, you need to remove this virus permanently. Thankfully, there are several malicious software removal tools which will effectively search for and delete Golden Axe ransomware virus and other crypto virus malicious software from your computer.
Remove Golden Axe ransomware with Zemana Anti-malware
Zemana Anti-malware is a utility which can remove ransomware infections, adware software, potentially unwanted software, browser hijacker infections and other malware from your computer easily and for free. Zemana Anti-malware is compatible with most antivirus software. It works under Windows (10 – XP, 32 and 64 bit) and uses minimum of personal computer resources.
Download Zemana on your system by clicking on the link below.
159513 downloads
Author: Zemana Ltd
Category: Security tools
Update: July 16, 2019
After downloading is complete, close all applications and windows on your PC. Double-click the set up file called Zemana.AntiMalware.Setup. If the “User Account Control” dialog box pops up as shown on the screen below, click the “Yes” button.
It will open the “Setup wizard” which will help you set up Zemana on your machine. Follow the prompts and do not make any changes to default settings.
Once install is done successfully, Zemana AntiMalware (ZAM) will automatically start and you can see its main screen as displayed in the figure below.
Now click the “Scan” button for checking your personal computer for the Golden Axe ransomware virus related files, folders and registry keys. While the Zemana Anti-Malware (ZAM) application is checking, you may see number of objects it has identified as threat.
Once the system scan is complete, Zemana AntiMalware will display a list of all items found by the scan. Review the results once the tool has complete the system scan. If you think an entry should not be quarantined, then uncheck it. Otherwise, simply click “Next” button. The Zemana Free will remove Golden Axe ransomware virus and other malicious software and add threats to the Quarantine. After the clean up is finished, you may be prompted to reboot the system.
Automatically remove Golden Axe ransomware virus with MalwareBytes
Remove Golden Axe ransomware manually is difficult and often the ransomware virus is not fully removed. Therefore, we suggest you to use the MalwareBytes Anti Malware (MBAM) that are fully clean your computer. Moreover, this free program will help you to delete malicious software, trojans, worms and adware software that your PC can be infected too.
MalwareBytes can be downloaded from the following link. Save it on your Microsoft Windows desktop.
317584 downloads
Author: Malwarebytes
Category: Security tools
Update: April 15, 2020
When the downloading process is finished, run it and follow the prompts. Once installed, the MalwareBytes will try to update itself and when this process is finished, click the “Scan Now” button for scanning your PC for the Golden Axe ransomware and other kinds of potential threats. Depending on your PC, the scan can take anywhere from a few minutes to close to an hour. When a malicious software, adware software or potentially unwanted apps are detected, the number of the security threats will change accordingly. You may get rid of items (move to Quarantine) by simply press “Quarantine Selected” button.
The MalwareBytes AntiMalware is a free program that you can use to delete all detected folders, files, services, registry entries and so on. To learn more about this malware removal tool, we suggest you to read and follow the few simple steps or the video guide below.
Delete Golden Axe ransomware virus with KVRT
If MalwareBytes antimalware or Zemana anti malware cannot remove Golden Axe ransomware, then we recommends to use the KVRT. KVRT is a free removal utility for ransomware viruses, adware, worms and trojans.
Download Kaspersky virus removal tool (KVRT) on your PC by clicking on the following link.
123860 downloads
Author: Kaspersky® lab
Category: Security tools
Update: March 5, 2018
Once the downloading process is done, double-click on the KVRT icon. Once initialization process is done, you will see the Kaspersky virus removal tool screen like below.
Click Change Parameters and set a check near all your drives. Click OK to close the Parameters window. Next click Start scan button . KVRT utility will start scanning the whole PC to find out Golden Axe ransomware virus and other known infections. While the utility is scanning, you can see how many objects and files has already scanned.
Once KVRT has finished scanning your PC, a list of all threats found is produced as displayed on the screen below.
You may delete items (move to Quarantine) by simply click on Continue to start a cleaning procedure.
How to decrypt files encrypted by Golden Axe ransomware
The encryption method is so strong that it is practically impossible to decrypt files without the actual encryption key. The bad news is that the only way to get your files back is to pay ($300-1000 in Bitcoins) developers of the Golden Axe ransomware virus for a copy of the private (encryption) key.
If your documents, photos and music have been encrypted by the Golden Axe ransomware, We suggests: do not to pay the ransom. If this malware make money for its developers, then your payment will only increase attacks against you. Of course, decryption without the private key is not feasible, but that does not mean that the Golden Axe ransomware virus must seriously disrupt your live.
If you do not want to pay for a decryption key, then you have a chance to recover encrypted documents, photos and music. Use free tools listed below (ShadowExplorer and PhotoRec).
How to restore files encrypted by Golden Axe ransomware
In some cases, you can recover files encrypted by Golden Axe ransomware virus. Try both methods. Important to understand that we cannot guarantee that you will be able to restore all encrypted photos, documents and music.
Recover encrypted files with ShadowExplorer
If automated backup (System Restore) is enabled, then you can use it to restore all encrypted files to previous versions.
ShadowExplorer can be downloaded from the following link. Save it to your Desktop so that you can access the file easily.
419062 downloads
Author: ShadowExplorer.com
Category: Security tools
Update: September 15, 2019
After the download is finished, open a directory in which you saved it. Right click to ShadowExplorer-0.9-portable and select Extract all. Follow the prompts. Next please open the ShadowExplorerPortable folder as shown below.
Run the ShadowExplorer utility and then choose the disk (1) and the date (2) that you want to recover the shadow copy of file(s) encrypted by the Golden Axe ransomware virus as displayed on the screen below.
Now navigate to the file or folder that you want to recover. When ready right-click on it and click ‘Export’ button like below.
Use PhotoRec to recover encrypted files
Before a file is encrypted, the Golden Axe ransomware virus makes a copy of this file, encrypts it, and then deletes the original file. This can allow you to restore your files using file recover programs such as PhotoRec.
Download PhotoRec on your Windows Desktop from the following link.
When the downloading process is finished, open a directory in which you saved it. Right click to testdisk-7.0.win and choose Extract all. Follow the prompts. Next please open the testdisk-7.0 folder as shown on the screen below.
Double click on qphotorec_win to run PhotoRec for MS Windows. It’ll open a screen as displayed in the figure below.
Choose a drive to recover like below.
You will see a list of available partitions. Select a partition that holds encrypted photos, documents and music as shown below.
Click File Formats button and choose file types to recover. You can to enable or disable the restore of certain file types. When this is finished, click OK button.
Next, click Browse button to choose where recovered files should be written, then click Search.
Count of restored files is updated in real time. All recovered documents, photos and music are written in a folder that you have selected on the previous step. You can to access the files even if the restore process is not finished.
When the recovery is done, click on Quit button. Next, open the directory where restored photos, documents and music are stored. You will see a contents as shown on the image below.
All restored documents, photos and music are written in recup_dir.1, recup_dir.2 … sub-directories. If you’re looking for a specific file, then you can to sort your recovered files by extension and/or date/time.
How to protect your PC system from Golden Axe ransomware?
Most antivirus software already have built-in protection system against the ransomware. Therefore, if your machine does not have an antivirus program, make sure you install it. As an extra protection, use the HitmanPro.Alert.
Use HitmanPro.Alert to protect your computer from Golden Axe ransomware
HitmanPro.Alert is a small security utility. It can check the system integrity and alerts you when critical system functions are affected by malware. HitmanPro.Alert can detect, remove, and reverse ransomware effects.
Click the link below to download HitmanPro.Alert. Save it directly to your Microsoft Windows Desktop.
Once the downloading process is finished, open the folder in which you saved it. You will see an icon like below.
Double click the HitmanPro Alert desktop icon. After the utility is opened, you’ll be displayed a window where you can select a level of protection, like below.
Now click the Install button to activate the protection.
To sum up
Now your machine should be clean of the Golden Axe ransomware virus. Uninstall MalwareBytes Free and Kaspersky virus removal tool. We advise that you keep Zemana (to periodically scan your personal computer for new malicious software). Moreover, to prevent ransomware virus, please stay clear of unknown and third party apps, make sure that your antivirus application, turn on the option to stop or detect ransomware.
If you need more help with Golden Axe ransomware related issues, go to here.
