A new variant of ransomware virus has been discovered by computer security professionals. It appends the .securityP file extension to encrypted files. This ransomware targets computers running Microsoft Windows by spam emails, malware or manually installing the ransomware. Here’s everything you need to know about this ransomware, how to remove ‘.securityP ransomware virus’ and how to restore (decrypt) encrypted personal files for free.
‘.securityP ransomware’ – ransom note
What is ‘.securityP ransomware’? It is a malicious software which encrypts photos, documents and music until a ransom is paid to the cyber criminal. Once started, the .securityP ransomware will scan the machine for some file types and encrypt them. It will encrypt almost of files, including:
.vfs0, .sis, .asset, .js, .ai, .srf, .wbmp, .sie, .sql, .xxx, .wb2, .x3f, .esm, .mdb, .ods, .pdd, .ff, .y, .zdc, .psd, .3fr, .xy3, .xlgc, .iwd, .tor, .zw, .3ds, .re4, .7z, .png, .mdbackup, .bc6, .nrw, .wmo, .ws, .crt, .mcmeta, .mdf, .rim, .ybk, .gdb, .bsa, .cr2, .wps, .sb, .wsh, .erf, .z3d, .xlsb, .sidd, .hkdb, .1, .wp, .bik, .qic, .big, .flv, .xlk, .xmmap, .wdp, .x, .pdf, .wdb, .py, .1st, .p7b, .sid, .wbm, .xar, .docm, .jpeg, .itdb, wallet, .dxg, .wp5, .pptm, .der, .wbz, .indd, .xlsm, .pptx, .zi, .wgz, .z, .rb, .wm, .layout, .accdb, .bkp, .xlsx, .wbc, .xld, .crw, .xmind, .bkf, .eps, .wpb, .csv, .odc, .cfr, .m3u, .rwl, .xyp, .snx, .t12, .wmd, .vtf, .qdf, .fos, .sidn, .wot, .wri, .kdc, .xyw, .psk, .rw2, .wsd, .wmf, .zdb, .wn, .syncdb, .sr2, .arw, .pak, .xlsm, .wire, .lrf, .wmv, .pkpass, .mef, .zip, .docx, .pem, .rgss3a, .xpm, .x3d, .arch00, .webp, .t13, .menu, .dmp, .db0, .p12, .raw, .mpqge, .bay, .odt, .wsc, .srw, .icxs, .xf, .2bp, .odm, .yal, .wpg, .sum, .desc, .zabw, .hvpl, .wpe, .rtf, .wav, .lbf, .m2, .css, .pef, .r3d, .wp7, .wma, .pfx, .gho, .rar, .0, .w3x, .ntl, .epk, .jpg, .itl, .dbf, .ncf, .xll, .sav, .mlx, .wbk, .dcr, .wpa, .kf, .cas, .xdl, .tax, .forge, .mov, .wps, .mddata, .wmv, .m4a, .upk, .ppt, .orf, .bar, .xlsx, .iwi, .fsh, .wcf, .kdb, .yml, .hplg, .fpk, .pst, .xbdoc, .apk, .litemod, .dwg, .zif, .webdoc, .dng, .ltx, .map, .vcf, .odp, .wotreplay, .d3dbsp, .cer, .vpk, .raf, .blob, .wpd, .xdb, .3dm, .wpw, .dazip, .odb, .wpd, .wpt, .ysp
Once a file is encrypted, its extension changed to .securityP. Next, the ransomware virus creates a file called ‘Instructions with your files.txt’. This file contain an information on how to decrypt all encrypted photos, documents and music. You can see an one of the variants of the ransom note below:
All your files have been encrypted contact us via the e-mail listed below. e-mail: support@p-security.li or e-mail: support@p-security.li Paradise Ransomware team.
We recommend you remove .securityP ransomware immediately, until the presence of the ransomware has not led to even worse consequences. You need to follow the few simple steps below that will help you to completely remove ransomware virus from your computer as well as recover encrypted personal files, using only few free tools.
Table of contents
- How to remove .securityP ransomware
- How to decrypt .securityP files
- How to restore .securityP files
- How to protect your computer from .securityP ransomware?
- To sum up
How to remove .securityP ransomware
In order to remove .securityP ransomware virus from your PC, you need to stop all ransomware virus processes and delete its associated files including Windows registry entries. If any ransomware components are left on the system, the ransomware can reinstall itself the next time the computer boots up. Usually ransomware infections uses random name consist of characters and numbers that makes a manual removal procedure very difficult. We suggest you to run a free ransomware removal tools which will allow delete .securityP ransomware from your computer. Below you can found a few popular malware removers that detects various ransomware.
Remove .securityP ransomware with Zemana Anti-malware
Thinking about remove .securityP ransomware virus from your PC? Then pay attention to Zemana Free. This is a well-known tool, originally created just to search for and get rid of malware, adware and PUPs. But by now it has seriously changed and can not only rid you of malicious software, but also protect your machine from ransomware, malware and adware, as well as find and remove common viruses and trojans.
Zemana Anti Malware can be downloaded from the following link. Save it directly to your MS Windows Desktop.
165059 downloads
Author: Zemana Ltd
Category: Security tools
Update: July 16, 2019
When the download is finished, close all programs and windows on your PC. Open a directory in which you saved it. Double-click on the icon that’s called Zemana.AntiMalware.Setup as on the image below.
When the installation begins, you will see the “Setup wizard” which will help you install Zemana on your computer.
Once install is finished, you will see window as shown below.
Now press the “Scan” button to perform a system scan with this utility for the .securityP ransomware related files, folders and registry keys. When a malicious software, adware or PUPs are detected, the count of the security threats will change accordingly.
Once the scan is finished, you’ll be shown the list of all detected items on your computer. Review the results once the utility has finished the system scan. If you think an entry should not be quarantined, then uncheck it. Otherwise, simply press “Next” button.
The Zemana AntiMalware will get rid of .securityP ransomware virus and other security threats.
Remove securityP ransomware with MalwareBytes
You can remove securityP ransomware virus automatically through the use of MalwareBytes Anti-Malware. We advise this free malicious software removal tool because it can easily remove ransomware virus, adware, malicious software and other undesired programs with all their components such as files, folders and registry entries.
Download MalwareBytes AntiMalware (MBAM) by clicking on the following link.
327283 downloads
Author: Malwarebytes
Category: Security tools
Update: April 15, 2020
After the download is finished, close all windows on your machine. Further, start the file called mb3-setup. If the “User Account Control” prompt pops up as displayed in the following example, press the “Yes” button.
It will display the “Setup wizard” that will help you setup MalwareBytes Free on the machine. Follow the prompts and don’t make any changes to default settings.
Once setup is finished successfully, click Finish button. Then MalwareBytes Free will automatically launch and you can see its main window as displayed in the figure below.
Next, click the “Scan Now” button to start checking your computer for the .securityP ransomware and other malware. A system scan can take anywhere from 5 to 30 minutes, depending on your personal computer. During the scan MalwareBytes Anti Malware will scan for threats exist on your computer.
As the scanning ends, MalwareBytes Anti Malware (MBAM) will open a scan report. Once you have selected what you wish to get rid of from your computer click “Quarantine Selected” button.
The MalwareBytes Anti Malware (MBAM) will begin to remove .securityP ransomware and other security threats. Once the task is finished, you may be prompted to restart your machine. We suggest you look at the following video, which completely explains the procedure of using the MalwareBytes Free to delete browser hijackers, adware software and other malicious software.
If the problem with .securityP ransomware is still remained
If MalwareBytes anti-malware or Zemana anti-malware cannot remove ransomware, then we advises to run the KVRT. KVRT is a free removal tool for ransomwares, adware software, PUPs and toolbars.
Download Kaspersky virus removal tool (KVRT) on your MS Windows Desktop from the following link.
129298 downloads
Author: Kaspersky® lab
Category: Security tools
Update: March 5, 2018
Once the downloading process is finished, double-click on the Kaspersky virus removal tool icon. Once initialization process is finished, you will see the KVRT screen like below.
Click Change Parameters and set a check near all your drives. Click OK to close the Parameters window. Next press Start scan button for scanning your system for the .securityP ransomware virus . This procedure can take some time, so please be patient. While the Kaspersky virus removal tool tool is scanning, you can see number of objects it has identified as being affected by malware.
Once KVRT has finished scanning, you may check all items found on your computer as shown below.
Make sure all items have ‘checkmark’ and press on Continue to begin a cleaning process.
How to decrypt .securityP files
The .securityP ransomware encourages victim to contact it’s makers via support@p-security.li email in order to decrypt all files. These persons will require to pay a ransom (usually demand for $300-1000 in Bitcoins).
Should you pay the ransom? A majority of security researchers will reply immediately that you should never pay a ransom if affected by ransomware! If you choose to pay the ransom, there is no 100% guarantee that you can decrypt all files!
Free malware removal utilities listed in this post be able to find and remove ransomware virus and prevent any further damage. After that you can restore encrypted photos, documents and music from their Shadow Copies or using file restore utility.
How to restore .securityP files
In some cases, you can restore files encrypted by .securityP ransomware. Try both methods. Important to understand that we cannot guarantee that you will be able to recover all encrypted files.
Recover .securityP encrypted files using Shadow Explorer
A free utility called ShadowExplorer is a simple way to use the ‘Previous Versions’ feature of MS Windows 10 (8, 7 , Vista). You can restore .securityP photos, documents and music encrypted by the .securityP ransomware virus from Shadow Copies for free.
Download ShadowExplorer from the link below.
439678 downloads
Author: ShadowExplorer.com
Category: Security tools
Update: September 15, 2019
When the download is finished, open a directory in which you saved it. Right click to ShadowExplorer-0.9-portable and select Extract all. Follow the prompts. Next please open the ShadowExplorerPortable folder as displayed on the image below.
Double click ShadowExplorerPortable to launch it. You will see the a window as on the image below.
In top left corner, select a Drive where encrypted documents, photos and music are stored and a latest restore point as shown in the following example (1 – drive, 2 – restore point).
On right panel look for a file that you wish to recover, right click to it and select Export as shown in the following example.
Use PhotoRec to restore .securityP files
Before a file is encrypted, the .securityP ransomware makes a copy of this file, encrypts it, and then deletes the original file. This can allow you to restore your personal files using file recover software such as PhotoRec.
Download PhotoRec on your machine by clicking on the link below.
Once the download is finished, open a directory in which you saved it. Right click to testdisk-7.0.win and choose Extract all. Follow the prompts. Next please open the testdisk-7.0 folder as displayed on the screen below.
Double click on qphotorec_win to run PhotoRec for MS Windows. It will display a screen like below.
Select a drive to recover as displayed on the image below.
You will see a list of available partitions. Choose a partition that holds encrypted files as displayed below.
Click File Formats button and specify file types to recover. You can to enable or disable the restore of certain file types. When this is complete, click OK button.
Next, press Browse button to choose where restored personal files should be written, then press Search.
Count of recovered files is updated in real time. All restored photos, documents and music are written in a folder that you have chosen on the previous step. You can to access the files even if the recovery process is not finished.
When the recovery is complete, press on Quit button. Next, open the directory where restored photos, documents and music are stored. You will see a contents as shown on the screen below.
All recovered documents, photos and music are written in recup_dir.1, recup_dir.2 … sub-directories. If you’re looking for a specific file, then you can to sort your restored files by extension and/or date/time.
How to protect your computer from .securityP ransomware?
Most antivirus programs already have built-in protection system against the ransomware virus. Therefore, if your PC does not have an antivirus application, make sure you install it. As an extra protection, run the HitmanPro.Alert.
Run HitmanPro.Alert to protect your system from .securityP ransomware virus
HitmanPro.Alert is a small security utility. It can check the system integrity and alerts you when critical system functions are affected by malware. HitmanPro.Alert can detect, remove, and reverse ransomware effects.
Click the link below to download HitmanPro Alert. Save it on your Microsoft Windows desktop or in any other place.
When the download is finished, open the folder in which you saved it. You will see an icon like below.
Double click the HitmanPro.Alert desktop icon. When the utility is launched, you’ll be shown a window where you can choose a level of protection, as shown in the following example.
Now click the Install button to activate the protection.
To sum up
Now your system should be clean of the .securityP ransomware. Delete MalwareBytes AntiMalware (MBAM) and KVRT. We recommend that you keep Zemana Anti-Malware (to periodically scan your PC for new malware). Moreover, to prevent ransomware, please stay clear of unknown and third party programs, make sure that your antivirus application, turn on the option to block or search for ransomware.
If you need more help with .securityP ransomware virus related issues, go to here.
