IT security professionals discovered a new variant of cryptovirus, which named ‘Fedasot ransomware‘. It appends the .fedasot file extension to encrypted file names. Read below a brief summary of information related to this ransomware and how to restore or decrypt .fedasot files for free.
Files encrypted by .fedasot ransomware
What is ‘.Fedasot ransomware’? It is a malicious software which encrypts photos, documents and music until a ransom is paid to the cyber criminal. Once started, the .Fedasot ransomware will scan the PC for certain file types and encrypt them. It will encrypt almost of files, including:
.xls, .wmf, .fpk, .wpl, .rtf, .xyw, .wp5, .pdf, .m4a, .xlgc, .xlsx, .xyp, .wbc, .accdb, .zip, .upk, .webp, .cfr, .pfx, .webdoc, .psd, .sidn, .xml, .wp, .jpeg, .asset, .wpg, .vpp_pc, .js, .rw2, .wpe, .wsd, .wbm, .vcf, .wsh, .hkdb, .pkpass, .sidd, .avi, .wpd, .epk, .tax, .xmmap, .srw, .indd, .pptx, .esm, .mlx, .kf, .wn, .z, .0, .sie, .wbk, .ltx, .docm, .wps, .qdf, .zw, .png, .wp6, .crt, .slm, .x3f, .wire, .dxg, .1, .wps, .xxx, .tor, .wm, .zdb, .7z, .sid, .iwi, .das, .fos, .xlsx, .apk, .xbplate, .wma, .docx, .hkx, .crw, .sb, .icxs, .gho, .z3d, .mdb, .vpk, .m2, .raw, .wp4, .kdc, .sum, .jpe, .wmd, .xbdoc, .bc6, .forge, .mpqge, .bkf, .wgz, .desc, .re4, .wbz, .odt, .dbf, .xdb, .css, .bsa, .qic, .odb, .xdl, .vtf, .csv, .xll, .xld, .dng, .3dm, .wbd, .wp7, .xwp, .wcf, .p7b, .ai, .p7c, .xar, .zip, .pak, .wmo, .xlk, .ws, .vfs0, .xls, .der, .db0, .t13, .ibank, .lrf, .rar, .2bp, .lbf, .xmind, .gdb, .ptx, .pem, .wb2, .p12, .pptm, .bik, .wdb, .svg, .wpa, .dmp, .cr2, .itl, .wbmp, .mov, .mef, .cas, .mddata, .dwg, .xlsb, .mrwref, .bay, .blob, .xx, .pst, .rgss3a, .wri, .ntl, .ncf, .jpg, .d3dbsp, .nrw, .zabw, .layout, .arw, .ztmp, .big, .mcmeta, .dcr, .x3d, .ppt, .hvpl, .menu, .bc7, .rim, .syncdb, .snx, .xlsm, .fsh, .wpw, .wdp, .y, .bar, wallet, .yal, .eps, .m3u, .rwl, .odm, .cer, .bkp, .ysp, .orf, .ybk, .wmv, .mdf, .hplg, .py, .wpb, .sis, .dba, .lvl
Upon successful encryption, it appends the .fedasot extension to the file name of its encrypted file. The ransomware also creates a text file called “_readme.txt” in each folder. This file is a ransom note. The ransom demanding message asks for money in the form of bitcoins. The content of the ransom demanding message is below:
ATTENTION! Don't worry my friend, you can return all your files! All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files. What guarantees you have? You can send one of your encrypted file from your PC and we decrypt it for free. But we can decrypt only 1 file for free. File must not contain valuable information. You can get and look video overview decrypt tool: https://we.tl/t-oEUEuysYiZ Price of private key and decrypt software is $980. Discount 50% available if you contact us first 72 hours, that's price for you is $490. Please note that you'll never restore your data without payment. Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.
Threat Summary
| Name | Fedasot ransomware |
| Type | Ransomware, Filecoder, Crypto virus, File locker |
| Encrypted files extension | .fedasot |
| Ransom note | _readme.txt |
| Contact | vengisto@firemail.cc, vengisto@india.com, @datarestore (Telegram account) |
| Ransom amount | $490,$980 |
| Symptoms |
|
| Removal | To remove .Fedasot ransomware use the removal guide |
| Decryption | To decrypt .Fedasot ransomware use the steps |
Use the step-by-step guide below to delete ransomware virus and try to recover (decrypt) encrypted documents, photos and music for free.
Quick links
- How to remove .Fedasot ransomware
- How to decrypt .fedasot files
- Use STOPDecrypter to decrypt .fedasot files
- How to restore .fedasot files
- How to protect your computer from .Fedasot ransomware virus?
- Finish words
How to remove .Fedasot ransomware
In most cases it’s not possible to delete the .Fedasot ransomware manually. For that reason, our team created several removal ways which we’ve summarized in a detailed instructions below. Therefore, if you’ve the .Fedasot ransomware on your computer and are currently trying to have it deleted then feel free to follow the few simple steps below in order to resolve your problem. Certain of the steps below will require you to shut down this web page. So, please read the few simple steps carefully, after that bookmark or print it for later reference.
Remove .Fedasot ransomware virus with Zemana Anti-malware
We recommend you to run the Zemana Anti-malware which are completely clean your system of this ransomware virus. Moreover, the tool will help you to get rid of trojans, malware, worms and adware that your system may be infected too.
Download Zemana Free from the link below. Save it to your Desktop so that you can access the file easily.
164979 downloads
Author: Zemana Ltd
Category: Security tools
Update: July 16, 2019
When the download is done, close all apps and windows on your machine. Double-click the install file called Zemana.AntiMalware.Setup. If the “User Account Control” dialog box pops up as on the image below, click the “Yes” button.
It will open the “Setup wizard” that will help you install Zemana Anti-Malware (ZAM) on your computer. Follow the prompts and do not make any changes to default settings.
Once install is finished successfully, Zemana will automatically start and you can see its main screen as shown on the image below.
Now click the “Scan” button for scanning your personal computer for the .Fedasot ransomware and other kinds of potential threats like malware and trojans.
Once the system scan is done, Zemana Anti Malware will show a screen which contains a list of malware that has been found. Review the scan results and then click “Next” button. The Zemana will remove .Fedasot ransomware and other malware. After that process is done, you may be prompted to reboot the personal computer.
How to remove Fedasot ransomware with MalwareBytes Free
Get rid of Fedasot ransomware manually is difficult and often the ransomware virus is not completely removed. Therefore, we suggest you to run the MalwareBytes Anti Malware (MBAM) which are completely clean your PC system. Moreover, this free program will allow you to get rid of malicious software, potentially unwanted applications, toolbars and adware that your machine can be infected too.
Download MalwareBytes Anti Malware (MBAM) on your Windows Desktop from the link below.
327223 downloads
Author: Malwarebytes
Category: Security tools
Update: April 15, 2020
After the download is finished, close all windows on your PC. Further, start the file called mb3-setup. If the “User Account Control” dialog box pops up as displayed in the figure below, click the “Yes” button.
It will open the “Setup wizard” that will help you install MalwareBytes Anti Malware (MBAM) on the PC. Follow the prompts and don’t make any changes to default settings.
Once install is done successfully, click Finish button. Then MalwareBytes Free will automatically launch and you can see its main window as shown on the image below.
Next, press the “Scan Now” button to scan for Fedasot ransomware and other security threats. This procedure can take quite a while, so please be patient. When a threat is detected, the count of the security threats will change accordingly. Wait until the the scanning is done.
Once MalwareBytes Free has completed scanning your personal computer, a list of all threats detected is prepared. Review the scan results and then press “Quarantine Selected” button.
The MalwareBytes Anti Malware (MBAM) will remove Fedasot ransomware virus and other kinds of potential threats. Once the process is complete, you can be prompted to restart your PC. We suggest you look at the following video, which completely explains the procedure of using the MalwareBytes Anti-Malware (MBAM) to remove hijacker infections, adware and other malware.
Run KVRT to delete .Fedasot ransomware from the PC
KVRT is a free portable program that scans your computer for trojans, worms and ransomware like the .Fedasot ransomware and helps get rid of them easily. Moreover, it’ll also help you delete any harmful web-browser extensions and add-ons.
Download Kaspersky virus removal tool (KVRT) on your personal computer by clicking on the link below.
129279 downloads
Author: Kaspersky® lab
Category: Security tools
Update: March 5, 2018
Once downloading is done, double-click on the KVRT icon. Once initialization process is finished, you’ll see the Kaspersky virus removal tool screen as displayed in the following example.
Click Change Parameters and set a check near all your drives. Click OK to close the Parameters window. Next press Start scan button . KVRT utility will begin scanning the whole machine to find out .Fedasot ransomware virus and other known infections. While the Kaspersky virus removal tool application is checking, you may see how many objects it has identified as threat.
Once the scan get completed, KVRT will display a screen which contains a list of malware that has been found as on the image below.
Review the results once the utility has complete the system scan. If you think an entry should not be quarantined, then uncheck it. Otherwise, simply press on Continue to begin a cleaning procedure.
How to decrypt .fedasot files
The .Fedasot ransomware virus encourages victim to contact it’s developers in order to decrypt all personal files. These persons will require to pay a ransom (usually demand for $490-$980 in Bitcoins).
If your files have been encrypted by the .Fedasot ransomware, We suggests: do not to pay the ransom. If this malware make money for its makers, then your payment will only increase attacks against you. Of course, decryption without the private key is not feasible, but that does not mean that the .Fedasot ransomware must seriously disrupt your live.
Files encrypted by .fedasot ransomware
With some variants of Fedasot ransomware, it is possible to decrypt or restore encrypted files using free tools such as STOPDecrypter, ShadowExplorer and PhotoRec.
Use STOPDecrypter to decrypt .fedasot files
Michael Gillespie (@) released a free decryption tool named STOPDecrypter (download from download.bleepingcomputer.com/demonslay335/STOPDecrypter.zip).
STOPDecrypter
STOPDecrypter has been updated to include decryption support for the following .djvu* variants (.djvu, .djvuu, .udjvu, .djvuq, .djvur, .djvut, .pdff, .tro, .tfude, .tfudeq, .tfudet, .rumba, .adobe, .adobee, .blower, .promos. STOPDecrypter will work for any extension of the Djvu* variants including new extensions (.fedasot).
Please check the twitter post for more info.
How to restore .fedasot files
In some cases, you can restore files encrypted by .Fedasot ransomware. Try both methods. Important to understand that we cannot guarantee that you will be able to recover all encrypted files.
Restore .fedasot encrypted files using Shadow Explorer
In some cases, you have a chance to recover your documents, photos and music which were encrypted by the .Fedasot ransomware. This is possible due to the use of the utility called ShadowExplorer. It is a free application that designed to obtain ‘shadow copies’ of files.
Download ShadowExplorer on your MS Windows Desktop from the link below.
439621 downloads
Author: ShadowExplorer.com
Category: Security tools
Update: September 15, 2019
Once the download is finished, extract the downloaded file to a folder on your PC system. This will create the necessary files as displayed in the following example.
Run the ShadowExplorerPortable application. Now choose the date (2) that you want to recover from and the drive (1) you want to restore files (folders) from as displayed on the image below.
On right panel navigate to the file (folder) you wish to restore. Right-click to the file or folder and press the Export button like below.
And finally, specify a directory (your Desktop) to save the shadow copy of encrypted file and click ‘OK’ button.
Run PhotoRec to restore .fedasot files
Before a file is encrypted, the .Fedasot ransomware virus makes a copy of this file, encrypts it, and then deletes the original file. This can allow you to restore your personal files using file recover apps such as PhotoRec.
Download PhotoRec by clicking on the following link. Save it on your Desktop.
Once the downloading process is done, open a directory in which you saved it. Right click to testdisk-7.0.win and choose Extract all. Follow the prompts. Next please open the testdisk-7.0 folder as on the image below.
Double click on qphotorec_win to run PhotoRec for Windows. It will show a screen as displayed on the screen below.
Choose a drive to recover as on the image below.
You will see a list of available partitions. Select a partition that holds encrypted photos, documents and music as displayed on the screen below.
Click File Formats button and select file types to recover. You can to enable or disable the recovery of certain file types. When this is done, press OK button.
Next, click Browse button to choose where restored personal files should be written, then click Search.
Count of restored files is updated in real time. All restored personal files are written in a folder that you have selected on the previous step. You can to access the files even if the restore process is not finished.
When the recovery is complete, click on Quit button. Next, open the directory where restored documents, photos and music are stored. You will see a contents as on the image below.
All recovered files are written in recup_dir.1, recup_dir.2 … sub-directories. If you’re looking for a specific file, then you can to sort your restored files by extension and/or date/time.
How to protect your computer from .Fedasot ransomware virus?
Most antivirus programs already have built-in protection system against the ransomware virus. Therefore, if your machine does not have an antivirus program, make sure you install it. As an extra protection, run the HitmanPro.Alert.
Use HitmanPro.Alert to protect your computer from .Fedasot ransomware
HitmanPro.Alert is a small security utility. It can check the system integrity and alerts you when critical system functions are affected by malware. HitmanPro.Alert can detect, remove, and reverse ransomware effects.
Click the link below to download HitmanPro Alert. Save it to your Desktop so that you can access the file easily.
Once the download is done, open the file location. You will see an icon like below.
Double click the HitmanPro.Alert desktop icon. After the utility is opened, you will be shown a window where you can select a level of protection, like below.
Now click the Install button to activate the protection.
Finish words
Now your personal computer should be free of the .Fedasot ransomware. Uninstall MalwareBytes and KVRT. We suggest that you keep Zemana AntiMalware (to periodically scan your computer for new malicious software). Make sure that you have all the Critical Updates recommended for Windows OS. Without regular updates you WILL NOT be protected when new ransomware virus, harmful apps and adware are released.
If you are still having problems while trying to remove .Fedasot ransomware from your machine, then ask for help here.
Hi I wana ask StopDecrypted says it can decrypt the .fedasot, but when I try to use it, he throws me that there are no keys to this, HELP ME
If the STOPDecrypter skips encrypted files, then decrypter will not be able to decrypt .fedasot files at this time. Read more here – http://www.myantispyware.com/question/how-to-decrypt-recover-files-using-stopdecrypter/