• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

MyAntiSpyware

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

Restorealldata@firemail.cc ransomware virus (Removal and Decryption)

Myantispyware team November 20, 2019    

Restorealldata@firemail.cc is an email address that cyber criminals use to contact victims of STOP (DJVU) ransomware. Ransomware is a type of malware that blocks access to files by encrypting them, until the victim pays a ransom.

Restorealldata@firemail.cc virus

Screenshot of the contents of the ‘_readme.txt’ file (ransom demand message)

Restorealldata@firemail.cc virus locks up the files using AES-RSA technology, that makes it impossible to unlock the encrypted data by the victim without obtaining a key and a decryptor, which is the only way to decrypt affected files. It can be obtained only in the case of payment of the required ransom through cryptocurrency wallet. The ransomware virus encrypts almost of images, databases, videos, documents, music, web application-related files, and archives including common as:

.wp4, .ws, .xxx, .wbmp, .rw2, .raf, .psk, .bc7, .wm, .pptx, .srw, .zip, .mdb, .m2, .itdb, .odp, .cr2, .m3u, .bay, .m4a, .ptx, .iwd, .dng, .bkf, .p12, .xbdoc, .y, .fos, .wri, .srf, .psd, .db0, .dmp, .ysp, .t12, .blob, .x3d, .z, .crt, .wpe, .sum, .1st, .wot, .doc, .ltx, .xld, .qic, .re4, .zip, .itl, .x3f, .menu, .xpm, .xlsx, .wsc, .lrf, .pef, .py, .xy3, .wma, .cfr, .css, .layout, .lbf, .vpp_pc, .das, .nrw, .crw, .ybk, .epk, .mp4, .wdp, .r3d, .xls, .flv, .xlk, .ppt, .jpg, .pfx, .rtf, .map, .wpg, .slm, .xls, .vdf, .wpt, .xmind, .ibank, .dxg, .rar, .zdc, .wp7, .litemod, .1, .rim, .sql, .csv, .hvpl, .dba, .kdc, .cas, .zif, .wma, .webp, .wotreplay, .mov, .wb2, .sb, .3ds, .wbc, .arw, .z3d, .ntl, .xdb, .bc6, .pptm, .rb, .ai, .xwp, .rofl, .wcf, .forge, .mpqge, .xmmap, .pkpass, .xyw, .pst, .wav, .itm, .xx, .orf, .mcmeta, .ncf, .wpb, .desc, .xlsb, .w3x, .gdb, .lvl, .vpk, .esm, .kdb, .qdf, .jpeg, .wmo, .xml, .big, .arch00, .sid, .txt, .apk, .hplg, .sie, .wn, .sis, .accdb, .gho, .wmv, .yal, .bsa, .wsd, .xlgc, .pak, .xll, .syncdb, .vfs0, .eps, .wp6, .kf, .x3f, .pem, .cer, .wmf, .asset, .xdl, .wpw, .zw, .2bp, .wmd, wallet, .zi, .mdbackup, .webdoc, .wp, .pdd, .sav, .sidn, .wmv, .3fr, .sr2, .erf, .snx, .bar, .docm, .zdb, .wps, .tax, .pdf, .bik, .zabw, .icxs, .mlx, .wbm, .p7b, .xf, .cdr, .wpd, .upk, .odm, .odc, .dcr, .xlsx, .der, .raw, .odt, .wsh, .mddata, .wpl, .jpe, .yml, .xlsm, .ods, .sidd, .wbk, .avi, .dazip, .hkx, .wp5, .vcf, .wps, .xbplate, .wbz, .wire, .wgz, .wbd, .rgss3a, .d3dbsp

With the encryption process is finished, all encrypted files will now have a new extension appended to them. In every directory where there are encrypted files, Restorealldata@firemail.cc virus drops a file called ‘_readme.txt’. This file contains a ransom note that is written in the English. The ransom message directs victims to make payment in exchange for a key needed to unlock personal files.

Summary

Email address restorealldata@firemail.cc
Related ransomware STOP (DJVU) family
Variants of STOP (Djvu) that use this address Kodg
Ransom note _readme.txt
Ransom amount $980/$490
Removal Free Malware Removal Tools
Decryption Free STOP Djvu Decryptor

 

Text presented in “_readme.txt”:

ATTENTION!

Don’t worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-wj1fybU0Fy
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
Please note that you’ll never restore your data without payment.
Check your e-mail “Spam” or “Junk” folder if you don’t get answer more than 6 hours.

To get this software you need write on our e-mail:
restorealldata@firemail.cc

Reserve e-mail address to contact us:
gorentos@bitmessage.ch

Your personal ID:

If you find files called ‘_readme.txt’, then your computer is the victim of ransomware attack. First you need to find and remove Restorealldata@firemail.cc virus. We recommend using free malware removal tools. Only after you are completely sure that the virus has been removed, start decrypting the files.

How to decrypt files encrypted by Restorealldata@firemail.cc virus

Using the STOP decryptor is not difficult, just follow the few steps described below.
 

STOP Djvu decryptor

STOP Djvu decryptor

  • Download STOP Djvu decryptor from here (scroll down to ‘New Djvu ransomware’ section).
  • Run decrypt_STOPDjvu.exe.
  • Add the directory or disk where the encrypted files are located.
  • Click the ‘Decrypt’ button.
Virus

 Previous Post

How to remove Search.gravenday.com (Virus removal guide)

Next Post 

How to remove MyMailCenter.co pop-up ads [Chrome, Firefox, IE, Edge]

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

Leave a Reply Cancel reply

New Guides

Polexar.com Review, Fake ELON Bitcoin Promo Codes Scam
scam alert
Beware of Koppro.top: Fake Bitcoin Promo Code Scams
How to remove Lopplarting.com pop-up ads
scam alert
Hypschonerms.com Virus Removal Guide
scam alert
How to remove Meatitenes.co.in pop-up ads

Follow Us

Search

Useful Guides

ads by adware
How to remove Adware from Windows 10 (Virus removal guide)
How to remove browser hijacker virus (Chrome, Firefox, IE, Edge)
adwcleaner
AdwCleaner – Review, How to use, Comments
remove android virus
How to remove virus from Android phone
How to reset Internet Explorer settings to default

Recent Guides

Search.gravenday.com
How to remove Search.gravenday.com (Virus removal guide)
Allow-space.com
How to remove Allow-space.com pop-ups (Virus removal guide)
Browsingsecurityhub.com
How to remove Browsingsecurityhub.com redirect (Virus removal guide)
Antbinaim.club
How to remove Antbinaim.club pop-ups (Virus removal guide)
Localmylife.info
How to remove Localmylife.info pop-ups (Virus removal guide)

Myantispyware.com

Myantispyware has been a trusted source for computer security and technology advice since 2004. Our mission is to provide reliable tech guidance and expert, practical solutions to help you stay safe online and protect your digital life.

Social Links

Pages

About Us
Contact Us
Privacy Policy

Copyright © 2004 - 2024 MASW - Myantispyware.com.