• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Rogue Anti Spyware
    • Virus
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

My AntiSpyware

Free antispyware software, Online Scanners, Instructions on how to remove spyware and malware.

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Rogue Anti Spyware
    • Virus
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools
Home › Virus › Restorealldata@firemail.cc ransomware virus (Removal and Decryption)

Restorealldata@firemail.cc ransomware virus (Removal and Decryption)

Myantispyware team November 20, 2019     No Comment    

Restorealldata@firemail.cc is an email address that cyber criminals use to contact victims of STOP (DJVU) ransomware. Ransomware is a type of malware that blocks access to files by encrypting them, until the victim pays a ransom.

Restorealldata@firemail.cc virus

Screenshot of the contents of the ‘_readme.txt’ file (ransom demand message)

Restorealldata@firemail.cc virus locks up the files using AES-RSA technology, that makes it impossible to unlock the encrypted data by the victim without obtaining a key and a decryptor, which is the only way to decrypt affected files. It can be obtained only in the case of payment of the required ransom through cryptocurrency wallet. The ransomware virus encrypts almost of images, databases, videos, documents, music, web application-related files, and archives including common as:

.wp4, .ws, .xxx, .wbmp, .rw2, .raf, .psk, .bc7, .wm, .pptx, .srw, .zip, .mdb, .m2, .itdb, .odp, .cr2, .m3u, .bay, .m4a, .ptx, .iwd, .dng, .bkf, .p12, .xbdoc, .y, .fos, .wri, .srf, .psd, .db0, .dmp, .ysp, .t12, .blob, .x3d, .z, .crt, .wpe, .sum, .1st, .wot, .doc, .ltx, .xld, .qic, .re4, .zip, .itl, .x3f, .menu, .xpm, .xlsx, .wsc, .lrf, .pef, .py, .xy3, .wma, .cfr, .css, .layout, .lbf, .vpp_pc, .das, .nrw, .crw, .ybk, .epk, .mp4, .wdp, .r3d, .xls, .flv, .xlk, .ppt, .jpg, .pfx, .rtf, .map, .wpg, .slm, .xls, .vdf, .wpt, .xmind, .ibank, .dxg, .rar, .zdc, .wp7, .litemod, .1, .rim, .sql, .csv, .hvpl, .dba, .kdc, .cas, .zif, .wma, .webp, .wotreplay, .mov, .wb2, .sb, .3ds, .wbc, .arw, .z3d, .ntl, .xdb, .bc6, .pptm, .rb, .ai, .xwp, .rofl, .wcf, .forge, .mpqge, .xmmap, .pkpass, .xyw, .pst, .wav, .itm, .xx, .orf, .mcmeta, .ncf, .wpb, .desc, .xlsb, .w3x, .gdb, .lvl, .vpk, .esm, .kdb, .qdf, .jpeg, .wmo, .xml, .big, .arch00, .sid, .txt, .apk, .hplg, .sie, .wn, .sis, .accdb, .gho, .wmv, .yal, .bsa, .wsd, .xlgc, .pak, .xll, .syncdb, .vfs0, .eps, .wp6, .kf, .x3f, .pem, .cer, .wmf, .asset, .xdl, .wpw, .zw, .2bp, .wmd, wallet, .zi, .mdbackup, .webdoc, .wp, .pdd, .sav, .sidn, .wmv, .3fr, .sr2, .erf, .snx, .bar, .docm, .zdb, .wps, .tax, .pdf, .bik, .zabw, .icxs, .mlx, .wbm, .p7b, .xf, .cdr, .wpd, .upk, .odm, .odc, .dcr, .xlsx, .der, .raw, .odt, .wsh, .mddata, .wpl, .jpe, .yml, .xlsm, .ods, .sidd, .wbk, .avi, .dazip, .hkx, .wp5, .vcf, .wps, .xbplate, .wbz, .wire, .wgz, .wbd, .rgss3a, .d3dbsp

With the encryption process is finished, all encrypted files will now have a new extension appended to them. In every directory where there are encrypted files, Restorealldata@firemail.cc virus drops a file called ‘_readme.txt’. This file contains a ransom note that is written in the English. The ransom message directs victims to make payment in exchange for a key needed to unlock personal files.

Summary

Email address restorealldata@firemail.cc
Related ransomware STOP (DJVU) family
Variants of STOP (Djvu) that use this address Kodg
Ransom note _readme.txt
Ransom amount $980/$490
Removal Free Malware Removal Tools
Decryption Free STOP Djvu Decryptor

 

Text presented in “_readme.txt”:

ATTENTION!

Don’t worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-wj1fybU0Fy
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
Please note that you’ll never restore your data without payment.
Check your e-mail “Spam” or “Junk” folder if you don’t get answer more than 6 hours.

To get this software you need write on our e-mail:
restorealldata@firemail.cc

Reserve e-mail address to contact us:
gorentos@bitmessage.ch

Your personal ID:

If you find files called ‘_readme.txt’, then your computer is the victim of ransomware attack. First you need to find and remove Restorealldata@firemail.cc virus. We recommend using free malware removal tools. Only after you are completely sure that the virus has been removed, start decrypting the files.

How to decrypt files encrypted by Restorealldata@firemail.cc virus

Using the STOP decryptor is not difficult, just follow the few steps described below.
 

STOP Djvu decryptor

STOP Djvu decryptor

  • Download STOP Djvu decryptor from here (scroll down to ‘New Djvu ransomware’ section).
  • Run decrypt_STOPDjvu.exe.
  • Add the directory or disk where the encrypted files are located.
  • Click the ‘Decrypt’ button.
Virus

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

Leave a Reply Cancel reply




New Guides

X1heref1le1x.com
How to remove X1heref1le1x.com pop-up redirect (Virus removal guide)
unwanted ads
How to uninstall DecryptionAssistant app/extension from Mac (Virus removal guide)
Findsearches.co
How to uninstall Findsearches.co from Chrome, Firefox, IE, Edge
Premium-shops-around.me
How to remove Premium-shops-around.me pop-ups (Virus removal guide)
News-helaga.cc
How to remove News-helaga.cc pop-ups (Virus removal guide)

Follow Us

Search

Useful Guides

ads by adware
How to remove Adware from Windows 10 (Virus removal guide)
Iphone Calendar virus spam
Iphone Calendar Virus/Spam (Removal guide)
How to reset Mozilla Firefox (Updated Apr. 2018)
Managed by your organization chrome virus
Chrome Managed by your organization malware removal guide
remove chrome extension
How to remove Chrome extensions installed by enterprise policy

Recent Posts

Search.gravenday.com
How to remove Search.gravenday.com (Virus removal guide)
Allow-space.com
How to remove Allow-space.com pop-ups (Virus removal guide)
Browsingsecurityhub.com
How to remove Browsingsecurityhub.com redirect (Virus removal guide)
Antbinaim.club
How to remove Antbinaim.club pop-ups (Virus removal guide)
Localmylife.info
How to remove Localmylife.info pop-ups (Virus removal guide)

MYANTISPYWARE.COM

  • About Us
  • Contact Us
  • Privacy Policy

NEED A HELP ?

If you're seeing unwanted pop-ups or ads in your web-browser, you might have an adware installed on your computer. Use the following guide to stop pop-up ads and remove malicious software. Or ask for help here.

Links

  • Downloads
  • Instructions
  • Questions and Answers
  • Free Malware Removal Tools
Copyright © 2004 - 2020 My AntiSpyware - Free antispyware programs and Spyware Removal Instructions.