• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

MyAntiSpyware

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

.Razor file extension. Remove Razor virus. Restore, Decrypt .razor files.

Myantispyware team February 13, 2020    

Razor file extension

.Razor file extension is a file extension that uses a new malware belonging to the Garrantydecrypt ransomware family to mark files that have been encrypted. Ransomware is a malicious program that encrypts user files and demands a ransom for a key-decryptor pair that is necessary to decrypt the affected files. Ransomware uses a strong encryption system and a long key, which virtually eliminates the possibility of decrypting files without a key. Files encrypted with .Razor extension become useless, their contents cannot be read without the key that the criminals have.

Files encrypted with .razor extension

Razor virus

Razor virus is one of the variants of Garrantydecrypt ransomware. This malware most often gets to the computer as part of other programs (torrents files, freeware, cracked apps and games) that have been downloaded by the user from the Internet. After its start, the virus begins to encrypt files using a key that is individual for each computer. Razor virus uses a very strong encryption system, which eliminates the possibility of determining the key, even using a super computer. The encryption process is very fast, regardless of what is in the file, the virus can easily encrypt it. Razor can encrypt almost all files that are on the computer, including those located on network drives. The only thing that the virus does not encrypt is the files that are necessary for the Windows OS to function normally. Below we list the types of files that can be encrypted by the ransomware.

.big, .vpk, .xbplate, .gdb, .xpm, .3ds, .wmv, .pdf, .p7b, .odb, .desc, .pptm, .odp, .wbm, .wpt, .blob, .xy3, .bik, .wp7, .cr2, .pst, .1, .mpqge, .yml, .txt, .dwg, .rgss3a, .xxx, .wsh, .crw, .rofl, .webdoc, .pdd, .wm, .webp, .pptx, .xlsm, .odm, .sum, .xx, .zabw, .docm, .wbz, .rtf, .sid, .xlk, .gho, .wp4, .m2, .w3x, .doc, .wotreplay, .bar, .wbk, .iwi, .cer, .p7c, .wpw, .wbc, .xmind, .zip, .raw, .zif, .odc, .pem, .wdp, .d3dbsp, .fos, .wdb, .ysp, .zi, .sr2, .iwd, .xlsb, .xls, .hkdb, .re4, .xlsx, .psd, .docx, .p12, .ztmp, .vtf, .der, .sb, .srf, .mdf, .x3f, .3fr, .cas, .menu, .bkf, .wps, .wbd, .fsh, .ai, .raf, .wpb, .py, .pef, .ntl, .dng, .qdf, .xyw, .pkpass, .z3d, .2bp, .wma, .ptx, .erf, .bsa, .dba, .mdbackup, .yal, .wp, .t12, .sis, .hvpl, .rb, .wp5, .wps, .wn, .sidd, .0, .icxs, .vcf, .psk, .css, .odt, .sql, .wpe, .vpp_pc, .layout, .wmf, .bc6, .ybk, .m3u, .mlx, .wpd, .jpeg, .map, .wpl, .js, .apk, .vfs0, .dmp, .dbf, .arw, .x3f, .dcr, .fpk, .eps, .bay, .wmo, .dxg, .m4a, .xmmap, .xf, wallet, .slm, .wsc, .kf, .upk, .asset, .bkp, .csv, .epk, .bc7, .mov, .xar, .7z, .wb2, .xdl, .svg, .wri, .rwl, .wpg, .zdc, .mddata, .sav, .forge, .flv, .dazip, .snx, .itl, .cfr, .wot, .lvl, .litemod, .db0, .vdf, .x, .jpg, .ods

When the file is encrypted, ‘.razor’ is added at the end of its name, that is, if you had a file of ‘document.docx’, then a file with the name ‘document.docx.razor’ will appear in its place. If you change the file name, just delete the added extension, then nothing will change. The file will remain encrypted, and as before, this file will not be possible to open in the program with which it is associated.

Perhaps you found on your computer or its desktop a new file called ‘#RECOVERY#.txt’, which for some reason is not encrypted. An example of such a file is given below.

All your files have been ENCRYPTED!!!
Write to our email:
razor2020@protonmail.ch
ICQ:
@razor2020
Or contact us via jabber:
razor2020@jxmpp.jp
Jabber (Pidgin) client installation instructions, you can find on youtube – https://www.youtube.com/results?search_query=pidgin+jabber+install
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
tell your unique ID

This file is very important, in addition to containing a ransom demand, it also contains information that allows you to contact intruders. According to the message, the victim is invited to contact the attackers using the given email address. In response, the authors of the virus will give a Bitcoin address to which the ransom must be transferred. Of course, you should understand that there is no guarantee that the attackers, after receiving the ransom, will provide you with the key necessary to decrypt your files. In addition, by paying the ransom, you will push attackers to create a new ransomware.

Threat Summary

Name Razor
Type Ransomware, Filecoder, Crypto virus, File locker, Crypto malware
Encrypted files extension .razor
Ransom note #RECOVERY#.txt
Contact razor2020@protonmail.ch, ICQ: @razor2020, Jabber: razor2020@jxmpp.jp
Ransom amount $300-$1500 in Bitcoins
Detection Names Gen:Heur.Ransom.Imps.1, Trojan[Ransom]/Win32.Paradise.a, W32/Ransom.VUXC-6963, Trojan.Encoder.30991, Win32/Filecoder.Outsider.C, W32/FilecoderProt.F183!tr.ransom, Trojan:Win32/Occamy.C, HEUR:Trojan-Ransom.Win32.Agent.gen
Symptoms Unable to open documents, photos and music. Your files have new extension appended at the end of the file name. Files named like ‘#RECOVERY#.txt’, ‘#_README_#’, ‘_DECRYPT_’ or ‘recover’ in each folder with at least one encrypted file. Ransom note in a pop-up window with cybercriminal’s ransom demand and instructions.
Distribution ways Malicious email attachments. Malicious downloads that happen without a user’s knowledge when they visit a compromised web site. Social media, like web-based instant messaging programs. Flash Drives containing malware.
Removal Razor virus removal guide
Decryption Razor file decryption

 

As we have already said, Razor virus is not the first in its series. The fact that to date, antivirus companies have not created a way to decrypt files, and just have not found a 100% way to protect the user’s computers (otherwise how would you be on our site), indicates the complexity of the virus and the method that it uses to encrypt files. Nevertheless, you do not need to despair. There are several ways to find and remove Razor ransomware, and there is also a chance to restore part or even all encrypted files to their original state. Below we will describe in detail how to do this.

How to remove Razor virus & Restore .Razor files

If you encounter the malicious actions of Razor virus, and your files have been encrypted with ‘.Razor’ extension, then you need to remove the virus or be 100% sure that there is no ransomware on your computer, and then proceed to restore the files. Both the virus removal process and the file recovery process will take a lot of time, so do not believe the magical instructions that say that this can be done very quickly. We definitely recommend, even if for some reason one of the methods proposed below did not suit you, try another one and try all of them. Perhaps one of them will help you. Feel free to ask questions in the special section on our website or in the comments below. In addition, we want to add that all the tools that we recommend using in our instructions are free and verified by security experts. And the last, before proceeding with the instructions, we advise you to read it thoroughly carefully, and then print or open it on a tablet or smartphone to have it always at hand.

  1. How to remove Razor ransomware virus
  2. How to decrypt .razor files
  3. How to restore .razor files
  4. How to protect your personal computer from Razor ransomware?

How to remove Razor ransomware virus

To remove the Razor virus, we recommend using free malware removal tools, which we will consider below. You can use them in the same sequence as we gave, or in the order as you like. Perhaps you think that this virus can be removed manually by using some magic OS functions or by pressing a few keys. Probably a professional or computer specialist with great knowledge will be able to, but I recommend you use malware removal tools. They will do all the work for you, and most importantly they will prevent damage to system files that you might accidentally do. Of course, if you have an antivirus, you can use it first, but if it missed this ransomware, then your trust in it is greatly undermined.




Use Zemana Anti Malware to delete Razor ransomware

Zemana Free can search for all kinds of malware, including ransomware, as well as a variety of Trojans, viruses and rootkits. After the detection of the Razor crypto malware, you can easily and quickly uninstall it.

Visit the following page to download Zemana. Save it to your Desktop so that you can access the file easily.

Zemana AntiMalware
Zemana AntiMalware
165086 downloads
Author: Zemana Ltd
Category: Security tools
Update: July 16, 2019

After downloading is done, close all programs and windows on your machine. Open a directory in which you saved it. Double-click on the icon that’s called Zemana.AntiMalware.Setup as on the image below.

Zemana icon

When the setup starts, you will see the “Setup wizard” which will allow you setup Zemana on your system.

Zemana Anti Malware (ZAM) SetupWizard

Once install is finished, you will see window as shown on the screen below.

Now click the “Scan” button for scanning your personal computer for the Razor crypto malware related folders,files and registry keys. This process can take some time, so please be patient. During the scan Zemana will find threats present on your personal computer.

Zemana AntiMalware search for Razor ransomware virus, other malicious software, worms and trojans

Once the system scan is done, you can check all items found on your computer. Once you’ve selected what you want to remove from your PC click “Next” button.

Zemana Anti-Malware (ZAM) scan is finished

The Zemana will uninstall Razor crypto malware and other security threats and move items to the program’s quarantine.

How to remove Razor with MalwareBytes

We advise using the MalwareBytes Anti-Malware (MBAM). You can download and install MalwareBytes to find and delete Razor ransomware from your PC system. When installed and updated, this free malware remover automatically detects and removes all threats present on the PC system.

Download MalwareBytes by clicking on the following link.

Malwarebytes Anti-malware
Malwarebytes Anti-malware
327304 downloads
Author: Malwarebytes
Category: Security tools
Update: April 15, 2020

Once downloading is finished, close all applications and windows on your computer. Double-click the install file named mb3-setup. If the “User Account Control” dialog box pops up like below, click the “Yes” button.

MalwareBytes AntiMalware (MBAM) for Windows uac dialog box

It will open the “Setup wizard” which will help you install MalwareBytes on your PC system. Follow the prompts and do not make any changes to default settings.

MalwareBytes for Microsoft Windows install wizard

Once install is done successfully, click Finish button. MalwareBytes Anti Malware will automatically start and you can see its main screen as shown in the following example.

MalwareBytes Free for Microsoft Windows

Now click the “Scan Now” button . MalwareBytes Free utility will begin scanning the whole system to find out Razor crypto malware and other security threats. Depending on your computer, the scan may take anywhere from a few minutes to close to an hour. While the utility is checking, you can see number of objects and files has already scanned.

MalwareBytes AntiMalware (MBAM) for Windows scan for Razor crypto virus related folders,files and registry keys

Once the scan is complete, a list of all threats found is produced. Once you have selected what you want to remove from your system click “Quarantine Selected” button. The MalwareBytes Free will uninstall Razor ransomware related folders,files and registry keys and add threats to the Quarantine. Once finished, you may be prompted to reboot the machine.

MalwareBytes for Microsoft Windows reboot prompt

We advise you look at the following video, which completely explains the procedure of using the MalwareBytes AntiMalware to remove adware, browser hijacker infection and other malicious software.

If the problem with Razor virus is still remained

Kaspersky virus removal tool (KVRT) is a free removal utility that can scan your PC for a wide range of security threats such as the Razor crypto virus, adware, spyware, potentially unwanted applications, trojans, worms as well as other malicious software. It will perform a deep scan of the computer including hard drives and MS Windows registry. After a malicious software is detected, it will allow you to delete all detected threats from your PC by a simple click.

Download Kaspersky virus removal tool (KVRT) from the following link. Save it to your Desktop.

Kaspersky virus removal tool
Kaspersky virus removal tool
129308 downloads
Author: Kaspersky® lab
Category: Security tools
Update: March 5, 2018

Once the download is done, double-click on the Kaspersky virus removal tool icon. Once initialization procedure is complete, you’ll see the Kaspersky virus removal tool screen as displayed on the screen below.

Kaspersky virus removal tool main window

Click Change Parameters and set a check near all your drives. Click OK to close the Parameters window. Next press Start scan button for scanning your PC system for the Razor ransomware and other trojans and malicious programs. Depending on your PC system, the scan can take anywhere from a few minutes to close to an hour. While the tool is scanning, you can see how many objects and files has already scanned.

KVRT scanning

When Kaspersky virus removal tool has completed scanning, KVRT will show a list of found items as on the image below.

Kaspersky virus removal tool scan report

Review the report and then press on Continue to begin a cleaning task.

How to decrypt .razor files

All files with the ‘.razor’ extension are encrypted. Their contents cannot be unlocked simply by removing this extension or completely changing the filename. Unfortunately, as we already reported in this article, there is currently no way to decrypt files. The reason for this is the complexity of the encryption algorithm that the authors of Razor virus use. In principle, this is what the attackers sought. But this does not mean that you have no choice and you need to pay a ransom for your files.

Should you pay the ransom

Never pay the ransom! Any security expert will tell you this. Of course, there is a chance that by paying a ransom, Razor virus authors will allow you to unlock your files, but there is no guarantee. Moreover, you should understand that when you pay a ransom, you unknowingly push the attackers to create new, even more destructive viruses.

Files encrypted by ransomware

Do not forget that besides you, thousands more people around the world have lost their files, that is, you are not alone. Antivirus companies, secuity experts are working on something that will allow you to decrypt .Razor files. Perhaps in the future an universal method will be developed that will allow all victims to unlock all their data.

Of course, as soon as a way to decrypt the files appears, we will post a message about this to this article or to our facebook account. Therefore, we recommend that you follow the updates.

How to restore .razor files

As we wrote above, you cannot decrypt files encrypted with this virus. But you can use a different way, there is a small chance to restore .Razor files without decrypting them. Programs created for searching and recovering lost and deleted data can help you with this. We offer you to use the following free programs: PhotoRec and ShadowExplorer. Only two things that I want to say additionally. First, before restoring files, you must be 100% sure that there is no ransomware on the computer. We recommend using free malware removal tools that we examined in this article. Second, and what is very important! The less you use your computer after ransomware infection, the higher the chance that you will be able to recover encrypted files.




Use shadow copies to restore .razor files

First of all, try to recover your files using a free tool called ShadowExplorer. This program will allow you to recover your files from Shadow Volume Copies. These copies are created automatically by the OS when you work with your files. Unfortunately, very often, the virus automatically deletes all these copies and thus prevents the user from recovering exnrypted files. Nevertheless, in some cases, the ransomware cannot delete all copies, and the user gets the opportunity to quickly restore all files. Therefore, our opinion, you should definitely try this method!

Download ShadowExplorer by clicking on the following link.

ShadowExplorer
ShadowExplorer
439697 downloads
Author: ShadowExplorer.com
Category: Security tools
Update: September 15, 2019

After the download is done, extract the saved file to a folder on your system. This will create the necessary files as shown in the following example.

ShadowExplorer folder

Start the ShadowExplorerPortable program. Now select the date (2) that you wish to restore from and the drive (1) you wish to recover files (folders) from like below.

restore encrypted files with ShadowExplorer tool

On right panel navigate to the file (folder) you want to restore. Right-click to the file or folder and press the Export button like below.

ShadowExplorer restore .razor files

And finally, specify a directory (your Desktop) to save the shadow copy of encrypted file and click ‘OK’ button.

Recover .razor files with PhotoRec

Another really working way to recover your encrypted files is to use a program named PhotoRec. It is created to recover deleted or lost files. Does the virus block this method? Fortunately, the Razor virus cannot block it in any way. Why is this possible you ask. This is possible for the reason that when you delete files using the standard OS function, these files are not actually deleted. Just the Windows marks them as deleted and does not show them in the list of files. The program that we suggest you use, finds deleted files, including files that were deleted by the ransomware, and recovers them.

Download PhotoRec from the following link.

PhotoRec
PhotoRec
221344 downloads
Author: CGSecurity
Category: Security tools
Update: March 1, 2018

Once downloading is finished, open a directory in which you saved it. Right click to testdisk-7.0.win and choose Extract all. Follow the prompts. Next please open the testdisk-7.0 folder as shown in the following example.

testdisk photorec folder

Double click on qphotorec_win to run PhotoRec for MS Windows. It will show a screen as shown below.

PhotoRec for windows

Choose a drive to recover like below.

photorec choose drive

You will see a list of available partitions. Choose a partition that holds encrypted documents, photos and music similar to the one below.

photorec select partition

Click File Formats button and choose file types to recover. You can to enable or disable the recovery of certain file types. When this is finished, click OK button.

PhotoRec file formats

Next, press Browse button to select where recovered documents, photos and music should be written, then press Search.

photorec

Count of restored files is updated in real time. All recovered documents, photos and music are written in a folder that you have selected on the previous step. You can to access the files even if the restore process is not finished.

When the restore is finished, click on Quit button. Next, open the directory where recovered documents, photos and music are stored. You will see a contents like below.

PhotoRec - result of recovery

All recovered files are written in recup_dir.1, recup_dir.2 … sub-directories. If you’re looking for a specific file, then you can to sort your recovered files by extension and/or date/time.

How to protect your personal computer from Razor ransomware?

Most antivirus apps already have built-in protection system against the ransomware virus. Therefore, if your computer does not have an antivirus program, make sure you install it. As an extra protection, run the HitmanPro.Alert. All-in-all, HitmanPro.Alert is a fantastic utility to protect your computer from any ransomware. If ransomware is detected, then HitmanPro.Alert automatically neutralizes malware and restores the encrypted files. HitmanPro.Alert is compatible with all versions of Windows OS from Windows XP to Windows 10.

Visit the page linked below to download the latest version of HitmanPro Alert for Microsoft Windows. Save it directly to your MS Windows Desktop.

HitmanPro.Alert
HitmanPro.Alert
6880 downloads
Author: Sophos
Category: Security tools
Update: March 6, 2019

After downloading is finished, open the directory in which you saved it. You will see an icon like below.

HitmanPro.Alert file icon

Double click the HitmanPro Alert desktop icon. After the utility is launched, you’ll be displayed a window where you can select a level of protection, as shown in the figure below.

HitmanPro.Alert install

Now click the Install button to activate the protection.

Finish words

This guide was created to help all victims of Razor ransomware virus. We tried to give answers to the following questions: how to remove ransomware; how to recover .Razor files. We hope that the information presented in this manual has helped you.

If you have questions, then write to us, leaving a comment below. If you need more help with Razor related issues, go to here.

 

Ransomware

 Previous Post

How to remove Officultpolicit.pro pop-ups (Virus removal guide)

Next Post 

How to remove Safeplexsearch.com redirect (Virus removal guide)

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

Leave a Reply Cancel reply

New Guides

Polexar.com Review, Fake ELON Bitcoin Promo Codes Scam
scam alert
Beware of Koppro.top: Fake Bitcoin Promo Code Scams
How to remove Lopplarting.com pop-up ads
scam alert
Hypschonerms.com Virus Removal Guide
scam alert
How to remove Meatitenes.co.in pop-up ads

Follow Us

Search

Useful Guides

Iphone Calendar virus spam
Iphone Calendar Virus/Spam 2022 (Removal guide)
ads by adware
How to remove Adware from Windows 10 (Virus removal guide)
How to reset Mozilla Firefox (Updated Apr. 2018)
Malwarebytes won’t install, run or update – How to fix it
How to remove pop-up ads [Chrome, Firefox, IE, Opera, Edge]

Recent Guides

Officultpolicit.pro
How to remove Officultpolicit.pro pop-ups (Virus removal guide)
Wallationety.pro
How to remove Wallationety.pro pop-ups (Virus removal guide)
unwanted ads
How to remove SystemNotes app from Mac (Virus removal guide)
unwanted ads
How to remove BenefitSites app from Mac (Virus removal guide)
Criminglynuk.pro
How to remove Criminglynuk.pro pop-ups (Virus removal guide)

Myantispyware.com

Myantispyware has been a trusted source for computer security and technology advice since 2004. Our mission is to provide reliable tech guidance and expert, practical solutions to help you stay safe online and protect your digital life.

Social Links

Pages

About Us
Contact Us
Privacy Policy

Copyright © 2004 - 2024 MASW - Myantispyware.com.