Cyber Security Center

How to remove Info ransomware


Info ransomware is file-encrypting malware that belongs to the Dharma ransomware family. The malware family is quite notorious, and its operators have released many versions. It targets personal files and takes them hostage by encrypting them. Once files are encrypted, it’s not possible to open them unless a decryptor is first used. This ransomware adds a specific extension to encrypted files, which allows victims to both identify the ransomware, as well as know which files have been affected. Unfortunately, users without a backup may not be able to recover their files.

Info ransomware

 

As soon as this ransomware enters a computer, it will begin encrypting personal files. Its primary target is photos, videos, images, documents, and all other personal files. Encrypted files will have an extension that contains a victim’s unique ID as well as .[infobase@onionmail.com].info. For example, image.jpg would become image.jpg.unique ID.[infobase@onionmail.com].info. None of the files with this extension will be openable unless they are first decrypted using a special decryptor.

The ransomware displays a ransom note that explains what happened. Victims who want to get the decryptor are asked to send an email to the provided email address. The unique ID should be included in the email. The price for the decryptor is not mentioned but it will likely be up to $1000 as that is the usual price. But whatever the price may be, we do not recommend paying the ransom as it does not guarantee a decryptor. Keep in mind that you are dealing with cybercriminals, and there’s nothing to guarantee that they will send you the decryptor, even if you pay.

If you have copies of files in a backup, you can start file recovery as soon as you remove Info ransomware from your computer. Do not try to delete Info ransomware manually because you could end up causing additional damage. If you do not have a backup, waiting for a free Info ransomware decryptor may be your only option.

Ransomware distribution methods

Ransomware infections and malware, in general, are distributed via email attachments, torrents, malicious ads, vulnerabilities, etc. If you have certain bad online habits, you’re much more likely to pick up a malware infection because you engage in risky behavior (e.g. opening unsolicited email attachments, pirating via torrents, clicking on ads when browsing high-risk websites). Take the time to develop safer online habits, and you will be able to avoid a lot of malware in the future.

Email attachments are one of the most common ways malware is spread. Malware files are attached to emails, and when said files are opened, the malware can initiate. The emails usually have a sense of urgency and claim that the email is an important document that needs to be urgently reviewed. But, fortunately, malicious emails are usually easy to recognize. The easiest thing to notice is the grammar/spelling mistakes. Because senders usually pretend to be from legitimate companies, the mistakes seem very out of place. Legitimate emails sent by companies will very rarely contain any mistakes because they look unprofessional. But for whatever reason, emails carrying malware are often full of them. Another sign of a malicious email is you being addressed using words like User, Member, Customer, etc. when your name should be used. Whenever a company whose services you use sends you an email, you will always be addressed by name. But since ransomware operators do not have access to personal information, they’re forced to use generic greetings. But some malware campaigns are more sophisticated, which is why it’s a good idea to scan all unsolicited email attachments with anti-virus software or VirusTotal before opening them.

You can also often encounter malware in torrents. Quite a lot of torrent sites are very poorly regulated, which allows malicious actors to upload torrents with malware in them. If you regularly pirate copyrighted content using torrents, it’s only a matter of time until you infect your computer with malware. It’s especially common to find malware in torrents for entertainment content, including movies, TV shows, and video games. Using torrents to pirate (or pirating, in general) is not recommended because it’s not only stealing but also dangerous for your computer.

Info ransomware removal

Info ransomware is a very complex infection, and you shouldn’t try to remove Info ransomware manually. Unless you know exactly what to do, you could end up causing additional damage to your computer. Furthermore, if you were to miss some of the ransomware’s components during the removal process, the ransomware may be able to recover later on. If that were to happen while you were accessing your backup, your backed-up files would become encrypted as well. We strongly recommend using anti-malware software to delete Info ransomware. Only when the ransomware has been fully removed should you access your backup to start file recovery.

If you do not have a backup, your options are very limited. There currently is no free Info ransomware decryptor but it’s not impossible that it could be released sometime in the future. Back up your encrypted files and wait for a free Info ransomware decryptor to become available. If it were to be released, it would appear on NoMoreRansom.

Info ransomware is detected as:

  • Win32:RansomX-gen [Ransom] by Avast/AVG
  • Trojan.Ransom.Crysis.E by BitDefender
  • Trojan-Ransom.Win32.Crusis.to by Kaspersky
  • Ransom:Win32/Wadhrama!hoa by Microsoft
  • Ransom.Win32.CRYSIS.SM by TrendMicro
  • Ransom.Crysis by Malwarebytes
  • A Variant Of Win32/Filecoder.Crysis.P by ESET
  • Trojan.Ransom.Crysis.E (B) by Emsisoft

Info ransomware detections