Cyber Security Center

How to remove Ritzer ransomware


Ritzer ransomware is a file-encrypting malware, based on the Chaos ransomware. It’s a dangerous malware infection that encrypts personal files and blocks users from opening them unless they pay a ransom. Once files have been encrypted, you will not be able to open them unless you first use a decryptor on them. However, the only people who have a working decryptor are the cybercriminals operating this ransomware. The ransom sum is not mentioned but paying is not recommended either way. If you have a backup, you can start recovering files as soon as you remove Ritzer ransomware.

 

Ritzer ransomware note

 

When this ransomware is initiated, it will immediately start encrypting your personal files. It mainly targets files that users hold most important, including photos, images, videos, and documents. All encrypted files will have the .ritzer extension added to them. For example, text.txt would become text.txt.ritzer. A read_it.txt ransom note will also be dropped. The note does not contain much information, only explains that while files have been encrypted, they can be recovered with a decryptor. The ransom note provides an email address using which victims can contact the malware operators. The note also mentions that victims can send up to 3 files to be decrypted for free, as proof that they can indeed recover the files. However, even if they prove that they can decrypt your files, it does not mean that they will. These are cyber criminals you are dealing with, and there’s nothing to guarantee that they’ll keep their end of the deal.

If you have copies of your files saved in a backup, you can start recovering files as soon as you remove Ritzer ransomware from your computer. Make sure to use reliable anti-malware software because ransomware is a very complex infection. Do not attempt to delete Ritzer ransomware manually because you could end up causing additional damage to your computer.

How does ransomware spread?

Ransomware, like most malware, is distributed via email attachments, torrents, malicious ads, vulnerabilities, etc. Users who have bad browsing habits are much more likely to pick up malicious infections because they engage in risky online behavior more often. Developing better online habits can go a long way toward avoiding malware infections. It’s also a good idea to familiarize yourself with how malware is spread.

Email attachments are a common way malware is spread. Malicious files are attached to emails, and when users open those files on their devices, they end up initiating the malware. The emails usually claim that you need to open the attached file as soon as possible because it’s an important document. But fortunately for users, the emails are fairly obvious in most cases. The most noticeable sign of a malicious email is grammar/spelling mistakes, especially in emails whose senders claim to be from known companies. As you probably already know, companies will avoid grammar/spelling mistakes in emails sent to customers because they would look unprofessional. But for whatever reason, emails carrying malware are often full of mistakes. Another sign of an email being potentially malicious is the sender addressing you with words like User, Member, Customer, etc. Emails whose attachments you should open will always address you by name. But since cybercriminals do not have access to personal information in many cases, they use generic words. Some malicious emails will be more sophisticated than others, which is why it’s a good idea to scan all email attachments with anti-virus software or VirusTotal before opening them.

Malware is also often spread via torrents. Since many torrent sites are often poorly regulated, they’re the perfect platform to upload malware onto. If you regularly use torrents to pirate copyright content but do not know how to recognize malicious torrents, you’ll end up with malware sooner or later. Malware is particularly common in torrents for entertainment content, including movies, TV shows, and video games. We strongly advise against using torrents to pirate (and pirating in general) because it’s not only essentially stealing content but also dangerous for the computer/data.

Lastly, it’s important to stress the importance of installing updates regularly. Updates patch vulnerabilities that can be exploited by malware to get into computers. Whenever possible, enable automatic updates.

Ritzer ransomware removal

Do not try to remove Ritzer ransomware manually because it’s a complicated process and you could end up causing additional damage to your computer. Furthermore, if you miss some ransomware components during the process, the ransomware may be able to recover. And if that were to happen while you were connected to your backup, your backed-up files would become encrypted as well. Instead, use a reliable anti-virus program to delete Ritzer ransomware from your computer. Once the ransomware has been fully removed, you can access your backup to start recovering files. If you do not have a backup, back up the encrypted files and wait for a free Ritzer ransomware decryptor to be released.

Ritzer ransomware is detected as:

  • Gen:Heur.MSIL.Bladabindi.1 (B) by Emsisoft
  • A Variant Of MSIL/ClipBanker.MU by ESET
  • RDN/PWS-Banker by McAfee
  • Trojan:Win32/Wacatac.B!ml by Microsoft
  • Trojan.Agent.Gen by Malwarebytes
  • HEUR:Trojan.MSIL.Fsysna.gen by Kaspersky
  • Gen:Heur.MSIL.Bladabindi.1 by BitDefender
  • Win32:Trojan-gen by Avast/AVG

Ritzer ransomware detections