Cyber Security Center

How to remove Rryy ransomware


Rryy ransomware is one of the more recent Djvu/STOP ransomware versions. The malicious actors operating this ransomware release new versions on a regular basis, though they’re often more or less identical to one another. Nonetheless, Rryy ransomware is a very dangerous piece of malware because it encrypts files and makes it very difficult to recover them. Encrypted files will have the .rryy extension added to them. Unless you put the files through a special decryptor, you will not be able to open the ones that have the .rryy extension. The only people who have a working Rryy ransomware decryptor are the malicious actors operating this ransomware. So unless you have a backup of your files, you may not be able to recover them. The malware operators will try to sell you the decryptor, though paying almost $1000 for a decryptor you might not even get is risky.

 

Rryy ransomware note

 

As soon as the malicious file is initiated, the ransomware will begin encrypting files. It targets photos, videos, images, documents, etc., essentially all personal files. During the encryption process, the ransomware will display a fake Windows update window as well. You will know when files have been encrypted because they will have the .rryy extension added to them. You will quickly notice that you cannot open the files. The cybercriminals operating this malware will try to sell you the decryptor. The process is explained in the _readme.txt ransom note that’s dropped in all folders that have encrypted files. According to the note, the decryptor costs $980 but victims can get a 50% discount if they contact the cyber criminals within the first 72 hours. Whether the discount part is true or not, paying the ransom is not recommended. There are no guarantees that you’ll get the decryptor, and your money would likely go towards future criminal activities.

Use anti-malware software to remove Rryy ransomware from your computer. Do not try to get rid of it manually because it’s a fairly complicated infection that’s best removed using anti-malware software. Once the ransomware and all its parts are removed from the computer, you can safely connect to your backup and start recovering your files.

If you do not have a backup, recovering files will be more difficult, if not impossible, at least for now. Your only option is to wait for a free Rryy ransomware decryptor to be released by malware researchers. However, developing one will be difficult because this ransomware encrypts files using online keys. This means the keys are unique to each user. So for a decryptor to work on your files, malware researchers would have to have the encryption key used to encrypt your files. It’s not impossible that those keys will eventually be released, so back up your encrypted files and wait.

How to avoid a ransomware infection

Infections like ransomware are distributed via email attachments, ads, torrents, etc. If you have bad online habits, you’re more likely to infect your computer with malware. That’s mainly because users with bad habits are more likely to engage in risky behavior. One of the best ways to deal with ransomware is to prevent an infection in the first place. So we strongly recommend you take the time to develop better browsing habits.

We strongly recommend you always double-check email attachments before opening them. It’s not uncommon to find malware attached to emails. The email is not harmful as long as the attachment remains unopened. When the malicious file is opened, the ransomware can initiate. Fortunately for you, the emails are fairly obvious if you’re careful. The biggest giveaway is grammar and spelling mistakes. Senders of malicious emails often pretend to be from legitimate companies whose services users use. But when the email is full of grammar mistakes, it becomes quite obvious that something’s wrong. Another thing you should look out for is how an email addresses you. An email whose attachment you should open will always address you by name. Since malicious actors usually don’t have access to personal information, they use generic User, Member, Customer, etc. But some malicious emails will be less obvious, which is why it’s a good idea to scan all email attachments with anti-virus software or VirusTotal before you open them.

You’re also more likely to infect your computer with malware if you use torrents to pirate copyrighted content. Torrent sites are often not moderated properly, which allows malicious actors to upload torrents with malware in them. Torrents for popular movies, TV series, software, and video games, are particularly likely to have malware in them. If you want to avoid malware infections, do not pirate using torrents. Or pirate, in general, because it’s essentially stealing content.

Lastly, you should be using a security program with an anti-ransomware feature. More and more anti-virus programs are adding a ransomware protection feature that not only detects when ransomware is initiated but also stops such infections from making changes (aka encrypting) files. Anti-virus programs come with all kinds of features, so you will certainly be able to find one that best suits your needs. Just make sure it has an anti-ransomware feature.

Rryy ransomware removal

Ransomware is a very complex malware infection so we don’t recommend trying to remove Rryy ransomware manually. You could cause additional damage to your computer unless you know exactly what you’re doing. Instead, use anti-malware software. The program will fully delete Rryy ransomware from your computer. However, removing the malware does not mean your files will be decrypted. Unfortunately, a special decryptor is needed for that. Once the ransomware has been fully removed, you can connect to your backup and start recovering files.

If you do not have copies of your files saved in a backup, your only option may be to wait for a free Rryy ransomware decryptor to be released. You will not find one at the moment but it’s not impossible that it will be released sometime in the future. However, you need to be very careful when looking for decryptors because there are many fake ones. NoMoreRansom is one of the safest places to get decryptors from.

Rryy detections

Rryy ransomware is detected as:

  • Gen:Variant.Mikey.138155 (B) by Emsisoft
  • A Variant Of Win32/Kryptik.HPTJ by ESET
  • HEUR:Trojan.Win32.Chapak.gen by Kaspersky
  • Trojan.MalPack.GS by Malwarebytes
  • Win32:Malware-gen by Avast
  • Gen:Variant.Mikey.138155 by BitDefender
  • Packed-GDT!0DA7B4503390 by McAfee
  • Ransom:Win32/StopCrypt!ml by Microsoft