Better_call_saul Ransomware

Posted by Lisa Blanc on March 18, 2016

What is Better_call_saul Ransomware?

Better_call_saul Ransomware is your worst nightmare because it encrypts all the files the moment it manages to sneak onto the computer. Unfortunately, it uses the RSA-3072 encryption algorithm, which means that it will be impossible to gain access to files easily. Specialists at anti-spyware-101.com say that ransomware infections act the way they do in order to extort money from users. Unfortunately, the majority of users decide to pay money because they believe that this is the only way to unlock files. In our opinion, you should not do that because you cannot know whether your files will really be decrypted. Besides, there is a way to restore these files. By the end of this article you will definitely know how to do that. In addition, we are sure that you will be able to remove Better_call_saul Ransomware from the system.testtesttest

What does Better_call_saul Ransomware do?

As you already know, Better_call_saul Ransomware will immediately encrypt all the existing files with a strong encryption after it slithers onto the computer. All those encrypted files can be easily recognized because the threat will add the .better_call_saul (the name of the popular TV Series) extension to each of the locked files. If you check files stored on your computer, you will notice that Better_call_saul Ransomware has encrypted the majority of them. Actually, this is not surprising for our specialists at all because they know that this ransomware infection can touch all kinds of files, including pictures, videos, music, images, and documents. The list of extensions this threat encrypts is very long, so we only provide several popular extensions Better_call_saul Ransomware touches:

.rss, .wav, .mp3, .epf, .log, .fdb, .fbk, .dpx, .pdp, .djvu, .kmz, .xls, .adb, .vss, .doc, .docm, .dotx, .pptm, .pot, .thmx, .pcx, .rgbe, .xyze, .flm, .vtm, .bmp, .dib, .flv, .grs, .geo, .tib, .cbf, .class, .vbm,.cfu, and .max.

After Better_call_saul Ransomware finishes encrypting files stored on the computer, it will also kill the process called explorer.exe (Windows Explorer) and then will put a warning message on the screen. Texts in this message are provided in Russian and English, which shows that this threat aimed at a wide range of people living in different countries.

The message that will be placed on the Desktop after the encryption process is finished will inform users that their files are encrypted on all disks and will also indicate that details can be found in any of the README.txt files. These files will contain information about the decryption. As we have expected, it will ask users to send the particular ID (e.g. A4B50EC5C45D44A401F9|0) to post7799@yahoo.com or post77999@gmail.com. If you do that, it is very likely that you will get further instructions on how to transfer money. It tries to scare users into doing that by saying that all the data will be lost irrevocably if they do not do that soon, which is why so many people make payments. We do not think that it is the best idea to do that because it is impossible to say whether cyber criminals hiding behind Better_call_saul Ransomware will really unlock files. Do not worry; there is a way to restore files if you do not want to pay money – you can restore them all from a backup (e.g. a USB flash drive). Of course, it is a problem if you do not have your files backed up.

Like other ransomware infections, e.g. Hi Buddy Ransomware, Locky Ransomware, and DecryptorMax Ransomware, Better_call_saul Ransomware enters systems secretly. In most cases, this happens when users download some kind of MS Office Word document from a spam email. Even though this is the main distribution method of this ransomware infection, there is a small possibility that it can enter systems if users click on bad links or ads too. In addition, it is advisable to stay away from third-party web pages promoting software because free programs (e.g. a pack of codecs) might come together with malicious software, e.g. ransomware.

How to remove Better_call_saul Ransomware

Better_call_saul Ransomware is definitely not a simple program, so you should not expect to delete it from the system via Control Panel. Luckily, you can still go for the manual Better_call_saul Ransomware removal. To be sure that you perform the removal steps correctly, follow the instructions prepared by the specialists working at anti-spyware-101.com (you will find them if you scroll down). You can also eliminate this threat by scanning your system with SpyHunter. The free version of this software can be downloaded by clicking on the Download button you will find below. If you remove the ransomware infection manually, at least, scan your system with the automatic tool to find out whether or not other threats are installed on the system.

Delete Better_call_saul Ransomware

  1. Tap Ctrl+Shift+Esc simultaneously.
  2. Click File in the top-left corner and select New Task.
  3. Enter explorer.exe and click OK.
  4. Delete files you have recently downloaded, especially those that look like MS Office Word files.
  5. Open Windows Explorer (Windows key + E).
  6. Enter %ALLUSERSPROFILE%\Windows in the address bar and find csrss.exe.
  7. Delete it.
  8. Go to %ALLUSERSPROFILE%\Application Data\Windows.
  9. Find csrss.exe and delete it from there.
100% FREE spyware scan and
tested removal of Better_call_saul Ransomware*
Disclaimer
Disclaimer
Trojans

Leave a Comment

Enter the numbers in the box to the right *