Enigma Ransomware

What is Enigma Ransomware?

Ransomware programs often have target areas and target audiences, but sometimes you may get infected even if you are not part of the intended target group. For example, Enigma Ransomware mainly attempts to infect computer users based in Russia and other Russian-speaking countries, but that does not mean that it is not possible to catch this infection anyplace else. The point is that it is important to remove the program from the affected computer because it brings nothing but chaos. At the bottom of this article, you will find manual removal instructions available. You should also consider acquiring a licensed antispyware tool to ensure that the ransomware removal goes smoothly.testtesttest

Where does Enigma Ransomware come from?

This infection usually spreads via spam emails that carry malicious .HTML attachments. Therefore, the first step in preventing this program from entering your system would be avoiding and ignoring messages from unknown senders.

Opening the .HTML attachment that carries Enigma Ransomware executes a JavaScript. This script connects to the Internet behind your back and downloads an .exe file. Once the file is launched, the file encryption commences.

It is not possible to say who exactly created this infection, and we still do not have enough data to prove whether it is related to any of the previously released ransomware applications. Enigma Ransomware seems to have features that are not common to other similar applications, and yet when we see how this program behaves, it is clear that it follows the basic ransomware pattern.

What does Enigma Ransomware do?

Just like many other ransomware applications, this program encrypts your files. As mentioned, the file encryption begins when a malicious JavaScript downloads and executes an .exe file. This happens behind your back, and you will only know that your system was compromised when you see the ransom notification on your screen.

The notification will be presented in the Russian language. It will say that if you want your files back, you need to install the Tor Browser and then use it to access the site that is given in the notification. Tor Browser is commonly used by ransomware programs for communication between its servers and the infected users.

Please take note that there are at least two addresses given in the notification. It says that if you cannot access the first address, you should try out the secondary one. This means that the connection to the servers managed by the cyber criminals is shaky, and it would not be surprising if you could not get through at all. Thus, it is highly questionable whether you would be able to receive a decryption key even if you were to pay the ransom.

Unlike most of the programs of this profile, Enigma Ransomware does not give you limited time to transfer the payment. Thus, it does not threaten to destroy your files. What’s more, it is also very likely that the application does not delete the Shadow Volume Copies. Various reports claim different outcomes, but if the Shadow Volume Copies are really intact after the infection, then it would be possible to restore your files with a help of the experienced technician, even without the actual backup!

How do I remove Enigma Ransomware?

First and foremost, you need to remove this infection from your computer. Do not try to plug in any backup device while the program is still running on your PC because it might affect the removable drivers as well. Follow the instructions presented below carefully to remove all the files associated with this infection.

Please note that removing the files and registry entries may not be enough to terminate the actual infection. Not to mention that there might be more unwanted applications running on your computer. Thus, you should scan your PC with the SpyHunter free scanner to determine which applications and files must be deleted at once.

An automatic malware removal is really efficient, especially, if you are not a computer-savvy user. On top of that, by acquiring a powerful antispyware tool, you protect your PC from similar infections in the future. Just do not forget that your web browsing habits are also important, so be careful when you encounter unfamiliar links, messages, and other unknown content.

Manual Enigma Ransomware Removal

  1. Press Win+R and type %Temp% into the Open box.
  2. Click OK and delete the testttt.txt file from the directory.
  3. Open Run again and enter %AppData%. Click OK.
  4. Delete the testSTart.txt file from the directory.
  5. Open your Desktop and delete the following files: allfilefinds.dat, enigma.hta, ENIGMA_807.RSA, and enigma_encr.txt.
  6. Press Win+R again and type regedit into the Open box. Press Enter.
  7. Navigate to HKEY_CURRENT_USER\Software\Windows\CurrentVersion\Run.
  8. On the right pane, right-click and delete values MyProgram and MyProgramOK.
  9. Exit the Registry Editor and go to the Downloads folder.
  10. Find an .exe file with a random 32-symbol name and delete it.
100% FREE spyware scan and
tested removal of Enigma Ransomware*

Leave a Comment

Enter the numbers in the box to the right *