Green_ray Ransomware

What is Green_ray Ransomware?

Green_ray Ransomware is a nasty malware threat that can infiltrate your system without your noticing it and encrypt not only the usual personal files (photos, videos, and documents), but also all executables and archives practically in all your folders. The only folder this ransomware does not seem to touch is that of the Windows system. Of course, the reason behind this devastation is to extort money from you if you want to get your files back. However, these criminals seem to have made a huge mistake, which makes it possible for you to actually recover your files without paying the ransom fee for the decryption key. We will reveal shortly how it is possible, but before we do so, let us tell you why it is so important that you remove Green_ray Ransomware and how this infection works. Understanding more about such threats can help you prevent similar attacks from happening.testtest

Where does Green_ray Ransomware come from?

Our malware researchers say that this ransomware mainly spreads via spam e-mails as a malicious attached file. This can be text a document, image, or video generally. At least, this is how the executable file is disguised. Most of the time users do not realize that the attached file’s name has an “.exe” extension as in “invoice.pdf.exe” and they download it believing that it is indeed a PDF file. The spam mail this ransomware travels in can evade your spam filter and trick you too into believing that you must open it. The sender of such a mail is usually disguised as well and can come up as a state institution or any other company that you may know or consider reputable. Another trick criminals use is to give a deceiving subject that could refer to an invoice, a mail delivery error, or anything that could draw your attention. The body of the mail can also be misleading so that you think that it is important for you to download and run the attached file. As a matter of fact, most of the time it is the user who initiates such a vicious ransomware attack.

So it becomes quite clear that by being more cautious clicking on the mails in your inbox and opening attached files, you can actually avoid such nasty attacks. However, if you somehow let this beast onto your machine, you should not hesitate to act. We recommend that you delete Green_ray Ransomware immediately, if you do not want to cause more damage; even if that looks impossible right now.

How does Green_ray Ransomware work?

We have found that this infection is very similar to Ransomware that has also appeared only recently. This ransomware is certainly one of the most dangerous ones from a specific angle: encryption. This infection attacks practically all your files, including photos, videos, music, documents, archives as well as your .exe files. If you do not have a backup copy of your files on a removable drive, it is possible that you lose all of them in this malicious attack. Our researchers have found that this program uses AES-256 algorithm to encrypt the files. All the damaged files get an ".id-B4500913.{}.xtbl" extension. The “id-B4500913” code seems to be a recurring ID number since we found the same in the case of the before mentioned ransomware as well.

Once the encryption is over, this ransomware creates a text file on your Desktop called "How to decrypt your files.txt," which contains a short text message with a contact e-mail address ( Your Desktop background image also changes to “How to decrypt your files.jpg,” which informs you about the encryption and what to do next on a painting of a child that looks like some green propaganda. All the information you get from both the text file and this ransom note image is that you are supposed to contact these criminals via the given e-mail address in order to learn more about decrypting your files. The usual amount victims are demanded to pay is from 100 USD to 500 USD worth of Bitcoins. We do not advise you to pay any amount to these criminals because in this case you may actually have a chance to recover your files.

The mistake these criminals make this time is that they do not delete the Shadow Volume Copies of your files. This means that there is a possibility that you can restore your files. You can find information about this on the web. If you are not an advanced user, maybe you want to ask a friend or an IT expert to help you with that. It is also possible that you might find an available recovery tool. All it takes is a bit of web search and, of course, the required IT knowledge. Yet another option for you is to transfer the backup copy of your files if you are lucky enough to have such on an external drive. However, any of these recoveries should actually be done only after you remove Green_ray Ransomware from your system.

How do I delete Green_ray Ransomware?

As a matter of fact, it is quite easy to eliminate this otherwise dangerous infection. Since it does not block your screen or system processes, you do not even need to restart your PC in Safe Mode. Please follow our instructions below if you want to make sure that this ransomware is gone without leftovers remaining on your computer. As you can see it is very easy to let such a nightmare onto your computer. If you want to safeguard your system from similar malware invasions, it would be the right time to invest in an authentic anti-malware application.

Remove Green_ray Ransomware from Windows

  1. Press Win+E.
  2. Find the downloaded file and bin it.
  3. Locate and delete the malicious executable (randomname.exe) in %APPDATA% directory.
  4. Bin the ransom note background image: %UserProfile%\How to decrypt your files.jpg
  5. Bin the ransom note text file (“How to decrypt your files.txt”) from your Desktop.
  6. Empty your Recycle Bin.
  7. Press Win+R and type in regedit. Press Enter.
  8. Delete HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\odgdgdem registry value name with the value data of “C:\Users\user\AppData\Roaming\randomname.exe”
  9. Restart your PC.
100% FREE spyware scan and
tested removal of Green_ray Ransomware*

Leave a Comment

Enter the numbers in the box to the right *