iRansom Ransomware

What is iRansom Ransomware?

The entrance of a malicious application iRansom Ransomware means that a bunch of personal files stored on the computer will become unusable. Even though this infection was first detected at the beginning of November 2016 and is quite new, it also encrypts files like older ransomware infections. Just like these other threats, it does that so that it would give users a reason to pay money cyber crooks want from them. If you have got infected with this ransomware infection too, do not transfer money to cyber criminals even though it is said that purchasing the private key “stored on a hidden Internet database” is the only way to unlock files. What you should do instead of buying the key is to fully delete the ransomware infection from the system. Even though these personal files will stay encrypted, iRansom Ransomware could not encrypt new files you create in the %USERPROFILE% directory again. Also, the blue window with a ransom note will no longer be visible on Desktop.

What does iRansom Ransomware do?

iRansom Ransomware is a new threat in the category of ransomware infections, but it does not differ at all from ransomware infections that used to be popular some time ago. It has been revealed that this infection encrypts users’ personal files located in the %USERPROFILE% directory and its subfolders immediately after it successfully infiltrates the computer. Unfortunately, it also blocks .exe files, so users might find that they can no longer open some programs. It is not that hard to say which of the files stored on the system are encrypted because iRansom Ransomware will append the new filename extension .Locked to all of them, for example, picture.jpg will have a new extension picture.Locked. After this threat finishes encrypting the last file, it opens a blue window with yellow letters. This message is a ransom note informing users that their files have been locked with the “strongest encryption and a unique key generate for this computer.” It is said that the only way to get the files back is to purchase the private key which costs 0.15 Bitcoin (~ 110 USD). Do not send the payment even if you desperately need those files back because there is a huge possibility that you will not get anything from cyber criminals after making a payment. Users who make a decision not to transfer money often wonder what they can do to protect their computers. Unfortunately, they cannot do much at the time of writing if they do not have a backup of files on external storage because the free decryption tool has not been developed yet by specialists.

From a technical standpoint, iRansom Ransomware is not very sophisticated threat if compared to other ransomware infections; however, it creates its own process iRansom.exe in the Task Manager and the new Value iRansom in the Run registry key (HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run). Due to changes it applies upon the entrance, it will not disappear from your computer after the system restart. Instead, it will open a window with a ransom note every time the computer is restarted. This shows that the only way to get rid of it is to delete this computer infection from the system fully.

Where does iRansom Ransomware come from?

There is not much information about the distribution of this infection, but it is very likely that this threat is disseminated through spam emails as well. More specifically, it travels inside spam emails as an attachment. Of course, it looks completely harmless and might even pretend to be an invoice or another important document so that users would open it. Ignore all spam emails you receive in the future because you might again allow a file-encrypting ransomware infection to enter your system. Security specialists also encourage people to ensure the maximum protection of their PCs by installing reputable security software.

How to remove iRansom Ransomware

Ransomware infections are threats that are not so easy to remove, but, of course, this must be done in order not to allow iRansom Ransomware to work in the background and encrypt files you create in the future again. If you make a decision to remove it manually, you will have to kill the process it has created in the Task Manager and erase its Value from the Run registry key. This will take some time, so if you do not have free time for the deletion of malware or simply feel that you do not have the necessary skills for the manual removal of malware, you should scan your computer using SpyHunter. It will take care of all other infections it finds on your system too.

Delete iRansom Ransomware

1. Tap Ctrl+Shift+Esc.
2. Open the Processes tab.
3. Locate the process iRansom.exe there, right-click on it, and select End Process.
4. Tap Win+R.
5. Enter regedit.exe and click OK.
6. Move to HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run.
7. Right-click on the iRansom Value and select Delete.
8. Locate the malicious file launched and delete it.
9. Empty the Recycle bin.

Download Removal Tool100% FREE spyware scan and
tested removal of iRansom Ransomware*