Merry X-Mas Ransomware

What is Merry X-Mas Ransomware?

Christmas is already over and left in the past, but it seems that crooks are still in that Christmas spirit because they have developed Merry X-Mas Ransomware recently. In order to convince users that it is not a joke, it has borrowed Comodo security logos and placed them all over the ransom note left after encrypting users’ personal files. Malicious applications that have been categorized as ransomware share the same similarity – they all seek to obtain money from users. Unfortunately, Merry X-Mas Ransomware is no exception too even though it uses such a festive name. Most probably, it has already done its job on your computer and you can no longer access your files if you are reading this article. Even though all ransomware infections seek to convince users to pay money, you should not do that by any means no matter that you need to access encrypted files badly. What researchers at anti-spyware-101.com suggest users do instead is to remove this infection fully in order not to cause harm to future files and be able to use the computer without fear. Once the removal of this computer infection is finished, the decryption of locked files can be started. Sadly, there are no guarantees that the decryption process will be successful without the special key.testtest

What does Merry X-Mas Ransomware do?

Merry X-Mas Ransomware is a malicious application that enters computers with the intention of encrypting users’ files. Evidently, it has been developed by cyber criminals who expect to receive easy money from users who desperately need their files back. Therefore, it immediately encrypts pictures, documents, and a number of other files when it successfully infiltrates systems. All these files get a new extension .merry appended, so it does not take much time for users to realize that all personal files are encrypted. Luckily, Merry X-Mas Ransomware leaves system files untouched, so you will not need to go to reinstall the Windows OS. Users are not left without knowing what has happened to their files. Merry X-Mas Ransomware drops a ransom note merry i love you bruce.hta on Desktop after it finishes encrypting files. It is said there that “all computer data encrypted!.” Also, there is a clock ticking down there. It is “time after all files will be deleted.” Users are not told how much they have to pay to get the decryption tool. Instead, they have to contact cyber criminals by writing an email to the provided email address comodosec@yandex.com. After doing that, instructions on how to decrypt files should be provided. Of course, it is not a very good idea to transfer money to cyber criminals because they might steal your money too and you will not even receive the decryptor. In some cases, the private key that can unlock users’ files is not stored anywhere. In other words, cyber criminals behind ransomware might not have it stored anywhere.

Where does Merry X-Mas Ransomware come from?

Specialists could not collect much information about the distribution of Merry X-Mas Ransomware because this ransomware infection is not very popular yet. Even though there is not that much information about its dissemination, specialists are sure that it sneaks onto computers illegally. Most probably, it has been launched on your computer after opening an attachment found in a spam email. Users know that the spam mail folder might be dangerous, but they often open these emails from this folder anyway and download their attachments because they are made to look like important documents. Of course, we should not blame spam emails in all cases because malicious applications already existing on the computer, e.g. Trojan might download other threats without a user’s consent too. This could have happened to you too if you cannot remember opening a spam email attachment recently. Ransomware might find other ways to sneak onto computers too, so you should keep your security application enabled. If the security tool you have has allowed Merry X-Mas Ransomware to sneak onto your PC, it means that it cannot be trusted and should be replaced as soon as possible with trustworthy software.

How do I remove Merry X-Mas Ransomware?

Luckily, Merry X-Mas Ransomware works from the place it is launched and does not create other files, so it can be removed from the system by finding the malicious file (e.g. downloaded from a spam email) and erasing it fully from the computer. Let the manual removal guide prepared by experienced specialists at anti-spyware-101.com help you but do not expect that the miracle will happen and your personal files will be immediately unlocked after the deletion of this ransomware infection.

Merry X-Mas Ransomware manual removal instructions

  1. Open the Windows Explorer (press Win+E on your keyboard).
  2. Open the following directories and check them one after the other to find the malicious file: %TEMP%, %APPDATA%, %USERPROFILE%\Desktop, and %USERPROFILE%\Downloads (the directory will be opened if it is copied to the URL bar at the top).
  3. Delete the malicious file of the ransomware infection.
  4. Delete the ransom note merry i love you bruce.hta from Desktop.
  5. Empty the Recycle bin.
100% FREE spyware scan and
tested removal of Merry X-Mas Ransomware*
Disclaimer
Disclaimer

Leave a Comment

Enter the numbers in the box to the right *