What is RansomPlus Ransomware?
It would seem RansomPlus Ransomware is a malicious application that encrypts files only on specific directories located on the computer’s local drive (C:). Therefore, if the most valuable files to you are placed on another drive, you may not receive much damage. In any case, encrypted data can be replaced with copies, provided the user made any copies before the computer got infected and placed them on an external hard drive or any other storage, which could not be affected by the malicious application. However, before attempting to recover any data, it would be best to get rid of RansomPlus Ransomware for safety precautions. If you want to eliminate the threat manually, you should take a look at the instructions available below the text as they will show you how to remove the malware step by step.
Where does RansomPlus Ransomware come from?
Like most of other ransomware applications, RansomPlus Ransomware could be distributed with malicious email attachments. Often the infected files look like regular pictures, invoices or other documents, so it may not even cross the user’s mind that such an attachment could be harmful. Unfortunately, if the system is not protected by a reliable antimalware tool, there might no turning back once the malicious file is launched. Thus, if you want to avoid such threats in the future, we would advise you both to be more cautious and consider installing a legitimate security tool.
How does RansomPlus Ransomware work?
As we said in the beginning, the malware targets only a few particular directories and their subfolders on your computer’s C: disk, such as %ALLUSERSPROFILE%, %USERSPROFILE%, % LOCALAPPDATA%, and other. The infection may also affect data in particular subfolders that have titles of length from four to six characters in the %HOMEDRIVE% folder. According to our researchers at Anti-spyware-101.com, data in the mentioned locations could be locked with two strong crypto systems called AES-256 and RSA-2048. Also, it is possible that RansomPlus Ransomware might be able to encrypt both personal and program files.
Furthermore, when the malicious application finishes locking your data, it should open a text document with a ransom note. It says if you want to decrypt files damaged by RansomPlus Ransomware you have to transfer 0.25 BTC (approximately 250 US dollars) into a specific Bitcoin wallet address. The malware’s creators claim that if users do as they say in the ransom note, they will send the decryption tool via email. Naturally, since there are no guarantees and such people cannot be trusted we would advise you not to risk losing your savings, especially when the damage you received could be minimum. We do not believe the threat’s creators care about your files, so they might not bother to send the decryption tool, and the money you would transfer could be lost in vain.
How to eliminate RansomPlus Ransomware?
Firstly, you should remember what was the file that you downloaded and launched before the computer got infected. Then find the directory where you saved it and remove the file from the computer. If you have no idea where the malicious file might be placed, check the instructions available below as they will mention a couple of possible locations. Nevertheless, if it looks too complicated, you can always get a legitimate antimalware tool and use its scanning feature to find data related to RansomPlus Ransomware automatically. As soon as the scanning is over, click the deletion button and the security tool will erase the malware along with other identified threats.
Erase RansomPlus Ransomware
- Press Windows Key+E.
- Navigate to these locations:
- Check the listed directories and find a malicious file that was executed before the computer got infected.
- Right-click this file and press Delete.
- Erase ransom notes (YOUR_FILES_ARE_ENCRYPTED!!!.txt).
- Close the Explorer.
- Then empty the Recycle bin and restart the system.
tested removal of RansomPlus Ransomware*100% FREE spyware scan and