ReadIT Ransomware

Posted by Max Lehmann on July 14, 2017

What is ReadIT Ransomware?

If ReadIT Ransomware manages to infiltrate your system, there is a good chance that you can say goodbye to all your important files. This ransomware infection can encrypt most of your personal files, including your documents, photos, videos, databases, and more. Your only possible way out of this threat is to have a recent backup saved in cloud storage or on a removable hard disk. Of course, your attackers will offer you their sort of way out if you contact them. Obviously, you will be told to pay a certain amount of ransom fee in exchange for the unique decryption key without which it is not yet possible to recover your files. Malware hunters are most likely working hard on a solution to provide victims with a free tool, but as of yet no such tool has emerged on the web. Our malware specialists at anti-spyware-101.com say that you should remove ReadIT Ransomware immediately if you would like to use your computer even if this could mean the loss of your files. Of course, whatever you decide to do is up to you. But please keep in mind that paying any money to criminals would simply encourage them to go on with their dirty business.testtest

Where does ReadIT Ransomware come from?

The most likely way for you to get infected with this vicious program is via spam e-mails. Cyber criminals often use spamming campaigns as a means to distribute their ransomware programs to the victims. By sending out spams, there is a good chance that a lot of users fall for the trick and infect their own machines. This malware infection may show up as a file attachment in a spam. This attachment can pose as an image or a document that is supposed to prove or relate to an unsettled invoice, a problematic hotel room booking, important changes with your Internet provider, a bank notification about suspicious transactions, and so on. Obviously, this spam is built so that you would possibly have no doubt about its authenticity. Its sender name and e-mail address may strike you as totally legitimate or even authoritative (e.g., the local police). The subject of such a spam will refer to an alleged urgent issue with your credit card or an invoice, etc. However, when you open this mail, you will not find satisfying information regarding this matter in question. You may find a link in the message that points to a file stored in some cloud storage or you may be told to download and view the attached file. Once you do so though you will activate this vicious program. Remember that when you remove ReadIT Ransomware, it means that your files are all encrypted, i.e., you cannot save them by eliminating this severe threat. You need to think beforehand; prevention is the only key to protect your files and your system.

Another well-known method applied by cyber criminals is Exploit Kits. We cannot yet confirm that this ransomware is actually spread this way but we certainly find it important for you to know what may happen if you do not update your browsers and drivers (Java and Flash) from official sources regularly. Exploit Kits are malicious Javascript and Flash codes that can be triggered the moment you load a malicious page specially equipped with such kits. You do not need to engage with any content on such a page in order to infect your system with a beast like this. All you need to do is click on a corrupt link or third-party ad while browsing the web and you might end up on one of these pages, and infect your system right away. Again, when you delete ReadIT Ransomware, the damage has been done and there is no way yet to recover your files unless you have a backup. Keep all your programs and drivers updated if you want to lower the chance of such cyber attacks.

How does ReadIT Ransomware work?

Once activated, this ransomware uses the usual AES-256 algorithm to encrypt your files. This algorithm generates a unique private key that is stored on a remote server called the Command and Control or C&C server. All your encrypted files get a new ".readIT" extension, which signals to you which files have been taken hostage. The only good thing about this malicious program is that it does not lock your screen or block your major system processes, which makes it easier to delete it. This ransomware drops a ransom note text file called "READ_IT.txt" probably on your desktop but you may also find it in all affected folders. This infection does not seem to scare you with a ransom note screen that would replace your desktop background or would appear on top of all your active windows blocking your view.

The ransom note file informs you about the fact of the encryption and instructs you to contact your attackers by sending an e-mail to "decrypter.files@mail.ru" within 24 hours if you want to pay "half of the regular price" to get the private key. You are supposed to get a reply with further details regarding the payment, which is most likely demanded in Bitcoins. We have no information yet about the fee these criminals want you to pay but we can tell you that it can be anything from 50 dollars up to 2,000 dollars or even more. This is only dependent on the hunger of your attackers. There are two basic things you need to understand about paying to such crooks. First, there is possibility that technical issues emerge, such as the C&C server becomes unreachable due to shutdown, and you could not get your private key even if you pay. Second, there is only little chance that these criminals would actually send you anything. Of course, you should also consider the fact that you would simply support cybercrime by sending any money to these crooks. No matter what, we recommend that you remove ReadIT Ransomware right away.

How can I delete ReadIT Ransomware?

In order to eliminate this dangerous program, you need to locate the malicious file you may have downloaded recently and delete it. Also, you need to check certain default locations for suspicious random-name files that you also need to bin before you would restart your machine. Please use our guide that you can find below this article if you think you can identify the related files. However, if you would like to protect your PC against future malware threats, we advise you to download and install a reputable anti-malware program like SpyHunter. Do not forget that having a security tool safeguarding your system is one thing; you still need to update all your programs and drivers if you want to prevent cyber crooks from accessing your system and your files with ease.

Remove ReadIT Ransomware from Windows

  1. Tap Win+E to open your File Explorer.
  2. Find the downloaded malicious file and bin it.
  3. Locate and delete the random-name ("*") malicious file at these possible locations:
    %ALLUSERSPROFILE%\Start Menu\Programs\Startup\*.exe
    %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe
    %USERPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe
    %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe
    %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\Startup\*.exe
    %WINDIR%\Syswow64\*.exe (64-bit)
    %WINDIR%\System32\*.exe
  4. Delete the ransom note file ("READ_IT.txt").
  5. Tap Win+R and type regedit. Click OK.
  6. Locate and delete these possible random-name ("*") entries:
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\* (value name: "%WINDIR%\Syswow64\*.exe") (64-bit)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\* (value name:"%WINDIR%\System32\*.exe")
  7. Exit your editor.
  8. Empty your Recycle Bin.
  9. Restart your computer. 100% FREE spyware scan and
    tested removal of ReadIT Ransomware*
Disclaimer
Disclaimer
Trojans

Leave a Comment

Enter the numbers in the box to the right *