Russian Eda2 Ransomware

What is Russian Eda2 Ransomware?

Russian Eda2 Ransomware is an open-source ransomware infection that was first released publicly for educational purposes (at least, it is said so). Even though the original Russian Eda2 Ransomware project was abandoned 5 months ago, cyber criminals still use the code of this ransomware to create other similar infections. Unfortunately, the code is available on and accessible to anyone, so it is very likely that other ransomware infections based on Russian Eda2 Ransomware will be released in the future too. It will be immediately clear for you that you have encountered a ransomware infection because files you keep on your computer will all be encrypted and you could no longer access them. It is not very likely that you will encounter the original Russian Eda2 Ransomware; however, its other versions are still prevalent on the web these days and you might encounter them. If you do, eliminate the variant of Russian Eda2 Ransomware that affected your computer immediately even though it tells you that you need to pay money for gaining access to files it has locked.

What does Russian Eda2 Ransomware do?

As we have told you, the original version of Russian Eda2 Ransomware is no longer popular these days; however, you might still encounter its descendants, for example, Locked Ransomware. Like Russian Eda2 Ransomware, Locked Ransomware encrypts files users store on their computers and adds the .locked filename extension to all the encrypted files; however, it seems that it is targeted at many more different files if compared to Russian Eda2 Ransomware. According to specialists at, the latter ransomware used to encrypt only those files that have extensions .pdf, .odt, .doc, .djv, .rb, .ml, .rbw, .sd7, .php, .xlsm, .ods, .bbc, .c, .h, .java, .js, .resx, .txt, .rtf, .docx, .docm, and .asp. Also, Russian Eda2 Ransomware used to show the ransom note in Russian only, whereas newer ransomware infections based on its code tend to provide the information in English or in two languages, e.g. Russian and English, which shows that they are targeted at a wide group of people. The excerpt of the message Russian Eda2 Ransomware provided users with can be seen below:

Файлы на Вашем компьютере заблокированы

Инструкцию по расшифровке вы можете найти на своем рабочем столе в файле README.html

Like other ransomware infections, Russian Eda2 Ransomware and its newer versions ask users to pay a ransom for the decryption of files (the necessary information is usually provided in the message set as Desktop background or .txt/.html files). This is not shocking because we know that all ransomware infections are released for the same purpose. Users should not pay money for cyber criminals because the decryption tool will be released by specialists at the IT department sooner or later. According to researchers at, the decryption tool that could help users to unlock files encrypted by Russian Eda2 Ransomware or any of its variants, e.g. Locked Ransomware exist, so it is not very clever to hand in money to cyber criminals. Specialists say that users can always easily recover their files from a backup after they eliminate the ransomware from their systems fully too, which shows the importance of having copies of the most important files saved on external storage devices.

Where does Russian Eda2 Ransomware come from?

Russian Eda2 Ransomware is, most likely, no longer distributed these days; however, you might, as we have already told you, to encounter a ransomware infection based on its code. They are usually spread as spam email attachments, so you should never open spam emails. Of course, ransomware infections might find other ways to sneak onto computers too, so all users who wish to protect their computers from harm should install security software.

How to delete Russian Eda2 Ransomware

As you already know, it is not very likely that you will encounter the original Russian Eda2 Ransomware and need to remove it; however, other similar ransomware infections are quite prevalent. Fortunately, we know how to erase ransomware based on its code as well. Feel free to use the manual removal instructions you can find below this article. If it happens that they do not help you, leave a comment for us in the comment box below and we will help you to get rid of the threat. Also, you should know that the majority of ransomware infections can be removed with the help of an automatic tool, e.g. SpyHunter.

Remove Russian Eda2 Ransomware manually

  1. Find and delete the malicious .exe file you have opened.
  2. Open the Windows Explorer (Win+E).
  3. Go to %APPDATA% and delete the file with the same name (the name will consist of random letters).
  4. Go to %USERPROFILE%.
  5. Remove Decrypter.exe and ransom.jpg.
  6. Delete the .txt file (e.g. README.html or READ_IT.txt) from Desktop.
  7. Empty the recycle bin and reboot your PC.
100% FREE spyware scan and
tested removal of Russian Eda2 Ransomware*

Leave a Comment

Enter the numbers in the box to the right *