Sitaram108 Ransomware

What is Sitaram108 Ransomware?

Sitaram108 Ransomware is a computer threat targeted at users’ personal files. Once it is inside the computer, it scans it and then locks all the valuable files it manages to find. According to specialists who have carried out research, Sitaram108 Ransomware locks such files as pictures, documents, music, and even third-party applications. You will quickly notice that you cannot access them. On top of that, they will have the new filename extension, e.g. id.-(unique ID).{}.xtbl or .id-(unique ID).{}.xtbl. Cyber criminals expect that many users will contact them and then pay the required amount of money for the decryption tool. We understand that you need your files back badly; however, we do not recommend transferring money to cyber criminals because you have no guarantees that you will receive the key or software to decrypt those files. Even though Sitaram108 Ransomware is based on the CrySiS Ransomware, and it is said that it is basically impossible to decrypt those files it touches, you should still download the free tool from the web to try to unlock files. If you find the free software useless, we suggest that you keep those encrypted files because specialists might develop the free tool in the future. Of course, it does not mean that you do not need to remove Sitaram108 Ransomware from your computer.testtesttest

What does Sitaram108 Ransomware do?

As Sitaram108 Ransomware is a typical file-encrypting infection that shares similarities with Redshitline Ransomware, Ransomware, and Ransomware, researchers at have not found it surprising at all that it immediately encrypts files with the RSA-2048 encryption key the second it enters the computer. Once it is finished with the personal files it manages to find, it also changes the Desktop background and drops the How to decrypt your files.txt on the computer. This file contains only one sentence: “To decrypt your data write me to” or “To decrypt your data write me to if you have no responce in 24 hours, write to”. Specialists have noticed that this ransomware infection sets two different wallpapers too. Therefore, there is basically no doubt that there are two different versions of Sitaram108 Ransomware. Even though they slightly differ, they both seek to obtain money from users. To be frank, you will know nothing about the ransom you have to pay until you contact cyber criminals.

Have you written an email and already received an answer? If so, we are sure that you are considering whether or not to pay money for cyber criminals now. At first, it might seem that it is the quick solution to the problem, especially if the ransom they ask is not large. Of course, it has encrypted YOUR files, and YOU are the only one who can make a decision; however, if you ask our opinion, we believe that it would be smart to keep the money in your pockets. In fact, you do not even need to make a payment if you have copies of your important files on the external storage device. As we have mentioned in the first paragraph, you should try to use a free decryptor you can get from the web as well if you decide to listen to us and do not make any payment.

Where does Sitaram108 Ransomware come from?

Only the names of the ransomware infections differ; however, they all share the same goal and are even distributed similarly. In the case of Sitaram108 Ransomware, specialists at believe that it usually enters computers because users open attachments they find in spam emails. Of course, this threat might have found another way to enter the computer, for example, it is known that such threats might be dropped by the so-called Trojan dropper as well. Believe us; malware might find other ways to enter computers too, so you need to be cautious. According to our security specialists, the best would be that you install a reputable security tool on your computer and activate it. If the tool you use is trustworthy, malware will not enter your system ever again, which means that your files will be safe.

How to delete Sitaram108 Ransomware

To remove Sitaram108 Ransomware fully, you need to locate the .exe file it has created and remove it. Also, you will need to undo several changes in the system registry, for example, you will need to remove the Value that belongs to Sitaram108 Ransomware from the Run registry key. It should not be extremely hard to make it gone because our step-by-step removal guide, which you can find below the article, will help you to take care of it.

Remove Sitaram108 Ransomware manually

  1. Tap the Windows key + R.
  2. Enter regedit in the box. Tap Enter.
  3. Move to HKCU\Control Panel\Desktop.
  4. Locate the Wallpaper value and right-click on it.
  5. Select Modify and then clear the Value data. Click OK.
  6. Move to HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Wallpapers and do the same with the Value BackgroundHistoryPath0 you will find there.
  7. Follow the path to access the Run registry key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.
  8. Find the random name Value having data %WINDIR%\Syswow64 or %WINDIR%\System32.
  9. Delete it.
  10. Close the Registry Editor.
  11. Check these directories one by one and then remove the {randomname}.exe file that belongs to the ransomware infection.
  • %ALLUSERSPROFILE%\Start Menu\Programs\Startup\
  • %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\
  • %USERPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup\
  • %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup\
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\Startup\
  • %WINDIR%\Syswow64\
  • %WINDIR%\System32\

N.B. Once you are done with Sitaram108 Ransomware, scan your system with SpyHunter to remove all other threats from your computer. You will get its free version if you click on the Download button (it can be found below the article).

100% FREE spyware scan and
tested removal of Sitaram108 Ransomware*

Leave a Comment

Enter the numbers in the box to the right *