What is Clown ransomware?

Clown is a dangerous threat that has been spotted infecting users’ computers around the world since January 2020. Following infiltration, it encodes the victim’s personal data and then requires ransom in Bitcoin for file recovery. Clearly, such data is vital for many users so cybercriminals blackmail them taking advantage of this. Despite their claims that decryption key purchase is the only way to return affected files, we don’t recommend to abide by their terms. There is always a risk of getting scammed by Clown ransomware developers. Alternatively, you may follow this guide to remove Clown Ransomware and decrypt .clown+ files not paying the ransom.

Clown Ransomware note

Clown Ransomware uses both encryption algorithms: symmetric or asymmetric to lock user’s files such as photos, videos, documents and so on. All encrypted files are renamed according to the following template: [SupportClown@elude.in][id=1E857D00]ORIGINAL_FILENAME.clown+. For example, it renames “flower.jpg” to “[SupportClown@elude.in][id=1E857D00]flower.jpg.clown+”, and so on.

Clown Ransomware files

The entire procedure is hidden and does not take a long time, so the user can even notice nothing. Once encryption is done, the virus creates 2 files: !!! READ THIS !!!.hta and HOW TO RECOVER ENCRYPTED FILES.txt that contain instructions from crooks on how to get back your files

The content of !!! READ THIS !!!.hta:

All your files have been encrypted!
Your documents, photos, databases and other important files have been encrypted with strongest encryption. you can return all your files if you want to restore files, write us to the e-mail: SupportClown@elude.in
Write this ID in the subject e-mail:1E857D00
It is in your interest to respond as soon as possible to ensure the restoration of your files, because we wont keep your decryption keys at our server more than one week. The price depends on how fast you write to us.
Free decryption as guarantee
Before paying you can send us up to 1 file for free decryption. The total size of files must be less than 1Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)
How to obtain Bitcoins
You can buy bitcoin from here:
hxxps:localbitcoins.com/buy_bitcoins
Also you can find other places to buy Bitcoins and beginners guide here:
hxxp:www.coindesk.com/information/how-can-i-buy-bitcoins/
Attention!
Do not rename encrypted files.
Using another tools could corrupt your files, in case of using third party software we don’t give guarantees that full recovery is possible so use it on your own risk.

The content of HOW TO RECOVER ENCRYPTED FILES.txt:

Clown ransomware

Your unique ID:”1E857D00″

All personal files on your computer are encrypted!
Don’t worry, you can restore all your files.
Without the original key recovery is impossible.
If you want to decrypt your files, you have to pay in Bitcoin.
The price depends on how fast you write to us.
If you want to restore files, write us to the e-mail: “SupportClown@elude.in”
It is in your interest to respond as soon as possible to ensure the restoration of your files,
because we won’t keep your decryption keys at our server more than one week because of our security.

Free decryption as guarantee:
Before paying to send us up to 1 file for free decryption. The total size of the file must be less
than 1Mb (the file should not be important to you).

You can buy bitcoin from here:
hxxps://localbitcoins.net/buy_bitcoins
hxxps://libertyx.com/
hxxps://www.coinmama.com/buy
You can find other places to buy Bitcoins and beginners guide here:
hxxps://www.coindesk.com/information/how-can-i-buy-bitcoins

CAUTION!
1-Using other tools could corrupt your files, in case of using third party software we don’t give
guarantees that full recovery is possible.
2-Please do not change the name of files or file extension if your files are important to you!

The victim is encouraged to contact Clown virus developers via SupportClown@elude.in email address. Cybercriminals require payment in bitcoins as this allows them to remain anonymous and undetectable for law enforcement agencies. Plus, it increases the risk of being deceived by fraudsters: they might take your money without giving you anything in return.

remove Clown Ransomware note

There are two solutions to this problem. The first is to use an automated removal tool. This method is suitable even for inexperienced users since the removal tool can delete all instances of the virus in just a few clicks. The second is to use the Manual Removal Guide. This is a more complex way that requires special computer skills.

How Clown ransomware gets on my computer?

Extortionists are often found in spam attachments or on unlicensed software resources. Be careful not to open emails from unknown senders, and even more so files attached to them. You will not find anything interesting or useful there. There are more sophisticated ways. Infected spam can come on behalf of a reliable company or organization with which you have been cooperating for a long time, as well as on behalf of your friend or relative with whom you have corresponded at least once. There are basic precautions when working with e-mail. First of all, if you do not know the sender, read the text of the letter before opening the attachment. Even if you know the sender, verify his email address to make sure that he is not fake. Grammar errors will indicate intruders. The absence of your name in the greeting should alert you, because if the real company sent you an email, they would know your name, and not use the usual greeting like a “respected customer.” Ransomware can exploit vulnerabilities in your OS to infiltrate the system. These security holes are usually quickly fixed after they are discovered. However, as practice shows, not everyone installs those patches. Therefore, do not neglect to automatically update your system, but do not download patches from unknown sites yourself, they may also be infected.

How to remove Clown Ransomware?

First of all, don’t panic. Follow these easy steps below.

1. Start your computer in Safe Mode with networking. To do that, restart your computer before your system starts hit F8 several times. This will Clown Ransomware system from loading and will show Advanced boot options screen. Choose Safe mode with networking option from the options list using up and down arrows on your keyboard and hit Enter.
2. Log in to the system infected with the Clown Ransomware virus. Launch your Internet browser and download a reliable anti-malware program and start a full system scan. Once the scan is complete, review scan results and remove all entries detected. To find out more about antiviruses, you may follow this link

Recommended Solution:

Try SpyHunter

SpyHunter is a powerful tool that is able to keep your Windows clean. It would automatically search out and delete all elements related to malware. It is not only the easiest way to eliminate malware but also the safest and most assuring one. The full version of SpyHunter costs $42 (you get 6 months of subscription). By clicking the button, you agree to EULA and Privacy Policy. Downloading will start automatically.

Download SpyHunter

for windows

Try Stellar Data Recovery

Stellar Data Recovery is one of the most effective tools that can recover lost and corrupted files — documents, emails, pictures, videos, audio files, and more — on any Windows device. The powerful scan engine can detect compromised files and finally save them to specified destination. Despite its advancedness, it’s very concise and simple so that even the most inexperienced user can figure it out.

Download Stellar Data Recovery

Try MailWasher

Email security is the first line of defense against ransomware viruses. To do this, we recommend that you use MailWasher. MailWasher blocks ransomware viruses coming through spam and phishing, and automatically detects malicious attachments and URLs. In addition, malicious messages can be blocked even before the recipient opens them. Since the main source of the spread of ransomware viruses are infected emails, antispam significantly reduces the risk of a virus appearing on your computer.

Download MailWasher

You may find more detailed information about antivirus products in our article – Top 5 Antivirus Software for Windows

Restore your files using shadow copies

stellar-data-recovery

  1. Download and run Stellar Data Recovery.
  2. Select type of files you want to restore and click Next.
  3. Select the drive and folder where your files are located and date that you want to restore them from and press Scan.
  4. Once the scanning process is done, click Recover to restore your files.
Download Stellar Data Recovery

Step 2: Remove following files and folders of Clown Ransomware:

Related connections or other entries:

No information

Related files:

No information

How to decrypt files infected by Clown Ransomware?

You can try to use manual methods to restore and decrypt your files.

Decrypt files manually

Restore the system using System Restore

system restore

Although the latest versions of Clown Ransomware remove system restore files, this method may help you partially restore your files. Give it a try and use standard System Restore to revive your data.

  1. Initiate the search for ‘system restore
  2. Click on the result
  3. Choose the date before the infection appearance
  4. Follow the on-screen instructions

Roll the files back to the previous version

Previous versions can be copies of files and folders created by Windows Backup (if it is active) or copies of files and folders created by System Restore. You can use this feature to restore files and folders that you accidentally modified or deleted, or that were damaged. This feature is available in Windows 7 and later versions.

windows previous versions

  1. Clownt-click the file and choose Properties
  2. Open the Previous Version tab
  3. Select the latest version and click Copy
  4. Click Restore

How to prevent your system from Ransomware?

Make sure your Remote Desktop Protocol (RDP) connection is closed when you don’t use it. Also, we recommend using a strong password for this service. The most efficient way to avoid data lose is of course to make a backup of all important data from your computer.

Leave a Reply

Your email address will not be published. Required fields are marked *