Infected with CommonRansom Ransomware? Need to decrypt your files?

What is CommonRansom Ransomware

CommonRansom is another cryptovirus that encrypts user data utilizing the AES algorithm. Like similar threats, it encrypts files of several formats, including office documents, audio, video, and more. Among other things, this changes the extension of the infected files to .CommonRansom. In some cases, the virus uses a compound extension of the following form: .[].CommonRansom. Of course, after such manipulations, files become inappropriate for further use. It is also worth noting that the virus creates a special note file DECRYPTING.txt that opens every time when you try to launch an encrypted file. Below we provide an image of this note and its text part:

CommonRansom Ransomware

Hello dear friend,
Your files were encrypted!
You have only 12 hours to decrypt it
In case of no answer our team will delete your decryption password
Write back to our e-mail:
In your message you have to write:
1. This ID-345678901234567
2. [IP_ADDRESS]:PORT(rdp) of infected machine
3. Username:Password with admin rights
4. Time when you have paid 0.1 btc to this bitcoin wallet:
After payment our team will decrypt your files immediatly
Free decryption as guarantee:
1. File must be less than 10MB
2. Only .txt or .lnk files, no databases
3. Only 5 files
How to obtain bitcoin:
The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.
Also you can find other places to buy Bitcoins and beginners guide here:

In the note, scammers try to frighten the user by indicating the limited amount of time allocated to pay the ransom. The repurchase cost is 0.1 Bitcoin. Bitcoin is not chosen randomly since the cryptocurrency allows you to avoid prosecution by law. The attackers even offer to decrypt several files for free. we do not recommend you to pay money, it is better to use our recommendations to try to delete it right now and decrypt your files.

Update: Use following service to identify the version and type of ransomware you were attacked by: ID Ransomware. If you want to decrypt your files, please follow our instruction below or, if you have any difficulties, please contact us: We really can help to decrypt your files.

How CommonRansom infected your PC

The main reason for the penetration of such viruses is network insecurity. Moreover, it is worth noting that users rarely use paid versions of anti-virus software due to what makes their computer prone to attacks of this kind. Moreover, CommonRansom Ransomware can come as the attachment in the spam mailing or as a false update for the program that is installed on your PC. Below you can find our recommendations for removing CommonRansom Ransomware.

First of all, don’t panic. Follow these easy steps below.

1. Start your computer in Safe Mode with networking. To do that, restart your computer before your system starts hit F8 several times. This will stop system from loading and will show Advanced boot options screen. Choose Safe mode with networking option from the options list using up and down arrows on your keyboard and hit Enter.
2. Log in to the system infected with the CommonRansom virus. Launch your Internet browser and download a reliable anti-malware program and start a full system scan. Once the scan is complete, review scan results and remove all entries detected.

Recommended Solution:

Norton – fully removes all instances of CommonRansom – files, folders, registry keys.


Download Norton

You may find more detailed information about antivirus products in our article – Top 5 Antivirus Software for Windows

Restore your files using shadow copies


  1. Download and run Stellar Data Recovery.
  2. Select type of files you want to restore and click Next.
  3. Select the drive and folder where your files are located and date that you want to restore them from and press Scan.
  4. Once the scanning process is done, click Recover to restore your files.
Download Stellar Data Recovery

Step 2: Remove following files and folders of CommonRansom:

Related connections or other entries:

No information

Related files:

No information

How to decrypt files infected by CommonRansom?

You can try to use manual methods to restore and decrypt your files.

Decrypt files manually

Restore the system using System Restore

system restore

Although latest versions of CommonRansom remove system restore files, this method may help you to partially restore your files. Give it a try and use standard System Restore to revive your data.

  1. Initiate the search for ‘system restore
  2. Click on the result
  3. Choose the date before the infection appearance
  4. Follow the on-screen instructions

Roll the files back to the previous version

Previous versions can be copies of files and folders created by Windows Backup (if it is active) or copies of files and folders created by System Restore. You can use this feature to restore files and folders that you accidentally modified or deleted, or that were damaged. This feature is available in Windows 7 and later versions.

windows previous versions

  1. Right-click the file and choose Properties
  2. Open the Previous Version tab
  3. Select the latest version and click Copy
  4. Click Restore

Protect your computer from ransomware

hitmanpro alert with cryptoguard

Most modern antiviruses can protect your PC from ransomware and crypto-trojans, but thousands of people still get infected. There are several programs that use different approach t protect from ransomware and lockers. One of the best is HitmanPro.Alert with CryptoGuard. You may already know HitmanPro as famous cloud-based anti-malware scanner. Check out ultimate active protection software from SurfRight.

Download HitmanPro.Alert with CryptoGuard

Written by Rami Douafi

Leave a Reply

Time limit is exhausted. Please reload CAPTCHA.