Infected with Losers Ransomware? Need to decrypt your files?
What is Losers Ransomware
Losers Ransomware is new variant of Nemesis/Cry36 ransomware family viruses. According to our research it appends .losers and .damoclis (In this case it is called Damoclis Gladius Ransomware) extensions to encrypted files. Ransomware creates HOWTODECRYPTFILES.html file with instructions to pay the ransom and possibly decrypt your files. Here is the ransom-demand message:
ALL YOUR WORK AND PERSONAL FILES HAVE BEEN ENCRYPTED Losers ransomware Ransomware To decrypt your files you need to buy the special software – «Losers decryptor» To recover data, follow the instructions! You can find out the details/ask questions in the e-mail:email@example.com You can find out the details/ask questions in the chat:kuysqebjbttaxmq2.onion.to (not need Tor kuysqebjbttaxmq2.onion.cab (not need Tor) kuysqebjbttaxmq2.onion (need Tor) You can find out the details/ask questions in Bitmessage: bitmsg.me/ BM-2cTFScArDZfPNYbefeDn1RJL44NkvuVPrU If the resource is not available for a long time, install and use the Tor-browser: 1. Run your Internet-browser 2. Enter or copy the address hxxps://www.torproject.org/download/download-easy.html in the address bar of your browser and press key ENTER 3. On the site will be offered to download the Tor-browser, download and install it. Run. 4. Connect with the button “Connect” (if you use the English version) 5. After connection, the usual Tor-browser window will open 6. Enter or copy the address kuysqebjbttaxmq2.onion/ in the address bar of Tor-browser and press key ENTER 7. Wait for the site to load If you have any problems installing or using, please visit the video tutorial www.youtube.com/watch?v=gOgh3ABju6Q
Losers Ransomware and Damoclis Gladius Ransomware use asymmetric algorithm. Ransom amount is $500, that have to be paid in BitCoins. Malefactors use live chat to threaten and persuade users. Currently, there is possibility to decrypt files encrypted by Losers Ransomware using decryptors from EmsiSoft designed for Nemesis/Cry36 family. Use instructions below to remove Losers Ransomware and decrypt your files.
How Losers Ransomware infected your PC
Losers Ransomware uses spam e-mail attachments to infect users computers. All this malicious e-mails have a zip file attached to them. They have random names and subjects but often pretend to be sent from Central Security Treatment Organization. Zip archives contain .docx or .js file, that will download and run the virus. Once uses does it there is no way back because it will soon download small executable and will run it to encrypt files in user folders. Antiviruses have a small chance to catch Losers Ransomware virus as it is constantly modified. The only way to protect your computer from such threats is use antiviruses with crypto-protection like HitmanPro.Alert with CryptoGuard.
What to do if you are infected with Losers Ransomware virus?
First of all don’t panic. Follow these easy steps below.
1. Start your computer in Safe Mode with networking. To do that, restart your computer, before your system starts hit F8 several times. This will stop system from loading and will show Advanced boot options screen. Choose Safe mode with networking option from the options list using up and down arrows on your keyboard and hit Enter.
2. Log in to the system infected with the Losers Ransomware virus. Launch your Internet browser and download a reliable anti-malware program and start a full system scan. Once the scan is complete, review scan results and remove all entries detected.
Norton is a powerful removal tool. It can remove all instances of newest viruses, similar to Losers Ransomware – files, folders, registry keys.
*Trial version of Norton provides detection of computer viruses for FREE. To remove malware, you have to purchase the full version of Norton.
Step 2: Remove following files and folders of Losers Ransomware:
Remove following registry entries:
Remove following files:
How to decrypt files infected by Losers Ransomware (.losers and .damoclis files)?
Use automated decryption tools
1. Nemesis decryption tool from Emsisoft
There is ransomware decryptor from Emsisoft that can decrypt .losers and .damoclis files. It is free and may help you restore .losers and .damoclis files encrypted by Losers Ransomware virus. Download it here:
1. CryptOn decryption tool from EmsiSoft
There is ransomware decryptor from EmsiSoft that may decrypt .losers and .damoclis files. It is free and may help you restore files encrypted by Losers Ransomware. Download it here:
There is currently no other automated decryption tool for Losers Ransomware files, but that doesn’t mean that you need to pay the ransom. We track the topic and will add any new decryption tool available in this part of the article. Now you can try to use manual methods to restore and decrypt .losers and .damoclis files.
Decrypt .losers and .damoclis files manually
Restore the system using System Restore
Although, latest versions of Losers Ransomware remove system restore files, this method may help you to partially restore your files. Give it a try and use standard System Restore to revive your data.
- Initiate the search for ‘system restore‘
- Click on the result
- Choose the date before the infection appearance
- Follow the on-screen instructions
Roll the files back to the previous version
Previous versions can be copies of files and folders created by Windows Backup (if it is active) or copies of files and folders created by System Restore. You can use this feature to restore files and folders that you accidentally modified or deleted, or that were damaged (in our case – encrypted by Losers Ransomware). This feature is available in Windows 7 and later versions.
- Right-click the file and choose Properties
- Open the Previous Version tab
- Select the latest version and click Copy
- Click Restore
Restore .losers and .damoclis files using shadow copies
- Download and run Stellar Data Recovery.
- Select type of files you want to restore and click Next.
- Select the drive and folder where your files are located and date that you want to restore them from and press Scan.
- Once the scanning process is done, click Recover to restore your files.
Protect your files from ransomware
Most modern software can protect your data from ransomware and crypto-trojans, but thousands of people still get infected. There are several programs that use different approach to protect your files from ransomware and lockers. One of the best is SOS Online Backup. The product will automatically find important files, then simply make a daily backup on the remote server. SOS runs quietly and automatically in the background and supports any size and any file type. All SOS apps (desktop AND mobile) encrypt files using UltraSafe 256-bit AES before transferring them to the cloud. You will not lose your important data. Download One Year Plan.
Information provided by: Alexey Abalmasov