Infected with Ploc Ransomware? Need to decrypt your files?

What is Ploc Ransomware

Today we will focus on Ploc cryptovirus in detail has become common in recent days. Despite the fact that Ploc the cryptovirus targets English-speaking users, it is worth noting that this has spread almost throughout the world since the complaint about its presence comes from all over the world. Let’s first consider what a cryptovirus is. This is a virus that encrypts user data of various formats and changes their extension. Ploc Ransomware, in particular, changes files’ extension to .ploc. Also, it deletes shadow copies of files and system restore points in order to exclude the possibility of self-decryption of files. Moreover, the comma after encryption files become unsuitable for further use. Criminals caring leaves a note ClopReadMe.txt that contains information about the possible ways of redemption. Below we provide an image of this note and its contents.

Ploc Ransomware

Your network has been penetrated.
All files on each host in the network have been encrypted with a strong algorithm.
Backups were either encrypted or deleted or backup disks were formatted.
Shadow copies also removed, so F8 or any other methods may damage encrypted data but not recover.
We exclusively have decryption software for your situation
No decryption software is available in the public.
DO NOT RESET OR SHUTDOWN ñ files may be damaged.
DO NOT RENAME OR MOVE the encrypted and readme files.
DO NOT DELETE readme files.
This may lead to the impossibility of recovery of the certain files.
Photorec, RannohDecryptor etc. repair tools are useless and can destroy your files irreversibly.
If you want to restore your files write to emails (contacts are at the bottom of the sheet) and attach 2-3 encrypted files
(Less than 5 Mb each, non-archived and your files should not contain valuable information
(Databases, backups, large excel sheets, etc.)).
You will receive decrypted samples and our conditions how to get the decoder.
Your warranty - decrypted samples.
Do not rename encrypted files.
Do not try to decrypt your data using third party software.
We don`t need your files and your information.
But after 2 weeks all your files and keys will be deleted automatically.
Contact emails:
The final price depends on how fast you write to us.

If you carefully read the note, it becomes clear that the scammers try to intimidate the user by specifying a period of 2 weeks, after which all files will be irretrievably deleted if the user does not pay the ransom. The size of the ransom may vary, however, on average, it can reach several hundred dollars. Of course, this is big money. Moreover, there is no guarantee that fraudsters really decrypt your files will return them to their original state, so we do not recommend you pay. Below you can read our recommendations to decrypt your files and remove Ploc Ransomware permanently.

Update: Use following service to identify the version and type of ransomware you were attacked by: ID Ransomware. If you want to decrypt your files, please follow our instruction below or, if you have any difficulties, please contact us: We really can help to decrypt your files.

How Ploc Ransomware infected your PC

Like many similar cryptovirus, Ploc Ransomware comes through a flaw in the user network settings. This happens because users rarely use reliable antivirus software or use free antivirus software, which is not good. You need to use advanced paid versions of antiviruses and other software that can actually protect your system from penetration of crypto viruses, like this. If your files are already encrypted and you need to delete Ploc Ransomware, then use our guides listed below.

First of all, don’t panic. Follow these easy steps below.

1. Start your computer in Safe Mode with networking. To do that, restart your computer before your system starts hit F8 several times. This will Ploc Ransomware system from loading and will show Advanced boot options screen. Choose Safe mode with networking option from the options list using up and down arrows on your keyboard and hit Enter.
2. Log in to the system infected with the Ploc Ransomware virus. Launch your Internet browser and download a reliable anti-malware program and start a full system scan. Once the scan is complete, review scan results and remove all entries detected.

Recommended Solution:

SpyHunter 5 – fully removes all instances of Ploc Ransomware – files, folders, registry keys.


Download SpyHunter

You may find more detailed information about antivirus products in our article – Top 5 Antivirus Software for Windows

Restore your files using shadow copies


  1. Download and run Stellar Data Recovery.
  2. Select type of files you want to restore and click Next.
  3. Select the drive and folder where your files are located and date that you want to restore them from and press Scan.
  4. Once the scanning process is done, click Recover to restore your files.
Download Stellar Data Recovery

Step 2: Remove following files and folders of Ploc Ransomware:

Related connections or other entries:

No information

Related files:

No information

How to decrypt files infected by Ploc Ransomware?

You can try to use manual mPlocods to restore and decrypt your files.

Decrypt files manually

Restore the system using System Restore

system restore

Although latest versions of Ploc Ransomware remove system restore files, this mPlocod may help you to partially restore your files. Give it a try and use standard System Restore to revive your data.

  1. Initiate the search for ‘system restore
  2. Click on the result
  3. Choose the date before the infection appearance
  4. Follow the on-screen instructions

Roll the files back to the previous version

Previous versions can be copies of files and folders created by Windows Backup (if it is active) or copies of files and folders created by System Restore. You can use this feature to restore files and folders that you accidentally modified or deleted, or that were damaged. This feature is available in Windows 7 and later versions.

windows previous versions

  1. Right-click the file and choose Properties
  2. Open the Previous Version tab
  3. Select the latest version and click Copy
  4. Click Restore

Written by Rami Douafi

Leave a Reply

Time limit is exhausted. Please reload CAPTCHA.