Infected with Rontok Ransomware? Need to decrypt your files?

What is Rontok Ransomware

In this article we will talk in detail about the Rontok Ransomware which became popular in the second half of February of this year. Like many similar viruses, it encrypts user data, including audio, photos, videos, multimedia, archives, and more. It encrypts files and then changes their extension to .rontok. Also, the virus changes the name of the files. Features of this virus is that it encrypts files on web servers. A cryptovirus creates a special text file that contains detailed information about the ransom. You can see how Rontok looks like and what it contains:

Rontok Ransomware

Ops... Your file have been encrypted
And your database file have been encrypted too
UUID: d40bbe71aa5c763c9c87de**********
Click here to get decryption key
[Decryption Key]

The note shows the addresses at which the user must contact the attackers, paying 20 bitcoins. Cryptocurrencies were not chosen by chance, since this is how intruders try to avoid persecution by law. This is due to the fact that cryptocurrency transactions are very difficult to track. We do not recommend you pay money, as there is no guarantee that scammers really decrypt your files. Below you can find recommendations to remove Rontok Ransomware right now.

Update: Use following service to identify the version and type of ransomware you were attacked by: ID Ransomware. If you want to decrypt your files, please follow our instruction below or, if you have any difficulties, please contact us: We really can help to decrypt your files.

How Rontok Ransomware infected your PC

Rontok comes to the computer through unsafe user networks, since users rarely use the paid version of antivirus software. You need to use special programs that can really prevent the penetration of such threats. It is worth noting that this may come as an attachment to a spam mailing list or as a false update for any program and utility that is installed on your system. Be careful. If Rontok has already arrived on the computer and encrypted files, then use our recommendations to get rid of it right now.

First of all, don’t panic. Follow these easy steps below.

1. Start your computer in Safe Mode with networking. To do that, restart your computer before your system starts hit F8 several times. This will Rontok Ransomware system from loading and will show Advanced boot options screen. Choose Safe mode with networking option from the options list using up and down arrows on your keyboard and hit Enter.
2. Log in to the system infected with the Rontok Ransomware virus. Launch your Internet browser and download a reliable anti-malware program and start a full system scan. Once the scan is complete, review scan results and remove all entries detected.

Recommended Solution:

SpyHunter 5 – fully removes all instances of Rontok Ransomware – files, folders, registry keys.


Download SpyHunter

You may find more detailed information about antivirus products in our article – Top 5 Antivirus Software for Windows

Restore your files using shadow copies


  1. Download and run Stellar Data Recovery.
  2. Select type of files you want to restore and click Next.
  3. Select the drive and folder where your files are located and date that you want to restore them from and press Scan.
  4. Once the scanning process is done, click Recover to restore your files.
Download Stellar Data Recovery

Step 2: Remove following files and folders of Rontok Ransomware:

Related connections or other entries:

No information

Related files:

No information

How to decrypt files infected by Rontok Ransomware?

You can try to use manual methods to restore and decrypt your files.

Decrypt files manually

Restore the system using System Restore

system restore

Although latest versions of Rontok Ransomware remove system restore files, this method may help you to partially restore your files. Give it a try and use standard System Restore to revive your data.

  1. Initiate the search for ‘system restore
  2. Click on the result
  3. Choose the date before the infection appearance
  4. Follow the on-screen instructions

Roll the files back to the previous version

Previous versions can be copies of files and folders created by Windows Backup (if it is active) or copies of files and folders created by System Restore. You can use this feature to restore files and folders that you accidentally modified or deleted, or that were damaged. This feature is available in Windows 7 and later versions.

windows previous versions

  1. Right-click the file and choose Properties
  2. Open the Previous Version tab
  3. Select the latest version and click Copy
  4. Click Restore

Written by Rami Douafi

Leave a Reply

Time limit is exhausted. Please reload CAPTCHA.