Infected with Zenis Ransomware? Need to decrypt your files?
What is Zenis Ransomware
Zenis is a new virus, which encrypts all data files on a user PC and after that cybercriminals demand a ransom from victims for a decryption. This type of viruses called Ransomware and has a very high level of damage to docs, music, videos, photos, and databases on a users machines. We strongly recommend you not to pay to cybercriminals, because real decrypting is not guaranteed and payments can increase a number of new virus threats in future. Also, a malware program creates HKEY_CURRENT_USER \ SOFTWARE \ ZenisService keys in a registry and make it active. Zenis ransomware show other typical features of ransomware: it adds a random symbols suffix (for example .Zenis-******) for every encrypted file and creates a file Zenis-Instructions.html with the following information:
*** All your files has been encrypted ***
I am ZENIS. A mischievous boy who loves cryptography, hardware and programming. My world is full of unanswered questions and puzzles half and half, and I'm coming to discover a new world.
A world in digital space that you are supposed to play the role of my toys.
If you want to win in this game, you have to listen carefully to my instructions, otherwise, you will be caught up in a one-step game and you will become the mam loser of the story.
My instructions are simple and clear. Then follow these steps:
1. Send this file (Zenis-Instructions.html) to my email with one your encrypted file less than 2 MB to trust to the game.
2. I decrypt your file for free and send for you.
3. If you confirm the correctness of the files, verify that the files are correct via email
4. Then receive the price of decrypting files
5. After you have deposited, please send me the payment details
6. After i confirm deposit, i send you the "Zenis Decryptor" along with "Private Key" to recovery all your files.
Now you can finish the game. You won the game, congratulations.
Please submit your request to both emails:
If you did not receive an email after six hours, submit your request to the following emails:
TheZenis@Mail2Tor.com (On the TOR network)
Warning: 3rd party and public programs. It may cause irreversible damage to your files And your files will be lost forever.
Zenis Ransomware distributed since March 2018. It targets mostly English-speaking users. Currently, files infected or encoded by this threat (using AES / RSA methods) become unreadable, but there are certain methods to restore encrypted files manually. Use this article to remove Zenis Ransomware completely from Windows 10, 8, 7 and decrypt your files.
Update: Use following service to identify the version and type of ransomware you were attacked by: ID Ransomware. Also check following website for possible decryptor: Emsisoft Decryptors.
How Zenis Ransomware infected your PC
At this moment, we know that several e-mails are used to distribute .docx files with malicious macroses. E-mails are distributed all over the world. You can also get this ransomware on file-sharing networks, including torrent files. Ransom is asked to be paid in BitCoins, that also makes the task difficult for the police, as the user in this network is often anonymous. Encryption starts in the background. Way to protect your computer from such threats is to use antiviruses with crypto-protection like HitmanPro.Alert with CryptoGuard.
First of all, don’t panic. Follow these easy steps below.
1. Start your computer in Safe Mode with networking. To do that, restart your computer before your system starts hit F8 several times. This will stop system from loading and will show Advanced boot options screen. Choose Safe mode with networking option from the options list using up and down arrows on your keyboard and hit Enter.
2. Log in to the system infected with the Zenis Ransomware virus. Launch your Internet browser and download a reliable anti-malware program and start a full system scan. Once the scan is complete, review scan results and remove all entries detected.
Norton is a powerful removal tool. It can remove all instances of newest viruses, similar to Zenis Ransomware – files, folders, registry keys.
*Trial version of Norton provides detection of computer viruses for FREE. To remove malware, you have to purchase the full version of Norton.
Step 2: Remove following files and folders of Zenis Ransomware:
Remove following registry entries:
Remove following files and folders:
How to decrypt files infected by Zenis Ransomware (random files)?
Use automated decryption tools
There is ransomware decryptor from Kaspersky that can decrypt files. It is free and may help you restore files encrypted by Zenis Ransomware virus. Download it here:
You can also try to use manual methods to restore and decrypt files.
Decrypt files manually
Restore the system using System Restore
Although latest versions of Zenis Ransomware remove system restore files, this method may help you partially restore your files. Give it a try and use standard System Restore to revive your data.
- Initiate the search for ‘system restore‘
- Click on the result
- Choose the date before the infection appearance
- Follow the on-screen instructions
Roll the files back to the previous version
Previous versions can be copies of files and folders created by Windows Backup (if it is active) or copies of files and folders created by System Restore. You can use this feature to restore files and folders that you accidentally modified or deleted, or that were damaged (in our case – Zenis Ransomware by Zenis Ransomware). This feature is available in Windows 7 and later versions.
- Right-click the file and choose Properties
- Open the Previous Version tab
- Select the latest version and click Copy
- Click Restore
Restore encrypted files using shadow copies
- Download and run Stellar Data Recovery.
- Select type of files you want to restore and click Next.
- Select the drive and folder where your files are located and date that you want to restore them from and press Scan.
- Once the scanning process is done, click Recover to restore your files.
Protect your files from ransomware
Most modern software can protect your data from ransomware and crypto-trojans, but thousands of people still get infected. There are several programs that use different approach to protect your files from ransomware and lockers. One of the best is SOS Online Backup. The product will automatically find important files, then simply make a daily backup on the remote server. SOS runs quietly and automatically in the background and supports any size and any file type. All SOS apps (desktop AND mobile) encrypt files using UltraSafe 256-bit AES before transferring them to the cloud. You will not lose your important data. Download One Year Plan.
Information provided by: Alexey Abalmasov