Remove Malware Virus > Ransomware > Delete Digisom Ransomware from Windows PC – Restore ‘.X’ Files

Delete Digisom Ransomware from Windows PC – Restore ‘.X’ Files

February 10, 2017

Ransomware

, , , ,

How Dangerous is Digisom Ransomware?

 

Digisom Ransomware is identical to RansomPlus and Erebus 2017 Ransomware. It enciphers specific files and demands ransom of 02 Bitcoin from victims while keeping file decryption key as hostages on command and control server. What is worse, unlike most of the infamous ransomware, it deletes one random file each 2 hours after the given time 72 hours. Digisom Ransomware opens a pop up window on the affected computer that displays a timer until next removal of random file. As the ransomware is new, research on it is undergoing, however, we suspect that the ransomware has been unleashed with an open source military grade cipher engine, which indexes target files fastly and deploy encryption process immediately.

Digisom Ransomware

Following file encryption process, you notice that important databases, audios, videos, documents, photos, projects and other file are having {3-random_characters.X} suffix added original default file extension. For instance, ‘OFFICE_PROJECT.ppt’ will be transcoded to ‘OFFICE_PROJECT.pptDo5.X’. Though, without a specific decryption passwords, you don’t get to open/modify your files. Getting decryption passwords (aka private key) isn’t really easy. First, you have to contact with Digisom Ransomware attackers via www(dot)digisom.pw. And then you have to identify yourself by entering “YOUR UNIQUE ID TO FIND KEY:________” mentioned in Ransom note. What’s new, Digisom Ransomware creates upto 10 text files using the name like Digisom Readme0.txt, Digisom Readme1.txt, …… to Digisom Readme9.txt and drops them on affected Desktop as well as inside folder having enciphered files.

How to Recover ‘.X’ Files without paying off ransom?

There are few ways that might help you to get back your enciphered files without making ransom payment to the anonymous attackers. These ways are explained below:

  • Using Free Decryption tool – in some cases, online security research firms release free decryption tool against Ransomware. It facilitates victims for recovering files from infected computer for free. You can Google ‘Free Decryption Tool For Digisom Ransomware’ to find out relevant tools.
  • Using Data Recovery Software – indeed, you can get back your encrypted files by Digisom Ransomware using Data Recovery software. Such software is programmed to scan corrupted disk and recover data without any trouble.
  • Using System Restore – if you have created a ‘System Restore Point’, you can make use of it for restoring your computer to an earlier date when your files were not enciphered by Digisom Ransomware.

But First, What should you do?

Before restoring your files, we recommend you to delete Digisom Ransomware from your computer soon enough. Since, as many days as it exist, it will generate more vulnerabilities and also pose direct threat to your privacy. For protection against Digisom Ransomware in future, keep an Antimalware software installed and activated on your each computer.

How to remove Digisom Ransomware (Virus Removal Guide)

 

Free Scan your Windows PC to detect Digisom Ransomware

rmv-notice

Remove Digisom Ransomware From Your PC

Step 1: Remove Digisom Ransomware in Safe Mode with Command Prompt

  • First of all disconnect your PC with network connection.
  • Click restart button and keep pressing F8 key regularly while system restart.

F8-keyboard

  • You will see “Windows Advanced Options Menu” on your computer screen.

Windows Advanced Options Menu

  • Select “Safe Mode with Command Prompt” and press Enter key.

safe mode with command promt

  • You must login your computer with Administrator account for full privilege.

daver

  • Once the Command Prompt appears then type rstrui.exe and press Enter

picture6

  • Now follow the prompts on your screen to complete system restore.

Step 2: Remove Digisom Ransomware using MSConfig in Safe Mode:

  • Power off your computer and restart again.
  • While booting press the “F8 key” continuously to open “Windows Advanced Options Menu”.

F8-keyboard

  • Use the arrow keys to select “Safe Mode” option and press Enter key.

Safe mode

  • Once system get started go to Start menu. Type “msconfig” in the search box and launch the application.

msconfig01

  • Go to the Startup tab and look for files from %AppData% or %Temp% folders using rundll32.exe. See an example below:

C:\Windows\System32\rundll32.exe C:\Users\username\appdata\local\temp\regepqzf.dll,H1N1

  • Disable all the malicious entries and save the changes.
  • Now restart your computer normally.

Step 3 : Kill Malicious Process Related To Digisom Ransomware

  • Press Alt+Ctrl+Del buttons together.

ctrl+alt+del

  • It will open the Task manager on your screen.
  • Go to Process Tab and find Digisom Ransomware related process.
  • Click the End Process Now button to stop the running process.

Step 4 : Remove Digisom Ransomware Virus From Registry Entry

  • Press “Windows + R” key together to open Run Box.

Win+R

  • Type “regedit” and click OK button.

Type-regedit-to-open-registry

  • Find and remove Digisom Ransomware related entries.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Runonce

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

Now hopefully you have completely removed the Digisom Ransomware virus from your computer. If you are still get ransom message from the threat or unable to access your files, then it means that virus still remain into your computer. In such situation you don’t have any other option except removing this virus using any powerful malware removal tool.

Whereas if you have any backup of your infected or encrypted files, then you can also reinstall your Windows OS. This will erase all your files and data as along with the Digisom Ransomware infection. You will get a completely empty computer system with no files. Now you can use your backup to get your files. If you don’t have any backup then using malware removal tool is a better option for you.

freescan1

If you have any query or question regarding your computer, then you can easily ask your problem to our experts. Go to the Ask Any Question page and get the answer for your query directly from out experts.

footer-1

Related Posts

Skip to toolbar