Erebus 2017 Ransomware : Ransomware Removal Report

 

Initial Research report on Erebus 2017 Ransomware

Erebus 2017 Ransomware is yet another upgraded variant of the Erebus Ransomware that has been discovered in September 2016. According to the initial research reports of cyber threat experts it is just a complete newly programmed Crypto ransomware variant. Many of security experts reported that Erebus 2017 Ransomware critically passes freely from the UAC (User Account Control) by commanding over the MSC file groups to run commands through using Windows Event Viewer and execute on your system.

Erebus 2017 Ransomware uses a typical strategy to generate "eventvwr.exe" which read a corrupt file instead of the "legit mmc.exe" that is default comes with the Windows Operating System. Using these several activities this ransomware hides their malicious activities and operations. Experts is not very clear about its infecting methods yet. It may be possible that this encrypting ransom virus has been delivered to your system via Rig Exploit Kit, spam emails attachments and malicious Javascript codes. Due to bypass through UAC allows this malware to escape from various antivirus detections.

Technical details

Name	Erebus 2017 Ransomware
Type	Ransomware
File Extension	.***
Risk Level	High
Ransom Demand	$90 or 85 EUR
Affected OS	Various Windows Versions

TOR Networks Is Used As The Servers OF Erebus 2017 Ransomware

Erebus 2017 Ransomware uses a very similar techniques like "[email protected]" Ransomware but many of the evil programmers applied the macro scripts codes because they are easy to coded into crafted documents. The makers of the Erebus 2017 Ransomware already known that the ransomware downloads that is completely connected with its inbound and outbound communications with their "Command and Control" Servers for the encrypted data storage. This ransom threat is designed to gain the location information of the infected system through servers at "ipinfo.io/country" and "ipecho.net/plain" which has been hosted on the regular Internet portals. It sends a report about all your information like IP address, Windows versions, device id, geographical locations and your email account name etc. In the next step it start to configure your whole system for targeted data types to perform the encryption on the system after successful search operation it perform the encode process for the below given data types :

Erebus 2017 Ransomware uses ROT-23 and AES-256 encryption algorithms for the attack

Erebus 2017 Ransomware uses unique encryption process algorithm such as AES-256 and ROT-23 ciphers to encode the users files. For example, "Fried bread with butter.pptx" becomes translated into "Fried bread with butter.mmqu". Your Windows Explorer also unable to create thumbnails for your images and pictures, documents, pdfs, presentations and spreadsheets. The main evil work done by this nasty malware is to delete the Shadow Volume Copies to make sure that the users did not recover their lost data from using Windows Explorer. Then after doing all these things it delivers you a ransom message on your system using your default browser. Here is a look of the ransom message see below ;

Know about the ransom demands of Erebus 2017 Ransomware

The hackers of Erebus 2017 Ransomware usually demands $90 or 85 EUR and instruct the users to pay via Bitcoin wallets. But According to experts suggestions you do not think about the ransom payment because the cyber criminals uses the collected money into some malicious works so leave this idea and use a credible anti-malware tool on your system and remove Erebus 2017 Ransomware instantly then run the backup on the PC to restore your files back.

Free Scan your Windows PC to detect Erebus 2017 Ransomware

What To Do If Your PC Get Infected By Erebus 2017 Ransomware

The ransomware infection has been mainly designed with the purpose to scare users and trick their money. It take your files on hostage and demand ransom to return your important data. But now the question is what you can do when your system got infected by Erebus 2017 Ransomware virus? Here are some option that you can use to get rid of this nasty infection.

Don’t Panic – Well the first thing is Don’t panic and then completely check out your system for any working files. If you got any working files then copy it to USB drive.

Pay Ransom – Other option is you can pay the ransom and wait to get your files back. (really a bad option)

Use Backup – Clean you entire system files, remove the infection completely from your PC and restore your files with any backup.

Remove Infection – You can also delete Erebus 2017 Ransomware virus using malware removal tool and remove all the infected files. You can later recover all your data by using any data recovery tool. (In case you don’t have backup of your files.) – Recommended Method.

Reinstall Windows – The last option is reinstall your Windows OS. It will completely remove all your data as well as infection. You will get a completely new infection free PC.

How To Remove Erebus 2017 Ransomware Virus From Your PC

Step 1 – Boot your computer in Safe mode.

Step 2 – Remove the infected registry entry files.

• Click Windows Flag and R button together.

• Type “regedit” and click OK button

• Find and delete following entries.

HKEY_LOCAL_MACHINESOFTWAREsupWPM

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesWpm

HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “Default_Page_URL”

HKEY_LOCAL_Machine\Software\Classes\[Erebus 2017 Ransomware]

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\[Erebus 2017 Ransomware]

Step 3 – Remove From msconfig

• Click Windows + R buttons simultaneously.

• Type msconfig and press Enter

• Go to Startup tab and uncheck all entries from unknown manufacturer.

Step 4 – Restart your computer normally.

Check your computer now. If the virus has gone then you can start using your computer. If the infection still remains then head to the next step.

Step 5 – System Restore

• Insert Windows installation disk to CD drive and restart your PC.
• While system startup, keep pressing F8 or F12 key to get boot options.
• Now select the boot from CD drive option to start your computer.
• Then after you will get the System Recovery Option on your screen.
• Select the System Restore option from the list.
• Choose a nearest system restore point when your PC was not infected.
• Now follow the option on your screen to Restore your computer.

If the above manual methods didn’t removed Erebus 2017 Ransomware virus then you have only option to remove infection using a malware removal tool. It is last and the only option that can easily and safely remove this nasty threat from your computer.

Having some alarming questions in your mind? Get your doubt cleared from our experienced tech support experts. Just go to the Ask Your Question section, fill in the details and your question. Our expert team will give you detailed reply about your query.