Ransomnix Ransomware
Ransomware | 07/30/2018

How to Remove Ransomnix Ransomware from the computer system?

About: Ransomnix Ransomware is harmful malware categorized as a ransomware. This malicious program encrypts the websites & related files with a .Crypt file extension using a powerful RSA-2048 encryption Algorithm. Mentioned below are the Removal steps to g...  Read More  

| Ransomware | How to Remove Ransomnix Ransomware from the computer system?

What is Ransomnix Ransomware?

Ransomnix is a file encryption virus categorized as a Ransomware. This harmful piece of code infiltrates user’s system covertly and encrypts the websites & related files on the machine with a powerful encryption cipher.

Ransomnix Ransomware Logo

Ransomnix Ransomware uses RSA-2048 encryption algorithm to encrypt the user’s website files with a .Crypt extension. Once the files get encrypted, the user cannot open or edit these files. It affects servers and internet sites!

After encrypting the files on the user’s system the Ransomnix Ransomware displays a ransom note to the user demanding Ransom in crypto currency such as Bitcoin, Litecoin, Monero etc.

Ransomnix Ransomware uses various methods to enter a user’s system to lock the files with its own file extension. These methods include:

Third Party software bundling – Third party software often have additional programs within the setup wizard. The software bundled within these third party programs are often not required by the user in their system, as these additional software don’t provide any useful service to the user. The bundled software is a hindrance then a help as these software causes the system to become sluggish and unresponsive.

Users should uncheck any unwanted additional software from the installation wizard by using the Custom/Advanced settings.

Spam email Attachments – Spam emails are often made to look like a communication from a trusted source, but there are often little differences that are able to giveaway the fraud message. These spam emails contain file attachments, which when opened download the virus payload into the user’s system.

Malicious links and Pop-up ads – While browsing the internet, one often comes across a variety of pop-up ads and malicious links. Accidently or intentionally clicking on these ads or links can lead you to web pages that can download the malware into your system.

Torrents or Peer-to-Peer file transfer – Torrent downloads can contain files that can be harmful for your system. These torrents can contain hidden files within the torrents that can infect your system. Peer-to-Peer file transfer can also propagate the Ransomnix Ransomware from one system to another.

 

Ransomnix Ransomware – Threat behavior

After encrypting the user’s files, the Ransomnix Ransomware displays a ransom note. This Ransom note states that your files are encrypted by using a Powerful RSA-2048 encryption. The files encrypted by the Ransomnix Ransomware contain the following file extensions:

.HTML, .HTM, .PHP, .CSS, .WEB, .SITE, .PHP2, .PHP3, .PHP4, .PHP5, .PHTM, .PHTML, .WEBSITE, .VBHTML etc. These file extensions are some of the targeted extensions by the Ransomnix Ransomware.

It demands 0.2 BTC (bitcoin cryptocurrency) and increases the ransom amount by 0.1 BTC with each passing day.

Ransomnix Ransomware ransom Note Part 1

Ransomnix Ransomware threatens to delete the decryption key for the files on the user’s system if their demands are not met. If they decryption key is deleted, it becomes impossible to unlock these files.

Ransomnix Ransomware’s ransom note provides a contact email and a bitcoin address for the user. The extortionists demand the user to contact them using the crypter@cyberservices.com email address and pay the ransom at the following bitcoin address 1VirusnmipsYSA5jMv8NKstL8FkVjNB9o.

Ransomnix Ransomware Ransom Note Part 2

The Cyber crooks explicitly ask the users of non-English speaking countries to use Google translate to translate their emails in English before contacting them.

The Ransomnix Ransomware is being spread by Jigsaw hacker’s team. They were responsible for the Jigsaw ransomware which had many variants and all those variants had a time limit of one hour after which it started deleting files if the ransom was not paid.

The cyber crooks promise to deliver the decryption code after receiving the money. They ask the user to send them a sample file which they will decrypt as an assurance that they have the decryption key.

The Ransomnix Ransomware makes the following changes in the user’s system to continue persistence:

  • Makes changes to the registry key
  • Adds new registry entries in the windows registry
  • Shadow Volume copies can be erased from the windows system to avoid the user from restoring data

 

Threat Summary

Name – Ransomnix Ransomware

Category – Ransomware

Targeted Operating Systems – Windows XP, Windows Vista, Windows 7, Windows 8.0/8.1, Windows 10

Symptoms – Encrypts the websites & related files on the system with a .crypt extension, demands ransom of 0.2 BTC and increases it by 0.1 BTC with each passing day in return for the decryption key.

 

How to remove Ransomnix Ransomware from the PC?

The users should never pay the ransom demanded by these cyber crooks as there is no guarantee that they will provide the decryption key after receiving the ransom. The users should look for methods on the internet to recover their files instead of paying the ransom and getting duped by the cyber crooks.

Given below is the step by step process to remove Ransomnix Ransomware from the system. You should follow these steps in the given order so as to delete the Ransomnix Ransomware from the system completely without leaving any residual files behind.

If the steps are not followed properly, the Ransomnix Ransomware can make a comeback in the system and encrypt your files again.

 

STEP A – Remove Ransomnix Ransomware from the system using MSConfig in safe mode with Networking.

 

To restart the system to Safe Mode with Networking,  if already switched ON then follow the below steps:

Windows 7/ Vista/ XP

  1. Click on Windows icon present in the lower left corner of the computer screen.
  2. Select and click  Restart.
  3. When the screen goes blank, Keep tapping  F8  Key until you see the Advanced Boot Options window.
  4. With the help of arrow keys on keyboard, Select Safe Mode with Networking  option from the list and press the Enter Key. The system will then restart to Safe Mode with Networking.

5 Click on the username and enter the password (if any).

Windows 10 / Windows 8

  1. Press and hold the Shift Key and simultaneously click on the windows icon present in the lower left corner of your computer screen.
  2. While the Shift key is still pressed click on the Power button and then click on Restart.
  3. Now select Troubleshoot → Advanced options → Startup Settings.
  4. When the Startup Settings screen appears which is the first screen to appear after restart, select and click on Enable Safe Mode with Networking. The system will then restart to Safe Mode with Networking.
  5. Click on the username and enter the password.
  1. Type “Msconfig” in search box / Run Box, select it and press Enter.
  2. Click on “Services” Tab and click on “Hide all Microsoft services”.
  3. Select Ransomnix Ransomware from the list of remaining services and disable it by removing the tick mark from the checkbox and click on Apply button.

Windows 7

  1. Click on the next tab – “Startup”.
  2. Find any blank or suspicious entry or the entry with Ransomnix Ransomware mentioned and remove the check mark.
  3. Click on Apply button and then click on OK.

Windows 10

  1. Click on the next tab – “Startup”.
  2. Take the mouse cursor to ‘Open task Manager‘ link and click on it.  This opens the Task Manager window.
  3. Find any blank or suspicious entry or the entry with Ransomnix Ransomware mentioned and click on it.
  4. Then click on Disable button.

 

STEP B – Remove Ransomnix Ransomware from the registry key.

 

  1. Type “Regedit” in search box / Run Box, select it and press Enter.
  2. An authorization dialog box will appear, then you just have to click “Yes”. (The dialog box appearance may vary depending on OS used. For Windows 10 the the dialog box looks like the first screenshot and for windows 7 it appears like the second screenshot)
  3. In the registry editor, take the backup of the current registry settings before making any changes in case you want to revert to old settings later. For this, Click on File option in the menu and select Export. Save the entry at a known location.
  4. From the Menu, Click Edit and Select Find.
  5. Enter Ransomnix Ransomware and click Ok in the search box.
  6. Select and delete suspicious  enteries.

 

STEP C – Remove the Services installed by Ransomnix Ransomware from the system using safe mode with command prompt.

 

Restart System using Safe mode with Command Prompt

Windows 7/ Vista/ XP

  1. Click on Windows icon present in the lower left corner of the computer screen.
  2. Select and click Restart.
  3. When the screen goes blank, keep tapping F8 key until you see the Advanced Boot Options window.
  4. With the help of arrow keys on keyboard, Select Safe Mode with Command Prompt from the list and press the Enter Key. The system will then restart to Safe Mode with Command Prompt.
  5. Click on the username and enter the password (if any).

Windows 10 / Windows 8

  1. Press and hold the Shift Key and simultaneously click on the windows icon present in the lower left corner of your computer screen.
  2. While the Shift key is still pressed click on the Power button and then click on Restart.
  3. Now select Troubleshoot → Advanced options → Startup Settings.
  4. When the Startup Settings screen appears which is the first screen to appear after restart, select and click on Enable Safe Mode with Command Prompt. The system will then restart to Safe Mode with Command Prompt.
  5. Click on the username and enter the password.

Once the system starts, ensure to use an account with administrative privilege to access Safe Mode with Command Prompt.

After the user enters admin credentials, Command prompt window is displayed wherein you are entitled to enter the below commands:

  1. Type the command “sc delete Ransomnix Ransomware” in the command prompt and press Enter.
  2. Type “exit” to exit the command prompt and restart the system in safe mode with command prompt.

 

STEP D – Restore the system Files And Settings Using System Restore.

 

Restore your system files and settings

Method 1 using Control Panel

  1. Click on the ‘Start’ button on the taskbar. This will open the Start menu.
  2. Click on the ‘Control Panel’ button in the Start menu. This will open the control panel window.
  3. In the Control Panel window, click on the ‘View by:’ button on the top right. Select the Large Icon option
  4. In the control Panel window click on the ‘Recovery Icon’. This will open a window that will ask ‘Restore the computer to an earlier point in time’.
  5. Click on the ‘Open system restore’ button. This will open the ‘system restore ’window where you need to click on the Next Button.
  6. Select the restore point that is prior the infiltration of Ransomnix Ransomware. After doing that, click Next.
  7. This will open the ‘Confirm your restore point’ dialog box. Click on Finish button. This will restore your system to a previous restore point before your system was infected by Ransomnix Ransomware.

Method 2 using Command Prompt

  1. Type cmd in the search box and click on the command prompt to open the Command Prompt window. box and clicking on it.
  2. Once the Command Prompt window shows up, enter cd restore and click Enter.(Ensure that you in the system32 directory of Windows folder in C Drive)
  3. Now type rstrui and press Enter again.
  4. When a new window shows up, click Next and select your restore point that is prior the infiltration of Ransomnix Ransomware. After doing that, click Next.
  5. This will open the ‘Confirm your restore point’ dialog box. Click on Finish button. This will restore your system to a previous restore point before your system was infected by Ransomnix Ransomware.

 

Method 3 : Directly type 'rstrui' in the search box

  1. Type ‘Rstrui’ in the search box present on the task bar. This will open the System restore dialog box.

Continue to follow steps 4 & 5 of Method 2 to restore the System Files and settings.

 

Tips to prevent your computer system from getting infected

  1. Keeping the Operating System Updated- In order to remain protected and avoid such infections, it is recommended to keep your Operating System updated by enabling the automatic update on your system. The systems with outdated or older versions of Operating System become an easy target for the attackers.
  2. Resist clicking on spam emails – One of the major techniques used for malware distribution is forwarding spam emails to the user. The system gets infected as soon as the user clicks on the attachment. These mails appear to be genuine, so be aware and resist falling for these tricks.
  3. Keep an eye on third party installations- It is quite important that you take due care while installing any third party applications for they are major source of such infections. Such malware programs come bundled with the free applications thereby requiring the user to remain cautious.
  4. Regular periodical backup- In order to keep your data and files safe, it is recommended to take regular back up of all your data and files either on an external drive or cloud.
  5. Use Anti-Virus Protection- We strongly recommend the use of antivirus protection/internet security in your PC like Kaspersky and Sophos so that it remains safe.
  6. Enable the Ad Blocker/Popup Blocker in your browser- Enabling the popup blocker/ ad blocker in your chosen browser will help you to stay protected from annoying adware.

Hits: 267

Leave a Reply

Your email address will not be published. Required fields are marked *

Did you find the article informative? Yes NO

Get Regular Updates Related to All the Threats

Want to stay informed about the latest threats & malware? Sign up for our newsletter & learn how to get rid of all types of threats from your computer.

Virus Removal Guidelines
Plot No 319, Nandpuri- B Pratap Nagar
Jaipur
Rajasthan 302033
Phone: +91 9799661866