How to remove Spider ransomware and decrypt .spider files (Uninstall guide)
How to remove Spider ransomware and decrypt .spider files
File Spider ransomware. How to remove? (Uninstall guide)
What is Spider ransomware?
File Spider ransomware targets victims from Balkans
Uočeno je širenje ransomvera pod nazivom “Spider”.
Ransomver virusi zaključavaju korisničke datoteke, nakon čega je potrebno uplatiti otkupninu u nekoj kriptovaluti kako bi se računalo otključalo. Nakon zaključavanja, virus mijenja ekstenzije datoteka na.spider.
Virus je prvi put uočen 10. prosinca 2017. godine.
Trenutačno ne postoji više tehničkih detalja o tom virusu, ali se pretpostavlja da je u pitanju lokalizirana varijanta “HiddenTear” ransomvera.
Virus je namijenjen našem tržištu i širi se preko adrese office[@]adriadoo [dot] com.
Nemojte otvarati linkove i datoteke koje su poslane e-mailom s te adrese.
E-mailovi su na srpskom jeziku. Naslov je u obliku “Potraživanje dugovanja - XXXXXXXXX”, a u samoj poruci korisnika se obaviještava da ima dugovanja kod lokalne banke.
Virus koristi imena legitimnih banaka. Varijanta koja se pojavila u BiH zahtijeva naplatu dugovanja na osnovi odluke Okružnog gospodarskog suda u Banjoj Luci i od korisnika zahtijeva da uplati određeni iznos na račun u Raiffeisen Banku - Bosna i Hercegovina.
Sve primijećene varijante potpisuje “privatni izvršitelj Ivan Azeljković”.
Primijećeno je više infekcija koje pogađaju kibernetički prostor BiH, Hrvatske i Srbije.
Ako dobijete e-mail s gore navedene adrese, preporučujemo vam Nemojte otvarati linkove i datoteke koje su poslane e-mailom s te adrese
Do sada smo uspješno vratili podatke zaražene .spider virusom sa više od 10 računala.
Izgled dopisa (ovo je samo slika):
Spider ransomware – is a new dangerous virus, that is spreading the infection quite rapidly. Ransomware is a form of malicious software from cryptovirology that blocks all the personal files on your computer and makes it unreadable. First Spider infiltrates your system, then starts encrypting procedure with AES-128 + RSA-2048 encryption algorithm. This ransomware adds .spider file extension to the name of all the encrypted data. For example, photo.jpg file turns into photo.jpg.spider file. In this article you can learn how to remove Spider ransomware and decrypt .spider files.
It is vital to keep your PC protected as there are a lot of ransomware viruses in the internet. You may protect your PC with HitmanPro.Alert’s CryptoGuard, find the link in the end of this article.
Once data on your computer is encrypted, Spider will drop HOW TO DECRYPT FILES.url on the desktop. If you open it, it will run your default browser and display video. You can find demands and instruction on how to pay the ransom for decryption key in this video. Spider ransomware is a serious threat to your PC, that’s why you need to remove Spider ransomware immediately.
This is what Spider introduction contains:
YOUR PC HAS BEEN INFECTED WITH FILE SPIDER VIRUS
As you may have already noticed, all your important files are encrypted and you no longer have access to them. A unique key has been generated specifically for this PC and two very strong encryption algorithm was applied in that process. Original content of your files are wiped and overwritten with encrypted data so it cannot be recovered using any conventional data recovery tool.
The good news is that there is still a chance to recover your files, you just need to have the right key.
To obtain the key, visit our website from the menu above. You have to be fast, after 96 hours the key will be blocked and all your files will remain permanently encrypted since no one will be able to recover them without the key!
Remember, do not try anything stupid, the program has several security measures to delete all your files and cause the damage to your PC.
To avoid any misunderstanding, please read Help section.
YOUR PC HAS BEEN INFECTED WITH FILE SPIDER VIRUS
THIS WILL DECRYPT YOUR FILES
To visit our website you need to install a special web browser named Tor Browser. Be aware, our website is reachable only via Tor Browser and if you try to visit it using any other browser eg. Google Chrome, it wont work! Tor Browser can be downloaded from its official website listed below. Use newly installed browser to visit our website address. On our website there is a online tool that can generate decryption key using your ID Code, use that tool and you will get the key needed to decrypt your files. Also, you will be asked to make a payment for your Decryption Key, you will need a Bitcoins for that. More about bitcoins read in Help section. After you get your key, select Decrypter from menu and follow the instructions provided on that page.
This all may seem complicated to you, actually it’s really easy. A link to Video Tutorial with live demonstration can be found inside Help Section. Good Luck!
Our Website Address: [xxxx://spiderwjzbmsmu7y.onion/] Download Tor Browser
THIS WILL DECRYPT YOUR FILES
During encryption process a unique key has been generated, used to encrypt your files, and then destoyed. To decrypt your files you need that key. We call that key a Decryption Key. You can not use the key from other PC, it wont work, you need a key coresponding to your PC. Your Decryption Key, required for decryption process, can be generated only from something that we call a ID Code, you will find that code below.
This is your ID Code, copy it carefully.
THIS WILL DECRYPT YOUR FILES
Enter your Decryption Key and click Start Decrypting, seat back and relax, in few minutes you will have full access to all your files!
[ … ]
0 Files decrypted. [Start Decrypting]
Spider is a typical ransomware, its main purpose is to force you to pay them. After finishing encrypting process, the ransomware will state that there are no ways to recover your files but to pay ransom. Cyber criminals demand ransom in BitCoins. Once you’ve done payment, they are suppose to send you decryption key. But you should know that cyber criminals are not going to give you a decryption key. Mostly they are just ignoring their victims. That’s why there is no need to contact them, it wouldn’t help. Still, Spider ransomware does very complicated encryption, but it does not damage, move or delete your files, which means you have chance to restore your personal data, but for now you should focus on removing Spider ransomware.
How to remove Spider ransomware from your computer and restore files?
You need to decrypt your files, but you should know that it is impossible without removing the virus from your computer. In order to remove Spider ransomware you need a proper and reliable anti-malware program. This anti-ransomware removal tool is able to detect and remove Spider ransomware from your computer. Newly advanced ransomware detection technology is able to run an instant ransomware scan, which is perfect to protect your computer in case of a new ransomware attack.
How to decrypt .spider files encrypted by Spider?
Once you’ve removed virus, you are probably thinking of recovering files from encryption. Let’s take a look at possible ways of decrypting your data.
Decrypt .spider files with automated decryption tools
Unfortunately, due to novelty of Spider ransomware, there are no available automatic decryptors for this virus yet. Still, there is no need to invest in malicious scheme by paying ransom. You are able to recover files manually.
Decrypt .spider files manually
You can try to use one of these methods in order to restore your encrypted data manually.
Restore data with Windows Previous Versions
This feature is working on Windows Vista (not Home version), Windows 7 and later versions. Windows saves copies of files and folders which you can use to restore data on your computer. In order to restore data from Windows Backup, take following steps:
Open My Computer and search for the folders you want to restore;
Right-click on the folder and choose Restore previous versions option;
The option will show you the list of all the previous copies of the folder;
Select restore date and the option you need: Open, Copy and Restore.
Restore the system with System Restore
You can always try to use System Restore in order to roll back your system to its condition before infection infiltration. All the Windows versions include this option.
Type restore in the Search tool;
Click on the result;
Choose restore point before the infection infiltration;
Follow the on-screen instructions.
Restore data with Shadow Explorer
Shadow Explorer is an application that is able to provide you with Shadow Copies created by the Windows Volume Shadow Copy Service.
Once you’ve downloaded this application, open a folder with it;
Right-click on the file ShadowExplorer-0.9-portable and choose Extract all option;
Look at the left corner, there you can choose desired hard drive and latest restore option;
On the right side you can see the list of files. Choose any file, right-click on it and select Export option.
Restore data with Recuva
Recuva is a data recovery program for Windows, developed by Piriform. It is able to recover files that have been “permanently” deleted and marked by the operating system as free space.
Once you’ve downloaded and installed this application, start it in Wizard mode: choose the Options button and then select Run Wizard;
You will see Welcome to the Recuva Wizard page, choose Next;
Open the File Type page and choose the type of data you need to recover, after select Next. If you don’t know what kind of data you are looking for, choose Other option;
Choose the location of a search in the File Location window;
In the Thank you window, select Start. After finishing searching process, Recuva will show you the results of search;
Before recovering of the data, choose the Check Boxes near the file. You can see three types of colored dots. Green dot means that your chance to restore file is excellent. Orange one – chance to restore file is acceptable. And the red one shows you that it’s unlikely to happen;
Select Recover option and choose the directory of the restored data.
How to protect PC from Spider?
It’s pretty difficult task to get rid of any ransomware, including Spider. But you can easily prevent any infection of your PC. HitmanPro.Alert’s CryptoGuard can help you with this problem. It’s one of the best anti-ransomware applications. No matter how sneaky it is, HitmanPro.Alert’s CryptoGuard will stop Spider infiltration to your system. After detection, this program removes all the related to the ransomware data and prevents your file from being encrypted.