Better_call_saul Ransomware Removal Guide

Do you know what Better_call_saul Ransomware is?

If your computer has been attacked by Better_call_saul Ransomware, you need to make peace with the thought that you may lose all your personal files and never use them again; unless, of course, you have backups on an external flash drive or HDD. This is a vicious Trojan malware infection that may infiltrate your computer without your knowledge and encrypt your files in a very short time. Obviously, this ransomware targets the files that may be of value to you, such as images, videos, documents, archives, and program files. This is the only way for the cyber criminals who created this dangerous infection to make you pay for their “release.” Once the encryption is done, you will be informed about the next step. We must warn you that research shows that ransomware creators rarely take their promises seriously. This means that even if you decide to pay the ransom fee, it is likely that you will not get anything in return. One thing is for sure, though, you should remove Better_call_saul Ransomware as soon as it “sets foot” on your computer.

According to our researchers, who examined this obnoxious Trojan ransomware in our internal lab, this infection is mostly distributed through spam e-mails. These e-mails have a Word document attached. If you click on this attachment, this Trojan will drop onto your machine. Other ransomware infections may use videos and image files. But it is also possible that simply opening a malicious e-mail can trigger a Trojan to drop. Therefore, we suggest that you be very careful while skimming through your inbox mails. You should know that these infections may also disguise the sender of the spam as someone you may know or any official institutions in order to trick you into opening it. But once this Trojan touches ground on your computer, there is no way back. Even if you remove Better_call_saul Ransomware right away, you may lose the access to your files anyway; and all this because of one click on the wrong e-mail and the wrong attachment. Hopefully, you understand the importance of being prudent when it comes to opening e-mails.Better_call_saul Ransomware Removal GuideBetter_call_saul Ransomware screenshot
Scroll down for full removal instructions

There is really short time between the moment this Trojan hits your system and the end of the encryption. As a matter of fact, our researchers say that it may only take just a few seconds. This ransomware seems to use the RSA-3072 algorithm to encrypt your files that include jpg, jpeg, jpe, bmp, png, tif, tiff, tga, avi, mkv, mov, mp4, wmv, 3gp, mpg, mpeg, m4v, divx, flv, xls, xlsx, docx, doc, dotx, djvu, htm, html, shtml, shtm, asp, aspx, cs, css, psd, 3ds, ai, xsl, jsp, raw, bin, mp3, wav, zip, 7z, rar, tar, php, sql, java, and so on. As you can see, all your photos, videos, music files, documents, archives, and program files are targeted. The loss will be huge if you do not have copies of these files somewhere on an external drive. You may think that a cloud storage place on the web could be the solution, but we must remind you that some ransomware infections can even access those files through your computer.

It is quite obvious which of your files have got encrypted because all of them will have a ".better_call_saul" extension, e.g., image.jpg will become image.jpg.better_call_saul. When the job is done, this ransomware ends your explorer.exe main process so you cannot start up any programs easily, and it displays its ransom note on your screen. This note is in two languages: Russian and English. It does not contain any details about what you are supposed to do to get your files back. In fact, you are simply informed about the encryption and that you need to read one of the many “readme” files that you can find most probably in every affected folder, just in case. This file tells you that you have to send an e-mail to either or with the personal code given. If you do not get a reply within two days, you are also given another choice, which involves accessing a website through the Tor browser. In these cases the usual amount is a few hundred dollars, which can reach thousands of dollars, of course, when companies are targeted. Unfortunately, paying this fee is a very risky thing because there is no guarantee that these criminals will really send you the decryption key. In fact, it is more likely that you will waste this money for nothing. But then again we cannot tell you what to do because you may feel that paying these criminals can get your files back. However you decide you should know that regardless of this you need to remove Better_call_saul Ransomware ASAP. Otherwise, your computer will be useless, not to mention that this Trojan may also slow down your internet connection.

Finally, let us give you a helping hand and a solution for eliminating this ugly threat. Obviously, such a dangerous Trojan ransomware has no uninstaller to run through Control Panel. But since this infection does not really lock your screen and your executable files apart from killing the explorer.exe process, you do not even need to restart your machine in Safe Mode. Please follow our instructions below carefully to delete Better_call_saul Ransomware. If you want to feel really safe, we advise you to consider using a trustworthy malware removal tool that will protect your computer from all existing malware infections.

Better_call_saul Ransomware Removal from Windows

  1. Tap Win+R and enter explorer.exe. Press OK.
  2. Tap Win+E to launch File Explorer.
  3. Locate the %Temp% and Downloads folders, and remove all suspicious files and MS Word files (random file names).
  4. Delete csrss.exe in these folders (depending on your system):
    %ALLUSERSPROFILE%\Application Data\Microsoft\Windows
  5. Empty your Recycle Bin.
  6. Reboot your system.

In non-techie terms:

Better_call_saul Ransomware is a dangerous malware infection that is categorized as a Trojan ransomware. This infection can slither onto your computer in a spam e-mail as a Word document attachment. Once you open this document, you trigger this Trojan, which in turn will encrypt your major files on your computer with an impossible-to-decipher encrypting algorithm (RSA-3072). When it has finished with your files, it ends the explorer.exe main system process and displays a warning message. You have to send an e-mail to these criminals with a unique code in order to get further instructions as to the payment method, etc. Since it is possible that you will not get the private key to decrypt your files, it is really up to you how you proceed. There is one thing that is important for you to know: You should delete Better_call_saul Ransomware right now to stop further infections. If you prefer an automated solution, we suggest that you download and install a professional security tool.