Ransomware Removal Guide

Do you know what Ransomware is?

As you can guess it from the dropped ransom note, Ransomware is a malicious application targeted at users who speak the Portuguese language. The malware is programmed to encrypt the victim’s most valuable data placed on the computer. Because of this, the files become unusable and to restore them the infection’s creators offer to purchase decryption tools. Unfortunately, the tools are quite expensive, and the worst part is that you get no guarantees whether the malicious program’s creators will send them. Clearly, this option is rather risky, and if the requested sum is not an amount of money you could easily throw away, we would advise you not to take any chances. Also, to help users eliminate Ransomware we are placing a removal guide just below the text.

Currently, our researchers are still not sure how users might download the malware’s installer, but the most popular way to spread such threats is to send an executable file through email. If you recall downloading any suspicious attachments, you should not forget how they were named and where they were saved, because if you decide to erase the threat, the executable file will have to be deleted. It does not matter if the attachment looked like a text document, picture, video, etc. because the malicious file could have been made to look this way, so you would identify it as harmless. In the future, we would advise you to acquire reliable antimalware software because then you could scan any suspicious data before opening it and protect the computer from malware.

Once the infected executable file is launched Ransomware should immediately start encrypting user’s data. The targeted files could be your photographs, images, videos, songs, text documents, etc. After your data gets enciphered with the AES-256 cryptosystem, you can easily recognize damaged files since they should be marked with .BLOQUEADO extension. For example, an enciphered text document could look like document.docx.BLOQUEADO. Shortly after the encryption is finished the malicious application is supposed to drop a document named as -[AVISO-IMPORTANTE]-.txt. It should contain a message from the infection’s developers and, as it was mentioned at the beginning, the text is in the Portuguese Ransomware Removal Ransomware screenshot
Scroll down for full removal instructions

According to the ransom note, users are supposed to transfer the payment to a particular Bitcoin account. To scare you into paying the ransom Ransomware’s creators may threaten to damage your files in a way they would become not recoverable. Strangely the note does not say when this could happen and what might be the time limit to transfer the ransom. As for the provided email address, the text note states that users are supposed to use it to contact the malware’s creators only after they make the payment. Obviously, the threat about further damaging user's data could be a scare tactic to convince the victims to pay, but even if you are willing to meet the demands, there is no way to ensure the decryption tool’s delivery.

There were cases with other similar malicious applications when users paid the ransom, but their developers did not bother to send the decryption device. Thus, you have to consider the option very well, before making a decision. If there is any chance to recover some of your data from copies, our researchers recommend simply removing the malware. For that purpose, they prepared a removal guide, which should help you eliminate Ransomware manually. The infection can be deleted with a reliable antimalware tool as well, so if the manual deletion seems rather complicated simply install antimalware software and let it deal with the threat.

Remove Ransomware

  1. Open the Explorer and navigate to such locations like Downloads, Desktop, Temporary Files, etc.
  2. Search for the malicious executable file that was downloaded and launched before the computer got infected.
  3. Select this file, then click Shift+Delete to erase it permanently.
  4. Locate the ransom note and erase it by pressing Shift+Delete as well.

In non-techie terms: Ransomware is one of the malicious programs created to extort money from users who understand the Portuguese language. According to the research, the threat should encipher user’s data and add a particular extension to it. Sadly, after the encryption the damaged data becomes unusable. Still, we do not advise users to pay the requested ransom. Clearly, the malware’s creators can easily take the money without even sending the decryption tool. In such case, you could lose the transferred money for no reason. If it seems like a bad idea to you too, we recommend erasing the infection with instructions placed above or with antimalware software you trust.