Home / Spyware Help / Roshalock Ransomware Removal Guide

Roshalock Ransomware Removal Guide

by 0 Comments

Do you know what Roshalock Ransomware is?

Roshalock Ransomware is a computer infection that was first seen in February of 2017. Since then it has been updated, and we have received information that there is a Roshalock Ransomware 2.0 version. This ransomware is unique because unlike traditional ransomware that encrypts files, this one puts them into file archives with a password. Nevertheless, you ought to remove it because the cyber crooks that made this ransomware want you to pay money for the password, and there is no telling whether you will receive it once you have paid.

Our malware analysts say that the creators might distribute this ransomware using email spam. They might have set up a dedicated server that sends email spam to random or preselected email addresses in the hopes of infecting as many unwary users as possible. The emails can look legitimate and appear as if they have come from real well-known companies. Cybercrooks often try to make the emails look like invoices, receipts or some sort of business correspondence that feature attached files that infect your PC with ransomware when they are opened. However, there is no concrete evidence to suggest that Roshalock Ransomware, in particular, is distributed in this manner. What we do know for a fact is that this ransomware is distributed as an Excel file repair program, but nothing is known about the sites on which it is supposed to be featured on.

Our malware analysts have tested this application, and they were surprised to find out that this program does not actually encrypt files. Research has shown that this ransomware takes most of your files and puts them in file archives All_Your_Documents.rar and paces them in [%HOMEDRIVE%]:\All_Your_Documents\All_Your_Documents.rar. It can do that to a total of 2634 different file types. Therefore, it will affect nearly all of your files. However, some file might remain untouched as this the cyber crooks want you to use the computer still to pay the ransom. In any case, the program puts a password on the zipped files, and you have to get that password to unzip them.

Once the process of putting the files in file archives is complete, this ransomware will drop a ransom note named All Your Files in Archive! .txt. This ransom note is in - English, German, French, Spanish, and Italian which means that it has a widespread net of dissemination. The note states that you need to download WinRAR and TOR browser. The TOR browser is needed to make the payment, and we have received information that the ransom payment is set to increase by 0.05 BTC or 52.95 USD each day if you fail to make the ransom payment within three days. Researchers say that there is no information that would suggest that the cyber criminals keep their word and send you the password.

Protecting your PC from potential security threats is vital because programs such as Roshalock Ransomware can enter your computer by stealth and cause irreparable damage. We hope that you found this article useful and are now ready to remove this malware. We suggest you use SpyHunter to detect Roshalock Ransomware because it can be dropped in a hidden location. Furthermore, its main executable can be named randomly. Please see the instructions below for more information.

Removal Instructions

  1. Go to http://www.spyware-techie.com/download-sph
  2. Download SpyHunter-Installer.exe.
  3. Install the program and run it.
  4. Click Scan Computer Now!
  5. Copy the file path of the malware from the scan results.
  6. Press Windows+E keys.
  7. Enter the file path of the malware in File Explorer’s address box.
  8. Press Enter.
  9. Locate, right-click the malicious file and click Delete.
  10. Empty the Recycle Bin.

In non-techie terms:

Roshalock Ransomware is one highly malicious application that can put your files in an archive and put a password on it so that you would not be able to access them. The developers want you to pay a ransom for the password, but there is no guarantee that you will get it once you have paid. Therefore, it is paramount that you remove this program to reestablish your computer’s security.