sos@decryptfiles.com or zuza@protonmail.com are texts seen added to the extension part of files that have been encrypted by a ransomware. A ransomware is a malicious software that takes your files as hostages, demanding you to pay a ransom if you want them back.
Files’ extensions are renamed as follows: [FILENAME].[EXTENSION]id-[ID]_email1_sos@decryptfiles.com_email2_zuza@protonmail.com_BitMessage_BM-[ID]
This is actually a new version of a previous ransomware going by the name of fud@india.com, that was seen for the first time at the beginning of 2015. This is the ransom message shown:
As you probably suspect, the one sending the message is also the one who created the ransomware.
Your chances at getting back your files are pretty low. You can try using Shadow Explorer, program that will attempt to recover them from a Windows backup (giving the such option was selected before the infection took place). However, ransomware like sos@decryptfiles.com usually erase all backup files.
Brute force methods to remove the encryption, fail in 99.99% of the cases.
Nevertheless, you must remove sos@decryptfiles.com from your computer before you try any method to recover your files. To achieve this goal, you can use the free tools provided in the guide presented below (Remember: you don’t have to pay anything at all to remove the ransomware).
Finally, a piece of advice: If you want to avoid this kind of problem, be very careful with what you download from the internet, and don’t trust attachments coming from people you don’t know. You can also protect yourself by using Hitman.Alert.3 a free tool including ransomware protection.
View full solution
View Comments (1)
The thing now is how to recover the files, neither works Shadow explorer o Recuva. Any idea??