What is Azer ransomware? And how does it work?
Azer ransomware is a file-encrypting Trojan virus that was first discovered in early June 2017. This malware is another variant of the CrytMix ransomware which is a famous ransomware. It encrypts the targeted files using a strong encryption algorithm. Nit appends the string “-email-[E-MAIL].AZER”. it then drops its ransom note named _INTERESTING_INFORMATION_FOR_DECRYPT.txt on your desktop containing the following message:
“All you files encrypted
For decrypt write to email:
You ID – [RANDOM CHRACTERS]”
As you can see, the email addresses it mentioned on its ransom note is quite similar to the ones used in the Donald Trampo ransomware which makes it clearer that the cyber criminals who developed Donald Trampo ransomware are the very same ones who created Azer ransomware.
How does Azer ransomware spread?
Azer ransomware, just like other ransomware spreads using spam emails that are sent out with infected attachments in the form of macro-enabled Microsoft documents. These macro-enabled documents are used to carry out the malware’s attack and connect the now infected computer with the malware’s Command & Control server. To prevent ransomware infections like Azer, be sure to always keep your system updated as well as your antivirus programs and it would also help a lot if you always create backup copies of your important files.
Step 3: Open the Windows Task Manager by pressing Ctrl + Shift + Esc at the same time. Proceed to the Processes tab and look for any suspicious processes that can be related to the Azer Ransomware.
Right-click on the processes, then click Open File Location and scan them using a powerful and trusted antivirus like SpyRemover Pro. After opening their folders, end their processes and delete their folders. If the virus scanner fails to detect something that you know is suspicious, don’t hesitate to delete it.
Step 4: Open Control Panel by pressing Start key + R to launch Run and type appwiz.cpl in the search box and click OK.
Look for Azer ransomware or any suspicious program and then Uninstall.
Step 5: Hold down Windows + E keys simultaneously to open File Explorer.
Step 6: Go to the directories listed below and delete everything in it. Or other directories you might have saved the file related to Azer ransomware.
Step 7: Look for BC0EBCF2F2.exe and the ransom note, (“_INTERESTING_INFORMACION_FOR_DECRYPT.TXT and other suspicious files created by Azer ransomware.
The next step below is not recommended for you if you don’t know how to navigate the Registry Editor. Making registry changes can highly impact your computer. So it is highly advised to use PC Cleaner Pro instead to get rid of the entries that Azer ransomware created. So if you are not familiar with the Windows Registry skip to Step 12 onwards.
However, if you are well-versed in making registry adjustments, then you can proceed to step 8.
Step 8: Open the Registry Editor, to do so, tap Win + R and type in regedit and then press enter.
Step 9: Navigate to the path below:
Step 10: Look for suspicious registry entries and delete them.
Step 11: Close the Registry Editor.
Step 12: Empty the Recycle Bin.
Step 13: TRY to decrypt your encrypted files using the Windows Previous Versions feature.
Keep in mind that decrypting your encrypted files using Windows’ Previous Versions feature will only be effective if Azer ransomware hasn’t deleted their shadow copies. But still, this is one of the safest and free methods there is, so it’s definitely worth a shot.
To restore the encrypted file, right-click on it and select Properties, a new window will pop-up, then proceed to Previous Versions. It will load the file’s previous version before it was modified. After it loads, select any of the previous versions displayed on the list like the one in the illustration below. And then click the Restore button.
Follow the continued advanced steps below to ensure the removal of the Azer ransomware:
Perform a full system scan using SpyRemover Pro. To do so, follow these steps:
- Turn on your computer. If it’s already on, you have to reboot
- After that, the BIOS screen will be displayed, but if Windows pops up instead, reboot your computer and try again. Once you’re on the BIOS screen, repeat pressing F8, by doing so the Advanced Option shows up.
- To navigate the Advanced Option use the arrow keys and select Safe Mode with Networking then hit
- Windows will now load the Safe Mode with Networking.
- Press and hold both R key and Windows key.
- If done correctly, the Windows Run Box will show up.
- Type in explorer http://www.fixmypcfree.com/install/spyremoverpro
A single space must be in between explorer and http. Click OK.
- A dialog box will be displayed by Internet Explorer. Click Run to begin downloading SpyRemover Pro. Installation will start automatically once download is done.
- After all the infections are identified, click REMOVE ALL.
- Register SpyRemover Pro to protect your computer from future threats.