The Essential Info About ATLAS ransomware?
Malware Researcher Marcelo Rivero discovered ATLAS ransomware, a variant of CHIP file encoder virus, in the loose few days before. It is literally programmed to add '.ATLAS' suffix to the encoded files. For instance, weddings.mp4 file will be transcoded as weddings.mp4.ATLAS. The ransomware drops ATLAS_FILES.txt on your desktop and inside folders having encoded files. This file is called as ransom note which displays information on how to get back files and how to contact hackers. According to the ransom note you need to contact email@example.com, firstname.lastname@example.org or email@example.com in order to get private key. Even the ransom note warn victims as “Attention: DO NOT USE ANY PUBLIC DECRYPTERS!”. However, you should just ignore its warning because Public Decryptor released by AV vendors are always safe to use.
Remember that ATLAS ransomware uses a custom RSA cipher to encode your files and generate unbreakable private and public keys. Thus, it will not be easy for retrieving your files, especially if you are a beginner (inexperienced PC user). But to get private key, you will have to pay off ransom 0.5 to 1.5 BTC which is not safe at all. While making payment of ransom, hacker may collect your online banking credential and access your account without your knowledge. Further you know that hackers always steals money or misuse account for cyber crime. Thus, you are not encouraged to pay ransom to the ATLAS ransomware developers instead you should use alternative options to bring your encoded files back to life.
How ATLAS ransomware Sneaks in Your System
- Bundles with freeware third party application.
- Through double clicking spam email attachments.
- Using infected media drives like Pendrive, Flash drive, SD cards etc.
- Due to sharing/downloading files via peer to peer networks.
- Visiting unsafe sites and clicking frauds.
Therefore, if you wish to safeguard your computer then it is essential to keep your Antivirus software updated to latest update and licensed always. Since, demo or trial versions are not capable of providing real time protection against threats like ATLAS ransomware. Even, you know how the ransomware invades your computer, so be careful. Next, follow the guideline and remove ATLAS ransomware from your computer instantly.
Manual ATLAS ransomware Removal From Compromised PC
Method 1: Boot Your Infected PC in Safe Mode
Press “Start”, type “msconfig” and hit “Enter” key.
Select “Boot” tab and check “Safe boot” option and then click on “OK” button.
Method 2: Remove ATLAS ransomware By Showing All Hidden Files and Folders
Click on “Start” button and go to “Control Panel”.
Select “Appearance and Personalization” option.
Tap on “Folder Options” and select “View” tab.
Choose “Show hidden files, folders and drivers” option. Then, click on “Apply” and “OK” button.
Now, find malicious files and folders created by ATLAS ransomware and delete them from the system immediately.
Method 3: Clean ATLAS ransomware Related Hosts File
Click on “Start” and type “%windir%/system32/Drivers/etc/hosts”.
Open “hosts” file with Notepad.
This file must contain the IP addresses of ATLAS ransomware that you can identify on the word “localhost”.
Method 4: Eliminate Harmful Entries of ATLAS ransomware From Registry Editor
Press “Win+R” keys simultaneously.
Type “regedit.exe” and hit “Enter” button.
Then after, clean startup folder: “HKLM\Software\Microsoft\Windows\Current version\Run”.
Method 5: Remove ATLAS ransomware Related Startup Items
Press “Start” and type “msconfig” then hit “Enter” button.
Choose “Startup” tab and uncheck all the suspicious items which is associated with ATLAS ransomware.
Important: Now, you can recover your system files after ATLAS ransomware removal. Information about the file restoration methods given below in this article.
Delete ATLAS ransomware By Using PC Threats Scanner
Manual removal of ATLAS ransomware requires interference with the computer files and registries. Hence, it can cause unexpected damages onto your machine. Even if your PC skills are not in a professional level, then don’t worry! You can do the ransomware removal yourself just in few minutes by using PC threats scanner.
How To Retrieve Encrypted Data & Files After Removing ATLAS ransomware
As it was stated in the ransom message, the users files and data cannot be decoded without a decryption key. The hackers insist on paying ransom money, focusing your attention and then trying to display the futility of attempts. In fact, without paying ransom fee to the ATLAS ransomware developers, users can recover their data in several ways. You need to delete the ransomware virus completely from your system and then go for the data recovery procedure. The first and most easy way to retrieve encrypted data is to use the backup. If you have a check-point, then setup at least 2 or 3 days before you get the ATLAS ransomware infection.
Step 1: Recover Files From Windows Backup
Click on “Start” and go to “Control Panel”.
Tap “System and Security” and select “Backup and Restore” option.
Choose “Restore files from backup” and specify the check-point to restore.
Step 2: Use Shadow Explorer To Retrieve Files Encrypted by ATLAS ransomware
If you don’t have the habit of creating backups, then you should use the Shadow Explorer utility. During the encryption process, the ATLAS ransomware creates an encrypted copies of the system files and delete the original data. In this kind of situation, you can use shadow copies to recover files and data.
Step 3: Restore Encrypted Data by ATLAS ransomware Using Data Recovery Software
In few cases, the nasty ransomware threats also delete the shadow volume copies of the data. Therefore, in such circumstances, you can download the data recovery software recommended below in this article that may help you to retrieve some of your data and files.