Executioner (CELLAT) Ransomware is another ransom virus that was made to generate profit by encrypting targeted files on the computer. The attacker is using a complex algorithm that requires a combination code to successfully recover affected files.
Executioner and nearly all virus of the same kind are distributed in a number of ways. Primarily, it is attached to email with enticing contents. Drive-by-download websites, software bundles, and malicious links are also some other channels to deploy Executioner (CELLAT) Ransomware.
Once it enters the computer, Executioner (CELLAT) malware encrypts certain files making it unusable. After this process, this virus will create a text file Sifre_Coz_Talimat.html containing instructions on the recovery procedures. It may contain contact email address, procedures, and amount to be paid to obtain the code. Without this code, it is impossible for victims to recover and decrypt infected files.
As discovered and tweeted by @malwarehunterteam, this ransomware will modify file extension to all encrypted files. In order for victims to recover these files, they must have a decryption key, which attacker will provide after making payments. Attacker will demand US $150 or approximately 0.05 Botcoins.
As you can see, threats like these are very much avoidable. All you need is an efficient security application that can guard your internet traffic against malicious attacks. Anti-virus and anti-malware applications may also decease execution of any harmful files, thus, it can prevent the execution of malware like Executioner (CELLAT) Ransomware.
How to Remove Executioner (CELLAT) Ransomware
Ransomware files are placed deeply into the system and on various locations, thus, thorough scanning is vital to totally remove Executioner (CELLAT) Ransomware virus. Aside from our suggested tool, you may also run your own security program.
Though affected files may be impossible to decrypt due to complexity of the encryption, you can still try recovery method like Shadow Explorer or Previous Version as described below.
Stage 1: Scan the Computer with ESET Rogue Application Remover (ERAR)
1. Download the free scanner called ESET Rogue Application Remover.
Download Link for ERAR (this will open a new window)
2. Choose appropriate version for your Windows System. Save the file to a convenient location, preferably on Desktop.
3. After downloading the file, Windows will prompt that download has completed. Click Run to start the program. Another option is to browse the location folder and double click on the file ERARemover_.exe.
4. On ESET Rogue Application Remover SOFTWARE LICENSE TERMS, click Accept to continue.
5. The tool will start scanning the computer. It will prompt when it finds Executioner (CELLAT) Ransomware virus and other malicious entities. Follow the prompt to proceed with the removal.
Stage 2: Double-check for Executioner (CELLAT) Ransomware’s leftover with Microsoft’s Malicious Software Removal Tool
1. Download the free scanner called Malicious Software Removal Tool.
Malicious Software Removal Tool Download Link (this will open a new window)
2. The tool automatically checks the operating system and suggest appropriate download version. Click on Download button to begin. Save the file to a convenient location, preferably on Desktop.
3. After downloading the file, Windows will prompt that download has completed. Click Run to start scanning for Executioner (CELLAT) Ransomware. Another option is to browse the location folder and double click on the file to run.
4. The tool will display Welcome screen, click Next. Please note the message “This tool is not a replacement for an antivirus product.” You must understand that this program is made specifically to find and remove malware, viruses, Trojans, and other harmful elements on the computer. It was not designed to protect the computer.
5. Next, you will see Scan Type. Please choose Full Scan to ensure that all Executioner (CELLAT) Ransomware virus entities and other harmful files left on the computer will be found and removed. For advanced computer user, you can opt for Customized Scan, if there are other drives or folders you wanted to include in this scan.
6. Full scan may take a while, please wait for Malicious Software Removal Tool to complete the tasks. However, you may cancel the scan anytime by clicking on the Cancel button.
7. After scanning, the tool will reveal all identified threats. There may be other threats that our first scan fails to detect. Please remove/delete all detected items.
8. When removal procedure is complete, you may now close Malicious Software Removal Tool. We hope that Executioner (CELLAT) Ransomware have been completely deleted from the computer. Please restart Windows to proceed with the normal operation.
Stage 3 : Unlocking files with Executioner (CELLAT) Decryptor
Tools that may decrypt files infected by Executioner is not yet available at this time. We will update this section once the tool is on hand. In the meantime, please try the options below.
Option 1: Windows Previous Version Tool
Windows Vista and Windows 7 have a feature called Previous Versions. However, this tool is only usable if restore point was made prior to Executioner (CELLAT) Ransomware virus infection. To use this tool and recover files affected by the virus, please follow these steps:
1. Open My Computer or Windows Explorer.
2. Right-click on the affected files or folders. From the drop-down list, please click on Restore previous versions.
3. New window will open display all backup copy of files and folders you wanted to recover. Choose the appropriate file and click on Open, Copy, or Restore. Restoring selected files overwrites the current encrypted files on the computer.
Option 2: Use ShadowExplorer to restore files encrypted by Executioner (CELLAT) Ransomware
Just like Previous Version tool, ShadowExplorer is taking advantage of shadow copy created by Windows. This tool allows you to retrieve older version of files before it was encrypted by Executioner (CELLAT) Ransomware.
1. Download ShadowExplorer from the official web site.
2. Install the program with the default settings.
3. The program should run automatically after installation. If not, double-click on ShadowExplorer icon.
4. You can see the drop-down list on top of the console. Please select proper drive and the most recent point-in-time shadow copies of files you wish to restore prior to Executioner (CELLAT) Ransomware infection.
5. Right-click on the Drive, Folder, or File you wish to restore and click Export…
6. Lastly, ShadowExplorer will prompt for location where you want to save the copy of recovered files.