Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


RansomNoteCleaner - Remove Ransom Notes Left Behind

  • Please log in to reply
63 replies to this topic

#61 Demonslay335


    Ransomware Hunter

  • Topic Starter

  • Security Colleague
  • 3,579 posts
  • Gender:Male
  • Location:USA
  • Local time:12:57 PM

Posted 18 January 2018 - 07:14 PM

Sure, I can see about adding a similar feature as CryptoSearch, where it will download a local copy of the data (would require at least connecting to the internet once to grab it).

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.

BC AdBot (Login to Remove)


#62 Aura


    Bleepin' Special Ops

  • Malware Response Team
  • 19,697 posts
  • Gender:Male
  • Local time:01:57 PM

Posted 23 January 2018 - 03:13 PM

Thanks, it would help a lot :)

Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.

#63 Maxwell_Asin


  • Members
  • 24 posts

Posted 26 January 2018 - 09:15 AM

I think it will be better if we have some tool to Backup Ransom Note before delete it. Because some Decryptor Require Information from Ransom Note.

#64 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,934 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:57 PM

Posted 26 January 2018 - 12:11 PM

RansomNoteCleaner is intended to assist folks with cleanup after the infection.

If your files cannot be decrypted, you should have first created a copy or image of the entire hard drive. Doing that allows you to save the complete state of your system (and all encrypted data) in the event that a free decryption solution is developed in the future.

Imaging the drive backs up everything related to the infection including encrypted files, ransom notes, key data files (if applicable) and registry entries containing possible information which may be needed if a solution is ever discovered. The encrypted files and ransom notes do not contain malicious code so they are safe. Even if a decryption tool is available, there is no guarantee it will work properly or that the malware developer will not release a new variant to defeat the efforts of security researchers so keeping a backup of the original encrypted files and related information is a good practice.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users