Error Ransomware

Error Ransomware was discovered in late August of 2017. It was created by cyber criminals to encrypt your files and then demand you pay a ransom to get your files back. After encrypting your files, they become inaccessible, and if you have no copies of them, then you may be inclined to pay to get them decrypted. However, we want to inform you that the cyber criminals behind this ransomware might not give you the decryption key, so you might be left with nothing. Therefore, we recommend that you remove this program instead of complying with the cyber criminals’ demands. For more details on this malicious program, please read this whole article.

If your PC becomes infected with Error Ransomware, then there is nothing you can do. It begins encrypting files immediately using an advanced algorithm. Our research has revealed that this program was set to target many file formats that include formats that hold videos, images, audios, documents, and executables, among other files. Basically, this program is dedicated to encrypting as many of your files as possible. It appends the encrypted files with an “.ERROR” extension file extension to signify that those particular files were encrypted. It also changes the original name of the encrypted files to a random set of characters. This ransomware runs from the location you launch it the first time. It then makes a copy of itself and places it in the %ALLUSERSPROFILE% folder. It also creates a registry subkey at HKCU/SOFTWARE/Microsoft/Windows/Current Version/Run with value data pointing to the location of the copied file (e.g. %ALLUSERSPROFILE%\{randomname}.exe.) The name of the file is random, so it will be different in each infection case. This subkey is configured to launch this ransomware on each system startup.

Once the encryption is complete, Error Ransomware is set to drop a ransom note called _HELP_INSTRUCTION.TXT and open it. The note sates that “Attention! All Your data was encrypted!” and provides three email addresses that include error01@msgden.com, error02@webmeetme.com, error03@protonmail.com. You have to send a message to one of these emails containing the unique ID number included in the ransom note to receive instructions on how to pay the ransom. The sum to be paid is not known as it is not indicated in the ransom note, but it must be revealed to you after you contact the criminals. However, there is no guarantee that the cyber crooks will give you the decryptor, so you should not trust them.

Now let us discus how this ransomware works. While there is no concrete information on how Error Ransomware is disseminated, we believe that its developers must have employed the tried and tested technique of sending this ransomware in fake emails that pose as legitimate tax return forms, invoices or business-related correspondence. The malicious file is attached to the fake emails and probably disguised as a document. If you open or download and then open this file, then your PC will become infected with this malware.

While Error Ransomware is highly dangerous, you can prevent it from infecting your PC by installing an anti-malware program such as SpyHunter. However, if your PC has already been infected with this ransomware, then you ought to remove it. We do not recommend that you pay the ransom because the cyber criminals behind it might not send you the decryptor. To delete this ransomware, use an anti-malware program or our manual removal guide provided below.

How to delete this ransomware

1. Find the malicious file you launched (Check Downloads, %Temp%)
2. Right-click the malicious file and click Delete.
3. Then, press Windows+E keys.
4. Type %ALLUSERSPROFILE% in the address bar and hit Enter.
5. Find and identify the randomly named executable of Error Ransomware.
6. Right-click it and click Delete.
7. Close the File Explorer.

Delete the Point of Execution

1. Press Windows+E keys.
2. Type regedit in the box and hit Enter.
3. Go to HKCU/SOFTWARE/Microsoft/Windows/Current Version/Run
4. Find the randomly named sub key with value data “%ALLUSERSPROFILE%\randomname.exe”
5. Right-click it and click Delete.
6. Right-click the Recycle Bin and click Empty the Recycle Bin.