Click on screenshot to zoom
Danger level 7
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

Revolution Ransomware

The sudden and unfortunate appearance of Revolution Ransomware on your system can leave a deep scar as it encrypts all your important files, which you may never see again unless you have a backup. This dangerous ransomware program can cause a lot of damage and thus should be taken seriously. Hopefully, you do have a recent backup of your most important files either in cloud storage or on a portable drive. If not, this will definitely be a hard lesson to learn from. Unfortunately, there is no other way to recover your files than obtaining the unique decryption key, which is supposed to be stored on a secret remote server only your attackers can access. We are here to warn you that paying the ransom fee these crooks demand could be risky and you may not receive the promised key and decryption tool. It is more likely to get infected with another dangerous program than crooks sending you anything useful. We highly recommend that you act right now and remove Revolution Ransomware from your PC. For the details, please read our full report.

This ransomware infection is suspected to be a Xorist Ransomware variant. The most probable way for you to infect your system with it is via spam e-mails. It is possible that you received a deceptive mail recently that you opened and checked out its attachment as well. This malware threat can pose as a document, an image, or a ZIP archive file and pretend to be something very important for you to see. This trick has been used in the past years with great success because people are really the curious type; well, most of us at least.

This also means that even more experienced user may step right into this trap since this spam may look totally authentic with its sender and subject fields. The combination of these two fields are responsible for your wanting to open it in the first place. But who would not want to see a mail that claims to come from a well-known airline claiming that your flight booking was cancelled because you gave the wrong credit card details? Even if you know for sure that you have not booked anything recently, would you not want to see what this is all about?

"This must be a mistake," you may think and click on the mail right away to clear up this matter. However, you will only feel even more compelled to view the attached file that is supposed to have all the details for you. But as you click to run the file, bang, there you go; the malicious attack starts up in the background and your files become useless by the second. This is why you cannot delete Revolution Ransomware without the unfortunate consequences. You simply do not have enough time window to act even if you realize that something must be off. This is why you need to be more careful around your inbox and spam folder as well and double-check every suspicious mail with its sender to be on the safe side. Never open attachments that you are not expecting to get.

Our tests and research indicate that this ransomware infection uses the RSA-1024 encryption algorithm to render your files unusable. This simply means that you will not be able to use or open any of your photos, videos, audios, documents, databases, archives, and certain program files either. These are the usual targets for ransomware programs since these are supposed to be the most valuable files for any user; valuable enough to be willing to pay to recover them. The encrypted files get a ".REVOLUTION" extension, which makes it easier for you to identify your attacker. This threat drops its ransom note text file called "InfoFiles.txt" file on your desktop.

If you open this file, you will be informed about what just happened to your system and how you can get your files back. These crooks promise you the private key and a decryption tool in exchange for your money. In order for you to get further details on the amount of the ransom fee and how to proceed, you have to send an e-mail to "getyourfilles@bigmir.net" attaching your "InfoFiles.txt" to it. You can also send one or two small files to decrypt them for free so that you see proof of their capability. If you do not pay within 72 hours, the price doubles. We never encourage anyone to pay because these are cyber criminals who will most likely disappear into thin air right after they receive your money. Or, what is worse, they may even send you another infection to extort further amounts from you. All in all, we recommend that you delete Revolution Ransomware from your computer as soon as possible.

If you want to eliminate this dangerous threat manually, we suggest that first, you kill the malicious process via Task Manager if it is still running in the background. Then, you can delete all the related files you can find on your system. Please follow our instructions below this report if you need help with this. Since it is quite possible that this is not the only malware infection on board, we advise you to clean your system properly before you transfer your backed up files back onto your hard disk. If you do not want to do this manually, we suggest that you use a reliable anti-malware program (e.g., SpyHunter) to automatically take care of all possible system security issues that may be threatening your PC both at present and in the future.

How to remove Revolution Ransomware from Windows

  1. Press Ctrl+Shift+Esc simultaneously to open Task Manager.
  2. Select the malicious process if still active, and press End task to kill it.
  3. Exit Task Manager.
  4. Navigate to your desktop and bin the ransom note file ("InfoFiles.txt").
  5. Press Win+E to launch File Explorer.
  6. Search all your download directories to find and delete all suspicious files you have saved recently.
  7. Empty your Recycle Bin.
  8. Restart your computer.
Download Spyware Removal Tool to Remove* Revolution Ransomware
  • Quick & tested solution for Revolution Ransomware removal.
  • 100% Free Scan for Windows
disclaimer
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.