Estemani Ransomware

Estemani Ransomware Description

The Estemani Ransomware is a file-locking Trojan, which targets a very long list of file types. This ensures maximum damage once it manages to infiltrate a user's system. This data-encrypting Trojan propagates itself by masquerading as different content such as pirated applications, game cracks, cheat codes for popular games, and archives in the shape of a '.zip' files.

When the Estemani Ransomware compromises a computer, it will scan it to locate the file types, which will later be locked. Then, the encryption process will take place. Once the Estemani Ransomware encrypts a file, it changes its name by adding a '.estemani' extension at the end of the filename. Then, the Estemani Ransomware drops a ransom note. The note is named 'HOW_DECRYPT_FILES.txt,' which contains the ransom message of the attackers that reads:

We are pleased to announce successful encryption of your machine.
All the hosts in your network have been encrypted with FUD and powerful encryption algorithm(s) - RSA-2048 + Salsa20.
Any attempt to decrypt data by yourself is futile.
Read more:
The cost for decryption begins from 0.75 Bitcoins (BTC) and depends on your business size.
Email address:
To avail decryption software and service send details about unique HOST ID and the contact email address and Follow the instructions for hassle free decryption process.
Note: The Host ID and Email addresses are unique and private. Any leak of information will result in direct ban to our services.
We won't be responding to any communications about free decryption. We follow simple business policy - No Money! No Decryption.’

The creators of the Estemani Ransomware claim to have a functional decryption key, which will supposedly unlock all the encrypted files. The attackers do not seem to shy away from setting the bar high – they require at least 0.75 Bitcoin (which is approximately $7,500 at the time of typing this post). In the note, the attackers also state that in case their ransomware threat has infected a system that belongs to a company, the ransom fee will be higher. They provide an email address where the victim can get in touch with them – ''

Unfortunately, malware researchers are yet to release a free decryption tool for the Estemani Ransomware. We would strongly advise you against paying up the ransom fee, however. There is no guarantee that the creators of the Estemani Ransomware will provide you with a decryption key even if you pay. You should use a reputable anti-virus software suite to remove the Estemani Ransomware from your system safely. Then, if you have a backup of your data, you can recover your files. If you do not, you can attempt to recover some of the files using a third-party data recovery tool.

Do You Suspect Your PC May Be Infected with Estemani Ransomware & Other Threats? Scan Your PC with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like Estemani Ransomware as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Note: SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. Free Remover allows you to run a one-off scan and receive, subject to a 48-hour waiting period, one remediation and removal. Free Remover subject to promotional details and Special Promotion Terms. To understand our policies, please also review our EULA, Privacy Policy and Threat Assessment Criteria. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
If you still can't install SpyHunter? View other possible causes of installation issues.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.