Estemani Ransomware Description
The Estemani Ransomware is a file-locking Trojan, which targets a very long list of file types. This ensures maximum damage once it manages to infiltrate a user's system. This data-encrypting Trojan propagates itself by masquerading as different content such as pirated applications, game cracks, cheat codes for popular games, and archives in the shape of a '.zip' files.
When the Estemani Ransomware compromises a computer, it will scan it to locate the file types, which will later be locked. Then, the encryption process will take place. Once the Estemani Ransomware encrypts a file, it changes its name by adding a '.estemani' extension at the end of the filename. Then, the Estemani Ransomware drops a ransom note. The note is named 'HOW_DECRYPT_FILES.txt,' which contains the ransom message of the attackers that reads:
We are pleased to announce successful encryption of your machine.
All the hosts in your network have been encrypted with FUD and powerful encryption algorithm(s) - RSA-2048 + Salsa20.
Any attempt to decrypt data by yourself is futile.
The cost for decryption begins from 0.75 Bitcoins (BTC) and depends on your business size.
Email address: email@example.com
HOST ID: XXCLO***
To avail decryption software and service send details about unique HOST ID and the contact email address and Follow the instructions for hassle free decryption process.
Note: The Host ID and Email addresses are unique and private. Any leak of information will result in direct ban to our services.
We won't be responding to any communications about free decryption. We follow simple business policy - No Money! No Decryption.’
The creators of the Estemani Ransomware claim to have a functional decryption key, which will supposedly unlock all the encrypted files. The attackers do not seem to shy away from setting the bar high – they require at least 0.75 Bitcoin (which is approximately $7,500 at the time of typing this post). In the note, the attackers also state that in case their ransomware threat has infected a system that belongs to a company, the ransom fee will be higher. They provide an email address where the victim can get in touch with them – 'firstname.lastname@example.org.'
Unfortunately, malware researchers are yet to release a free decryption tool for the Estemani Ransomware. We would strongly advise you against paying up the ransom fee, however. There is no guarantee that the creators of the Estemani Ransomware will provide you with a decryption key even if you pay. You should use a reputable anti-virus software suite to remove the Estemani Ransomware from your system safely. Then, if you have a backup of your data, you can recover your files. If you do not, you can attempt to recover some of the files using a third-party data recovery tool.
Do You Suspect Your PC May Be Infected with Estemani Ransomware & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like Estemani Ransomware as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Security Doesn't Let You Download SpyHunter or Access the Internet?Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your PC. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.