Schwerer Ransomware

Schwerer Ransomware Description

The Schwerer Ransomware is a ransomware Trojan that is designed to enter a computer, encrypt the victim's files, and then asks for the payment of a ransom of $150 USD in BitCoin from the victim. The Schwerer Ransomware takes the victim's files hostage in exchange for ransom. The Schwerer Ransomware will encrypt files on all local disks, as well as on files shared on the network of the infected PC. The Schwerer Ransomware is very similar to numerous ransomware Trojans active currently, the CryptoWire and its variants particularly since they are all written using the AutoIt coding language. Although its name seems German, PC security researchers have noted that the Schwerer Ransomware uses an English-language ransom note and seems to be designed to attack English speakers.

Computer Users Infected by the Schwerer Ransomware Have a Free Way Out

The Schwerer Ransomware receives its name because the program window in which it delivers its ransom note is named 'Schwerer.' Once the Schwerer Ransomware ransom note appears, it means that the victim's files have already been encrypted and it is too late to halt the Schwerer Ransomware attack. A reliable security program, however, can intercept the Schwerer Ransomware infection before it manages to compromise the victim's files. The Schwerer Ransomware runs in the background, encrypting the victim's files without alerting the victim until it is too late to stop the attack. The Schwerer Ransomware targets a wide variety of file types, attempting to encrypt the files generated by the user such as presentations, text documents, videos, photos, spreadsheets, databases, eBooks, and files generated by commonly used software such as Adobe Photoshop or AutoCAD. The Schwerer Ransomware, after encrypting the victim's files, delivers its ransom note in a program window titled Schwerer. The Schwerer Ransomware ransom note contains the following message:

'All your computer file were encrypted with AES, only we can restore your files.
How to restore files :
Files encrypted : [NUMBER OF LOCKED FILES]
1. Send email to 897698@mail2tor.com containing your personal identifier (it is below)
2. We will send you a Bitcoin address, you must send 150€ to it within 3 days.
IF YOU DO NOT UNDERSTAND BITCOIN EMAIL WILL CONTAIN INFORMATIONS
3. Once full amount is sent you email us again. (make sure to contain key)
A. We will send you key and you will paste into textbox below, that will restore files.
Your Identifier: [43 RANDOM CHARACTERS]
Restore key: [TEXT BOX]
[Restore files]'

Dealing with a Schwerer Ransomware Infection

Although in the case of most ransomware Trojans it may be impossible to recover the files once they have been encrypted, computer users affected with the Schwerer Ransomware can call themselves lucky thanks to the fact that Jiri Kropac has created a decryptor and released it online. However, it is likely that this decryption utility is only a temporary solution, since updates to the Schwerer Ransomware Trojan may nullify this decryptor and use a stronger method to make the victim's files inaccessible completely. Furthermore, you should ensure that you are protected against other ransomware Trojans besides the Schwerer Ransomware since they are becoming ever more popular. The best protection against ransomware Trojans is to have file backups.

Taking Preventive Measures against the Schwerer Ransomware and Other Ransomware Trojans

The best protection against all ransomware Trojans is to have file backups on an external device or the cloud ( not synchronized to prevent the backups themselves from becoming encrypted too). If computer users can recover their files from a backup copy quickly, then the people responsible for the ransomware Trojan lose any power they have over the victim. Apart from having file backups, computer users should learn how to handle spam email messages and unsolicited email attachments since these are the main way in which these threats are spread. A security program that is fully up to date also can prevent the Schwerer Ransomware and other ransomware from encrypting the victim's files.

Infected with Schwerer Ransomware? Scan Your PC for Free

Download SpyHunter's Spyware Scanner
to Detect Schwerer Ransomware
* SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?


Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.

If you still can't install SpyHunter? View other possible causes of installation issues.

Technical Information

File System Details

Schwerer Ransomware creates the following file(s):
# File Name Size MD5 Detection Count
1 file.exe 620,032 3400d0f64623b161fd211c0044557af8 41
2 %APPDATA%\Other\awiem.bat 4
3 %APPDATA%\Other\pawje.exe 3

Registry Details

Schwerer Ransomware creates the following registry entry or registry entries:
HKEY..\..\..\..{RegistryKeys}
Software\Other\Schwerer

Site Disclaimer

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as is:
What is 8 + 5 ?