Adage Ransomware | Guide to remove it from system

Ransomware

Guide to Remove Adage Ransomware-

Adage Ransomware is the recent menace to the computer-users around the world that is encrypting the files & rendering them inaccessible to the users. As per the cyber-security researchers, Adage is another threatening member in the infamous crypto-virus family, Phobos Ransomware.

Threat Summary - Adage

Commonly used internet services such as spam e-mail campaigns & fake software updaters are considered as the prime methods of propagation of Adage infection. Once the system infected, Adage Virus encrypts user & system files & renames them by adding victims unique ID, hacker’s e-mail address & “adage” extension to the file names. The encrypted files are instantly made unusable to the users.

In addition to that, Adage Ransomware drops a ransom-demanding note & runs a HTML application on the victim’s desktop. The ransom note suggests the victims to contact the hackers & pay them ransom to get the encrypted data restored.

Most of the victims tend to fall into the fake claims made by the hackers & pay the ransom. However, the analysis shows that victims not always receive positive response from the hackers. The victims, in most of the cases, do not receive get the promised Adage decryption tool & unique key in exchange of the ransom amount.

Wonder how you can recover .Adage files & stop Adage Ransomware from infecting the system again? Well, we have got you covered! Read on to learn how you can protect yourself from Ransomware & keep your files from getting encrypted.

Threat Summary of Adage Ransomware

Threat Summary
Name Adage File Virus
Type Ransomware
Category Malware
Targeted OS Windows
Symptoms It infects your system with the motive to encrypt stored files. After successful encryption, the virus demands Ransom money (in Bitcoins) to decrypt them.
Damage You cannot open a locked file without paying the asked ransom. Additionally, it may increase the malicious payload in your system.
Removal Download Removal Tool

Threat Behavior of Adage Ransomware –

Adage Ransomware is the name of the recent threat that has been specifically designed to stealthily infect the system, encrypt the files & render them inaccessible to the users. Cyber-security analysts claim Adage Ransomware to be a Phobos Ransomware variant.

In addition to that, it has been found that the threat behavior of .Adage file virus bears resemblance to a myriad of Ransomware-type infections such as Carote, Viagra & Londec. The only major differences in these file viruses are the amount of ransom demanded & type of Encryption Algorithm employed.

Adage mainly spreads through multiple distribution channels such as spam e-mail campaigns, fake software updaters & third-party software download sources. Once the system is infected, Adage virus searches the system for certain targeted file extensions. On finding them, it uses algorithms such as RAS (Rivest–Shamir–Adleman), AES (Advanced Encryption Standard) & other similar crypto-graphies to encrypt the files. These algorithms are also capable of generating unique private keys for the each infected system & storing them on the hacker’s server.

Targeted Files _ Adage

The encrypted files are renamed by appending:

  • Victim’s Unique ID
  • Developer’s e-mail address &
  • .adage extension to the file names

For example, a file named “image.jpg” might be renamed as “image.jpg.id[xxxxxxxx-xxxx].[[email protected]].adage” after encryption.

Certain file extensions that .Adage file virus is capable of encrypting are-

  • Document files (.docx, .doc, .odt, .rtf, .text, .pdf, .htm, .ppt)
  • Audio Files (.mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4)
  • Video Files (.3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob)
  • Images (.jpg, .jpeg, .raw, .tif, .gif, .png)
  • Backup Files (.bck, .bckp, .tmp, .gho)

Adage, the Phobos Ransomware Variant makes the files unreadable & restricts access to the data by encrypting the above mentioned file extensions.

Details of Ransom Note & Amount Demanded by Hackers

Adage targets all the OS versions of Windows such as 7, 8.1 & 10 & installs a malicious executable file in %AppData% or %LocalAppData% folder of the C drive. While this executable file is launched, it scans all drive letters on system & searches file to encrypt.

Following the successful encryption of targeted files, Adage File Virus attempts to extort hefty amount from the victims by demanding ransom in exchange of the unique private key & Adage decryption tool.

It generates an HTML Application named “info.hta” that is capable of running automatically. In addition to that, it creates a ransom note named “info.txt” & drops both the HTML App & the note on the victim’s desktop.

Ransom Note - Adage

This ransom-demanding note describes the victims about the current situation of the system & encourages them to contact the hackers in order to get the encrypted data restored. The HTML application appears as a pop-up over the ransom note & contains more details/instructions for the victims.

It states that the victims need to pay a ransom amount of $500 to $1500 in Bitcoin crypto-currency in exchange of the Adage decrypter.

In order to take the users into confidence, the Adage’s developers offer to decrypt a total of 5 encrypted files for absolutely no cost. Victims can select 5 files (except the ones containing important information such as backups excels, databases) & send them to hackers on their e-mail address.

The decrypted files are then sent to back to the victims as a guarantee of decryption. However, the analysis shows that regardless of the amount, the victims must never attempt to contact the hackers.

Contacting the hackers & paying the ransom may not always yield positive results. In other words, the victims may not always receive response from the hackers after the payment has been made.

Therefore, we recommend not contacting the hackers & letting them extort your hard-earned money. Rather, act smart! You may either download Adage decrypter tool or follow manual removal guidelines to get rid of the Adage Ransomware.

Distribution Techniques of Adage Ransomware –

The cyber-criminals use various strategies for Adage Ransomware distribution which include –

1). Software Bundling: Software bundling is the process in which a malicious program is distributed with other free software, to get an unnoticed entry into your computer system. When a user installs a free application, the malicious programs gains a front door entry with the free application, the user has downloaded. Thus, it is a good idea to keep an eye on the installation screens while installing these free applications.

2). Infected Storage Devices: Your system can also get infected by using removable media such as USB hard drives and jump drives without scanning them with an anti-virus.

Spread-Techniques-Adage

3). Spam Emails – Spamming is the most economic and common method used for the distribution of such malware. The targeted users get genuine looking emails which contain .doc, .txt, and other similar attachments. These attachments can be named as anything which can grab the user’s attention and triggers him/her to open the attachment. As soon as the user opens this attachment, the malware infects the user’s computer system.

4). Malicious Websites or Malevolent Advertisements: The malicious websites are the ones which are created just for promoting the malware infections. Such websites include but are not limited to porn sites, torrent sites and other free downloading platforms. By visiting such websites, the adware infects the user’s computer without permission. Fake advertisements and updates like Flash player and windows updates which ask the user to update to the latest version are a few examples. When the users click on such links, their computer system gets infected. That is why, it is highly recommended to resist clicking on such links. Also avoid clicking on advertisements offering free stuff such as Win an iPhones, cars or free overseas trips etc.

Download Vipre Malware Remover

How to remove Adage Ransomware infection from the system-

The removal steps of the Adage Ransomware are still not known at this time. However, here are few common measures that have been concluded after proper research & analysis by our analysts.

STEP A: Reboot your system to Safe Mode

To restart the system to Safe Mode with Networking,  if already switched ON then follow the below steps:

Windows 7/ Vista/ XP

  1. Click on Windows icon present in the lower left corner of the computer screen.
  2. Select and click  Restart.
  3. When the screen goes blank, Keep tapping  F8  Key until you see the Advanced Boot Options window.
  4. With the help of arrow keys on keyboard, Select Safe Mode with Networking  option from the list and press the Enter Key. The system will then restart to Safe Mode with Networking.

5 Once the system restarts, click on the username and enter the password (if any) to log in.

Windows 10 / Windows 8

  1. Press and hold the Shift Key and simultaneously click on the windows icon present in the lower left corner of your computer screen.
  2. While the Shift key is still pressed click on the Power button and then click on Restart.
  3. Now select Troubleshoot → Advanced options → Startup Settings.
  4. When the Startup Settings screen appears which is the first screen to appear after restart, select and click on Enable Safe Mode with Networking. The system will then restart to Safe Mode with Networking.
  5. Once the system restarts in Safe Mode, click on the username and enter the password, if any to log in.

STEP B: Delete the suspicious key from the Configuration Settings

  1. Type “Msconfig” in search box / Run Box, select it and press Enter.
  2. Click on “Services” Tab and click on “Hide all Microsoft services”.
  3. Select Adage Ransomware from the list of remaining services and disable it by removing the tick mark from the checkbox and click on Apply button.

Windows 7

  1. Click on the next tab – “Startup”.
  2. Find any blank or suspicious entry or the entry with Adage Ransomware mentioned and remove the check mark.
  3. Click on Apply button and then click on OK.

Windows 10

  1. Click on the next tab – “Startup”.
  2. Take the mouse cursor to ‘Open task Manager‘ link and click on it.  This opens the Task Manager window.
  3. Find any blank or suspicious entry or the entry with Adage Ransomware mentioned and click on it.
  4. Then click on Disable button.

STEP C: Remove the Malicious Program from Command Prompt

Once the system starts, ensure to use an account with administrative privilege to access Safe Mode with Command Prompt.

After the user enters admin credentials, Command prompt window is displayed wherein you are entitled to enter the below commands:

  1. Type the command “sc delete Adage Ransomware” in the command prompt and press Enter.
  2. Type “exit” to exit the command prompt and restart the system in safe mode with command prompt.

STEP D: Restore the System Files & Setiings

From Control Panel

For Windows 7

  1. Click on the ‘Start’ button on the taskbar. This will open the Start menu.
  2. Click on the ‘Control Panel’ button in the Start menu. This will open the control panel window.Step 2-Windows 7 Control Panel
  3. In the Control Panel window, click on the ‘View by:’ button on the top right. Select the Large Icon optionStep 3 - Windows 7 Control Panel
  4. In the control Panel window click on the ‘Recovery Icon’. This will open a window that will ask ‘Restore the computer to an earlier point in time’.Step 4- Windows 7 Control Panel
  5. Click on the ‘Open system restore’ button. This will open the ‘system restore ’window where you need to click on the Next Button.Step 5- Windows 7 Control Panel
  6.  Select the restore point that is prior the infiltration of Adage Ransomware. After doing that, click Next.Step 6- Windows 7 Control Panel
  7. This will open the ‘Confirm your restore point’ dialog box. Click on Finish button. This will restore your system to a previous restore point before your system was infected by Adage Ransomware.Step 7-Windows 7 Control Panel

OR

From Command Prompt

  1. Type cmd in the search box and click on the command prompt to open the Command Prompt window. box and clicking on it.
  2. Once the Command Prompt window shows up, enter cd restore and click Enter.(Ensure that you in the system32 directory of Windows folder in C Drive)
  3. Now type rstrui and press Enter again.
  4. When a new window shows up, click Next and select your restore point that is prior the infiltration of Adage Ransomware. After doing that, click Next.Step 4- Windows 7 Command PromptStep 4 b- Windows 7 Command Prompt
  5. This will open the ‘Confirm your restore point’ dialog box. Click on Finish button. This will restore your system to a previous restore point before your system was infected by Adage Ransomware.Step 7-Windows 7 Control Panel

OR

  1. Type ‘Rstrui’ in the search box present on the task bar. This will open the System restore dialog box.

Continue to follow steps 4 & 5 of Method 2 to restore the System Files and settings.

How to prevent Adage Ransomware from infecting your system-

  1. Keeping the Operating System Updated- In order to remain protected and avoid such infections, it is recommended to keep your Operating System updated by enabling the automatic update on your system. The systems with outdated or older versions of Operating System become an easy target for the attackers.
  2. Resist clicking on spam emails – One of the major techniques used for malware distribution is forwarding spam emails to the user. The system gets infected as soon as the user clicks on the attachment. These mails appear to be genuine, so be aware and resist falling for these tricks.
  3. Keep an eye on third party installations- It is quite important that you take due care while installing any third party applications for they are major source of such infections. Such malware programs come bundled with the free applications thereby requiring the user to remain cautious.
  4. Regular periodical backup- In order to keep your data and files safe, it is recommended to take regular back up of all your data and files either on an external drive or cloud.
  5. Use Anti-Virus Protection- We strongly recommend the use of antivirus protection/internet security in your PC like Kasperky and Bull Guard so that it remains safe.
  6. Enable the Ad Blocker/Popup Blocker in your browser- Enabling the popup blocker/ ad blocker in your chosen browser will help you to stay protected from annoying adware.
Virus Removal Guidelines