Efdc ransomware removal

Efdc ransomware is the latest file-encrypting malware to come from the notorious Djvu/STOP ransomware family. The main purpose of such malware is to encrypt files and offer a decryption tool in exchange for money, in this case, $980. The Djvu gang has released hundreds of ransomware versions with Efdc ransomware being the most recent one. It can be differentiated from the other versions by the .efdc extension it adds to files it encrypts. It drops the standard _readme.txt ransom note that explains how files can be decrypted.

 

 

Efdc ransomware will encrypt all your personal files in order to essentially blackmail you into paying the ransom. Like most ransomware, Efdc malware will target photos, videos, images, documents, etc., and all other personal files. While it’s encrypting your files, it will show a fake Windows update window in order to distract you. And once it’s done, all encrypted files will have .efdc added to them. The different Djvu versions can be differentiated by the file extensions they add. Other ransomware infections add .lqqw, .aeur, .orkf, etc. In this case, an example of an encrypted file would look like this: image.jpg.efdc. Once file encryption is complete, the ransomware will drop a generic _readme.txt ransom note in all folders that contain encrypted files. The note is more or less identical to the ones dropped by other Djvu versions. It explains that files have been encrypted and that the only way to recover them is to buy the decryptor. Unfortunately, it is true that at this current moment, file decryption is only possible using their decryptor. The cyber crooks demand $980 but promise to give a 50% discount if contact is made within the first 72 hours.

Whether you wish to pay the ransom or not is your decision. However, there are risks that you should be aware of. Most importantly, just because you pay the ransom does not mean you will get a decryptor. Keep in mind that you are dealing with cybercriminals, and there are no guarantees that they will send the decryptor once they get your payment. Many users did not receive decryptors in the past. Furthermore, if you pay once, the cybercriminals may consider you a target who would be willing to pay again.

If you have a backup for all your files, recovering them should not be an issue. However, you need to make sure to first remove Efdc ransomware from the computer. Use anti-virus software because if you incorrectly delete it and it’s able to recover, your backed-up files would become encrypted when you connect to your backup.

For users who do not have a backup, options are very limited. The only thing you can really do is wait for a free decryptor to become available. Software company Emsisoft has released a free Djvu/STOP decryptor but it only works versions that use offline keys to encrypt files, which the group stopped doing in 2019. New versions like Efdc use online keys for file encryption, which means that the keys are different for each user. Without those keys, it’s not possible to develop a decryptor that would work for everyone. However, it is possible that the keys will be released sometime in the future. The cybercriminals themselves may do it if they eventually decide to discontinue their ransomware activities. Or law enforcement may catch them and release a decryptor. So back up encrypted files and wait for a decryptor. Be careful to not download fake decryptors, and trust only legitimate sources like NoMoreRansom.

Ransomware distribution methods

If you have bad browsing habits, such as opening random email attachments, pirating via torrents, or clicking on ads, your chances of encountering ransomware or some other malware are much higher. If you take the time to develop better habits and become familiar with the common distribution methods, you should be able to avoid a lot of malware.

Torrent sites are notorious for being full of malware, primarily because the sites are very poorly moderated. Malicious actors have no issues uploading malicious content and disguising it as a torrent for a movie, TV show, video game, etc. It’s especially common to find malware in torrents for content that is popular. For example, torrents for episodes of fantasy TV series Game of Thrones often had malware in them when the show was airing. Pirating copyrighted content is frowned upon not only because it’s stealing content but also because it puts the computer in danger.

But one of the most common ways ransomware is distributed is via malicious email attachments. If your email address has ever been leaked, you likely receive malicious spam on a regular basis because the email address was sold on some hacker forum. Cyber crooks buy these email addresses in large quantities and then use them to spread malware via malspam campaigns. Fortunately for users, the emails carrying malware are usually quite obvious because they have very little effort put into them. They are full of grammar and spelling mistakes, threaten users to open the attached files, and address users in generic terms like Customer, Member, User, etc., despite claiming to be emailing from a company whose services users use. Keep in mind that if a company of whom you are a customer sends you an email, they will always address you by name, never by generic terms. Lastly, we recommend scanning all unsolicited email attachments with anti-virus software or VirusTotal before opening them.

You should also be very careful when browsing high-risk websites because it’s very easy to accidentally download malware if you’re not careful. Make sure to have anti-virus software and an adblocker program installed when you browse high-risk sites.

Efdc ransomware removal

Because ransomware is a very serious infection, it’s best to use anti-virus software to delete Efdc ransomware from your computer. If you attempt Efdc ransomware removal manually, you may end up causing more damage accidentally. Once the ransomware is no longer present, you can connect to your backup and start recovering files.

If you do not have a backup, your only option may be to wait for a free decryptor to become available. It’s not yet available but that may change in the future. Thus, we recommend you back up your encrypted files and check NoMoreRansom from time to time.