OVO ransomware removal

OVO ransomware belongs to the notorious Dharma ransomware family, which is responsible for releasing hundreds of ransomware versions. This version adds .[dable19@mail.fr].OVO to encrypted files, which is how you can identify which ransomware you are dealing with.

 

OVO ransomware is file-encrypting malware, which means if it enters your computer, your personal files will become encrypted. The ransomware is operated by the Dharma ransomware gang, who are responsible for releasing other malware like AXI. Because it takes personal files for hostage, it’s considered to be a very dangerous malware.

Once it gets into the computer, it will target your photos, videos, documents, etc., encrypt and add .[dable19@mail.fr].OVO to them. You will not be able to open any of the files that have that extension unless you first run them through a decryptor. The only problem with that is that the decryptor is in the hands of cyber criminals who are controlling the ransomware. And they will not just give it to you, at least not for free. As explained in the ransom note dropped once files are encrypted, you would need to buy the decryption tool. The price is not mentioned, however. But a couple of hundred dollars minimum is usually the ransom price. Whatever the price is, we usually recommend not paying the ransom as it’s rather risky. Since you are dealing with cyber criminals, you cannot be guaranteed that you’ll receive a decryptor. A number of users have not received decryptors even after paying, so you should be aware of that before making a decision.

If you have backup, you can recover files as soon as you delete OVO ransomware from the computer. Do use anti-virus for that, as ransomware is a complicated malware infection. Access your backup only when you’re sure the ransomware is no longer present, as otherwise the backed up files would become encrypted as well.

For those who don’t have backup, waiting for a free decryptor to become available may be the only option. Malware researchers are sometimes able to release decryptors, but one for OVO ransomware is not currently available. The ransomware uses unique keys to encrypt each victim’s files, meaning the key is different for everyone. Without those keys, developing a decryptor is not possible. But it’s not unheard of for keys to be released, so there is hope. Back up encrypted files and occasionally check NoMoreRansom for a free decryptor. If one becomes available, it would appear there.

Ways to avoid a malware infection

Users who have bad browsing habits get infected much more often compared to those who have good ones. Bad habits include opening unsolicited email attachments, pirating via torrents, not installing updates, and clicking on ads while on high-risk websites.

One of the most common ways users pick up malware is by opening malicious email attachments. All you need to do to infect your computer is open the attachments and enable macros. Fortunately for users, the malspam is usually quite obvious. The emails that have malicious attachments are full of grammar and spelling mistakes, are sent from random email addresses, and put strong pressure on the receiver to open the email attachment by claiming it’s some kind of important document, receipt, delivery notice, etc. In some cases, the malspam may be more sophisticated, which is why we strongly suggest you always scan unsolicited email attachments with anti-virus software or VirusTotal.

If you pirate via torrents, you also have an increased chance of picking up ransomware or some other type of malware. Torrent sites are often unregulated, or very poorly regulated, which allows cyber criminals to easily upload torrents containing malware. It’s particularly common for torrents for popular TV shows, movies, games and software to have malware in them. We highly discourage you from torrenting, because it’s dangerous for the computer if not because it’s stealing content.

It should also be mentioned how critical it is to install updates. Malware can use system/software vulnerabilities to get into computers, and updates patch them. If possible, we recommend you enable automatic updates.

Files will not be openable once they’re encrypted

It’s very obvious when ransomware is present on the computer because you will not be able to open your personal files. The ransomware will target mainly personal files like photos, videos, documents, etc. This ransomware adds .[dable19@mail.fr].OVO to encrypted files, which is how you can recognize it. The extension will have your assigned ID in it, which you would need to include in your email if you decide to buy the decryptor. So for example, an encrypted text.txt file would become text.txt.your unique ID.[dable19@mail.fr].OVO. As you probably already noticed, you won’t be able to open files with that extension.

Once your files are done being encrypted, a FILES ENCRYPTED.txt ransom note will be dropped. A pop-up ransom note will also appear, and this one contains more information. The note explains that files can be recovered, and that you can start the process of getting the decryptor by sending an email to dable19@mail.fr or airbusbtc@goat.si. If you intend to buy the decryptor, you need to include your ID in the email.

However, paying the ransom is very risky. As we explained above already, you won’t necessarily receive a decryptor. There’s nothing really stopping them from taking the money and not sending anything in return. It has happened many times in the past, and it will happen many times in the future.

If you have backup, file recovery should be issue-free as long as you first remove OVO ransomware from the computer. If the ransomware is still present, your backup files may become encrypted as well.

OVO ransomware removal

Since ransomware is a complicated malware infection, we strongly suggest you use anti-virus software to delete OVO ransomware. Otherwise, you may end up causing more damage. Unfortunately, removing the ransomware does not decrypt files. You would need a decryptor for that, and a free one is not currently available. However, that may change in the future, so back up encrypted files and occasionally check NoMoreRansom for a decryptor.