Remove Irjg ransomware

Irjg ransomware is file-encrypting malware that comes from the Djvu/STOP ransomware family. The cyber gang operating this malware has released hundreds of versions of essentially the same ransomware. They can be differentiated from one another by the extensions they add to encrypted files. This ransomware adds .irjg, hence why it’s known as Irjg ransomware. Unfortunately, files encrypted by this ransomware can only be recovered if a file backup is available. The cybercriminals will try to sell their decryptor but purchasing it is not recommended.

 

 

Irjg ransomware is essentially identical to Nqsq, Tisc, Rigd, and Koom ransomware, as they all come from the same STOP/Djvu malware family. These are just a couple of examples, the group has released hundreds of ransomware. It’s not difficult to differentiate between them as they all add different file extensions to encrypted files. This ransomware will add .irjg. For example, image.jpg would become image.jpg.irjg. All files with this extension will be unopenable. The ransomware will target all personal files, including photos, videos, documents, and images. To be able to open these files, you first need to run them through a decryption program, which, unfortunately, is in the hands of cybercriminals operating this ransomware.

When the ransomware is done encrypting files, it will drop a _readme.txt ransom note in all folders containing encrypted files. The note explains that files have been encrypted and offers a decryptor for $980, or $490 if the ransom is paid within the first 72 hours. However, this offer comes with risks. Whether you pay the ransom is your decision but we feel it’s necessary to caution you that you will not necessarily receive a decryptor after paying. Keep in mind that you are dealing with cybercriminals, and there is nothing forcing them to help you. Countless users have paid ransoms but received nothing in return.

If you have a backup of your files, there should be no issues with file recovery. However, you must make sure to fully remove Irjg ransomware from the computer because otherwise, backed-up files would become encrypted as well. Use anti-malware software to fully get rid of the ransomware and only then access your backup.

The situation is much more complicated if you do not have a backup as your options are very limited. We recommend backing up encrypted files and waiting for a free decryptor to be released. It’s not available at this moment but it may be released sometime in the future. There is a free Djvu/STOP decryptor developed by Emsisoft but it mostly does not work on versions released after 2019, which includes Irjg ransomware. Nonetheless, it’s not impossible that a decryptor will be released. Check NoMoreRansom for decryptors.

How does ransomware spread

Ransomware mostly infects computers of users who have bad browsing habits, including opening unsolicited email attachments, clicking on ads when browsing high-risk websites, pirating via torrents, falling for fake virus alerts, etc. It’s important that you become familiar with ransomware distribution methods and develop better browsing habits in order to avoid ransomware infections in the future.

Malicious email attachments are likely the most common way ransomware infects computers. The emails are harmless as long as the attached file remains unopened. However, the moment a malware-carrying file is opened, the malware can initiate. Thus, it’s very important to learn to recognize malicious emails, which is quite easy to do since cybercriminals do not put a lot of effort into their malware-spreading emails the majority of the time. They are almost always full of grammar/spelling mistakes, despite senders claiming the emails are official correspondence from a company whose services users supposedly use. Grammar and spelling mistakes look unprofessional, thus legitimate emails will rarely have them. Another sign that an email may be malicious is you being addressed in generic terms like “User”, “Member”, “Customer”, etc. If a company whose services you use sends you an email, they will always address you by your name. Otherwise, it looks unprofessional. In rare cases, mostly when the target is someone specific, the email may be more sophisticated and thus, appear more legitimate. As a precaution, we recommend scanning all unsolicited email attachments with anti-virus software or VirusTotal to determine that they are safe before opening them.

It’s also very easy to pick up ransomware and other malicious infections via torrents. It’s no secret that torrent sites are notoriously badly regulated, which allows cybercriminals to upload malicious content without too much difficulty. It’s especially common to find malware in torrents for something that is particularly popular. For example, when a new Marvel movie is released, its torrents are full of all kinds of malware. Thus, not only is pirating copyrighted content via torrents essentially stealing, but it’s also dangerous for the computer.

We should lastly mention that you could also pick up malware if you click on advertisements when browsing high-risk websites, such as those that have pornography or pirated content. Fake malware alerts that appear on those sites are also dangerous to interact with.

Irjg ransomware removal

Considering that ransomware is a very complex malware infection, if you try to remove Irjg ransomware manually, you could end up causing your computer even more harm. Furthermore, incorrectly removing the malware could allow it to recover soon after. If the ransomware is still present when you connect to your backup, those files would become encrypted as well. We highly recommend using anti-malware software to delete Irjg ransomware as that would ensure the malware is fully gone and cannot recover. Only when you are sure the ransomware is no longer present should you access your backup.

If you do not have a backup, your options are, unfortunately, very limited. The only thing you can do is back up encrypted files and wait for a free decryptor to become available. While it may not be available at the moment, a free decryptor may be released in the future. However, you need to be very careful about where you look for decryptors. It’s not uncommon for malicious actors to conceal malware in fake decryptors. NoMoreRansom is one of the safest sources to download decryptors from.