Rigd ransomware removal

Rigd ransomware removal

Rigd ransomware is file-encrypting malware from the notorious Djvu/STOP ransomware family. This ransomware adds .rigd to encrypted files, hence why it’s known as Rigd ransomware. There currently is no free decryptor available, meaning file recovery without a backup is not possible. The ransomware operators will offer a decryptor to you but it costs $980. And because file recovery is not guaranteed, paying the ransom is not a good idea.



Rigd ransomware is the latest Djvu/STOP version, adding to the other hundreds of ransomware released in the past few years. Other Djvu ransomware versions include Koom, Hoop, Muuq, and Wiot. They are all more or less identical to one another but can be differentiated by the extensions they add to encrypted files. If you are dealing with Rigd ransomware, files will have .rigd added to them. The ransomware targets personal files because they are the most valuable, so all your photos, videos, documents, images, etc., will have that extension. For example, image.jpg would become image.jpg.rigd. You will be unable to open these files unless you first run them through a special decryptor, which, unfortunately, is not freely available. How you can obtain it will be explained in the _readme.txt ransom note that gets dropped in all folders containing encrypted files. The note explains that you need to pay $980 or $490 if you make contact within the first 72 hours. manager@mailtemp.ch and managerhelper@airmail.cc are given as the contact email addresses.

When there are no other options, paying the ransom may seem like the best option. However, it’s not a good idea. While whether to pay is your decision, you should be aware of the risks that come with contacting these cybercriminals. The most important thing you should know is that you will not necessarily receive the decryptor just because you pay. Countless users in the past paid the ransom but did not receive anything, or received a decryptor that does not work. Because there is nothing stopping these cybercriminals from not sending you the decryptor, they will not feel obligated to help you, even if you pay. And considering that the requested ransom is a large sum of money, paying is very risky.

If you backed up your files before the originals became encrypted, you should be able to recover files without issues. However, you need to make sure you first remove Rigd ransomware from the computer. If it’s still present when you access your backup, backed-up files would become encrypted. Use anti-malware software to delete Rigd ransomware from the computer because if you try to do it manually, you may miss something.

You likely have already checked whether a free decryptor is available. Unfortunately, at this moment in time, it’s not. Software developer Emsisoft has released a free Djvu/STOP decryptor but it only works on versions released before 2019 October. Because those versions used offline keys to encrypt files, they were the same for all victims. Emsisoft received the key from someone who paid the ransom and was able to develop a decryptor for all victims with the same keys. However, new versions like Rigd use online keys, meaning they are different for each victim. Unless the cyber crooks release the keys (or law enforcement does it for them), a free decryptor that works for everyone will not be available. However, all hope is not lost, so back up encrypted files and wait for a decryptor. We should warn you that you need to be careful about where you get your decryptors from because you could end up downloading malware by accident. NoMoreRansom is one of the safe sites where you can find many decryptors.

How does ransomware infect computers?

If your computer is infected with ransomware, you likely need to review your browsing habits. Ransomware usually gets in via malicious email attachments, torrents, malicious ads, etc. If you take the time to learn how exactly ransomware spreads, you should be able to avoid infection in the future.

It’s common knowledge that torrents are one of the most common ways regular users pick up malware infections. Torrents sites are quite poorly managed, which allows malicious actors to upload malware and disguise it as some type of movie, TV show, video game, software, etc. You are especially likely to encounter malware in torrents for recently released popular content. Using torrents to download pirated content is a bad idea, not only because it’s essentially stealing content but also because you put your computer in danger.

Malicious email attachments are also a very common way cybercriminals spread their malware. If you receive malspam in your inbox regularly, it’s likely that your email address has been leaked or part of some data breach. Those emails are harmless as long as you do not open the email attachments. The emails are also usually easily recognizable because they’re generic. They’re only more sophisticated when the target is someone specific. But generally, malicious emails are full of grammar and spelling mistakes, are sent from random-looking email addresses, pressure to open the attached files, and address users with User, Customer, Member, etc. If you receive an email with an attachment from a company whose services you use, take note of how you are addressed. Since the company would know your name, it would use that to address you. Malicious emails usually use generic terms. Lastly, as a precaution, we strongly recommend scanning all unsolicited email attachments with anti-virus software or VirusTotal before opening them.

Rigd ransomware removal

Because ransomware is a very complex malware infection, you should not attempt to delete Rigd ransomware manually. You may end up incorrectly removing it, which would allow the ransomware to recover later on. Or you could cause additional damage. Thus, use reliable anti-virus software. Once you are sure ransomware is no longer present, you can connect to your backup to start recovering files.

If you do not have a backup, back up the encrypted files and check NoMoreRansom for a free decryptor once in a while. While it’s not currently available, a free decryptor may be released in the future.

Site Disclaimer

WiperSoft.com is not sponsored, affiliated, linked to or owned by malware developers or distributors that are referred to in this article. The article does NOT endorse or promote malicious programs. The intention behind it is to present useful information that will help users to detect and eliminate malware from their computer by using WiperSoft and/or the manual removal guide.

The article should only be used for educational purposes. If you follow the instructions provided in the article, you agree to be bound by this disclaimer. We do not guarantee that the article will aid you in completely removing the malware from your PC. Malicious programs are constantly developing, which is why it is not always easy or possible to clean the computer by using only the manual removal guide.

Leave a comment

Your email address will not be published.