Remove .Arrow Ransomware Virus (+Restore Files)

How to Remove Arrow Ransomware?

Readers recently started to report the following message being displayed when they boot their computer:

All your files have been encrypted!
All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail sabantui@tutanota.com
Write this ID in the title of your message B8F053EC
In case of no answer in 24 hours write us to theese e-mails:udacha@cock.li
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files.
Free decryption as guarantee
Before paying you can send us up to 5 files for free decryption. The total size of files must be less than 10Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)
How to obtain Bitcoins
The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click ‘Buy bitcoins’, and select the seller by payment method and price.
https://localbitcoins.com/buy_bitcoins
Also you can find other places to buy Bitcoins and beginners guide here:
http://www.coindesk.com/information/how-can-i-buy-bitcoins/
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.

Arrow is the name, given to a new file-encrypting infection. It got the name, due to it adding the ‘arrow’ extension at the end of each one of your files. Thus, locking them. The Arrow threat is NOT to be underestimated. It’s dangerous and malicious. The infection belongs to the ransomware family, and it’s a plague on your system. After it finds a way into your system, its programming kicks in, and you best be wary. The tool begins to encrypt every single file, you have on your PC. As stated, it adds the ‘arrow’ extension, and solidifies its grip over your data. Once the extension gets put in place, you can no longer access any file. It gets rendered unreachable. You become a victim to the age-old extortion scheme. The cyber criminals, behind the infection, lay out their terms. They do that, by presenting you with a ransom note. You have to ignore everything the ransom note states! It may seem counteractive, but if you follow its instructions, you WILL regret it. You’ll find yourself in even deeper troubles. Ans, you still won’t have access to your files. So, make the tougher but wiser choice. Say goodbye to your files. Accept them as lost, and move on. It’s better than the mess that awaits if you try to comply with the cyber kidnappers.

How did I get infected with?

The Arrow ransomware isn’t inventive. It turns to the usual antics to invade. With the help of the old but gold invasive methods, it gains access to your PC. In fact, it dupes you into giving it access to your PC. Confused? Well, it’s pretty simple. The infection tends to use the same old tricks, and preys on your carelessness. It exploits your naivety and haste to fool you into giving it the green light. All, while keeping you oblivious to it. The most common methods, it uses, include the following. It lurks behind corrupted links, or sites. Or, conceals its presence via freeware, and spam email attachments. It can also pretend to be a system or program update. Like, Adobe Flash Player or Java. Its array of invasive methods is prolific. But their success rests on you. If you choose caution over carelessness, you can catch the infection in the act. You can spot it trying to sneak in, and foil its attempts. But, if you’re not, it slips right by you, unnoticed, and wreaks havoc. Don’t give into distraction. Don’t rush. Always take the time to be thorough, and do your due diligence. It goes a long way.

Why is Arrow dangerous?

The Arrow ransomware sneaks in, and corrupts your files. Then, when it puts everything on lockdown, it leaves you a note. It contains the cyber criminals’ demands. The ransom note clues you into your predicament. It explains that you’re a victim to a ransomware tool, and your data is encrypted. If you ever wish to decrypt it, and access it again, you have to comply. The extortionists say that you have to pay up to get the decryption key that will unlock your files. You have to reach out to them via email. Once you do, you’ll get further instructions. They even give you a deadline, which is 24 hours. They demand payment in Bitcoin, as most cyber kidnappers do. And, as for the price, they leave you with the following: “The price depends on how fast you write to us.” That’s classic scare tactics. These people hope to get you into a frenzy. So that, in your panicked state, you’ll do something stupid. And, act against your better interest. Under any circumstance, do NOT contact these people! Don’t write, don’t call, don’t send a carrier pigeon! The best thing you can do, in that situation, is to accept defeat. Cut your losses, and forsake your files. Understand that the fight against a ransomware is one you can’t win. Even if you pay the ransom, the kidnappers can choose not to send you a decryption key. Or, they can send one that doesn’t work. And, even if it all goes smoothly, and you unlock your data, what then? The ransomware still remains on your PC. It’s free to act up again, and encrypt everything once more. Then, what will you do? Throw money at the extortionists until they get tired of profiting off of you? Not to mention, that if you pay the ransom, you expose your private information. You leave them a trail to follow that leads straight to your personal and financial details. So, don’t do that. Don’t pay. Don’t reach out to them. Do what’s best for you, and say goodbye to your data. It’s the better alternative.

Arrow Removal Instructions

STEP 1: Kill the Malicious Process

STEP 2: Reveal Hidden Files

STEP 3: Locate Startup Location

STEP 4: Recover Arrow Encrypted Files

STEP 1: Stop the malicious process using Windows Task Manager

• Open your task Manager by pressing CTRL+SHIFT+ESC keys simultaneously
• Locate the process of the ransomware. Have in mind that this is usually a random generated file.
• Before you kill the process, type the name on a text document for later reference.

• Locate any suspicious processes associated with Arrow encryption Virus.
• Right click on the process
• Open File Location
• End Process
• Delete the directories with the suspicious files.
• Have in mind that the process can be hiding and very difficult to detect

STEP 2: Reveal Hidden Files

• Open any folder
• Click on “Organize” button
  
• Choose “Folder and Search Options”
• Select the “View” tab
• Select “Show hidden files and folders” option
• Uncheck “Hide protected operating system files”
• Click “Apply” and “OK” button

STEP 3: Locate Arrow encryption Virus startup location

• Once the operating system loads press simultaneously the Windows Logo Button and the R key.

• A dialog box should open. Type “Regedit”
• WARNING! be very careful when editing the Microsoft Windows Registry as this may render the system broken.

Depending on your OS (x86 or x64) navigate to:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

• and delete the display Name: [RANDOM]

• Then open your explorer and navigate to:

Navigate to your %appdata% folder and delete the executable.

You can alternatively use your msconfig windows program to double check the execution point of the virus. Please, have in mind that the names in your machine might be different as they might be generated randomly, that’s why you should run any professional scanner to identify malicious files.

STEP 4: How to recover encrypted files?

• Method 1: The first and best method is to restore your data from a recent backup, in case that you have one.

• Method 2: File Recovery Software – Usually when the ransomware encrypts a file it first makes a copy of it, encrypts the copy, and then deletes the original. Due to this you may try to use file recovery software to recover some of your original files.
• Method 3: Shadow Volume Copies – As a last resort, you can try to restore your files via Shadow Volume Copies. Open the Shadow Explorer part of the package and choose the Drive you want to recover. Right click on any file you want to restore and click Export on it.