How to Remove Blower Virus Ransomware (+File Recovery)

How to Remove Blower Ransomware?

Readers recently started to report the following message being displayed when they boot their computer:

ATTENTION!

Don’t worry my friend, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-1aaC7npeV9
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
Please note that you’ll never restore your data without payment.
Check your e-mail “Spam” folder if you don’t get answer more than 6 hours.

To get this software you need write on our e-mail:
blower@india.com

Reserve e-mail address to contact us:
blower@fireman.cc

Your personal ID:


Blower
is the name of a ransomware tool. One, that belongs to the Djvu family of threats. These types of tools are horrendous companions. They use trickery to sneak into your system. And, once inside, spreads corruption. The infection takes your files hostage, and blackmails you for money. Let’s elaborate. The tool uses AES and RSA 1024-bit military grade encryption algorithms. And, locks your data. Everything, you keep on your computer, gets taken hostage. To ensure its grip over your files, the tool adds a special extension. Say, you have a picture called ‘today.jpg.’ After the tool’s done with it, it becomes ‘today.jpg.blower.’ Once the extension is in place, you can no longer access your files. You can try, but you will fail. Moving or renaming them won’t help. The only way to regain control is to comply. The infection leaves you instructions to follow in a note. You can find it on your Desktop, by the name “_readme.txt.” Do NOT follow its demands! Do not contact the cyber kidnappers. Do not email them. Do not send them money. Nothing good will come of that. Do yourself a favor, and do NOT reach out to these people.

How did I get infected with?

Blower infiltrates your system via slyness and finesse. It preys on your carelessness to ensure its covert invasion. It may seem confusing, so let’s explain. The tool employs the help of the old but gold methods to slither into your PC. It hitches a ride with freeware. Uses corrupted links, sites, or torrents to conceal its presence. Poses as a bogus system or program update. It has a plethora of tricks up its sleeve. Among the most common ones, you’ll find spam emails. They manage to convince users that they’re, in fact, legitimate, when it’s the exact opposite. They’re a lie. Say, you get an email that claims to come from PayPal. Or, some other big company. It contains a link, you “have” to click on. Or, an attachment, you “have” to download. If you do, you end up with Blower. Many cyber threats turn to that technique of invasion as it offers an easy way in. Don’t let the infection fool you. Always be vigilant, and take the time to do your due diligence. Remember that infections prey on user carelessness. So, make sure not to provide it. Instead, be extra careful. Attention goes a long way.

Remove Blower

Why is Blower dangerous?

The ransom note, Blower leaves you, is pretty straightforward. It does you the courtesy of explaining your predicament. How your “photos, databases, documents and other important” files are locked. And, how the only way to remedy that is a unique decryption key. To get said key, you must pay a ransom. It’s requested in Bitcoin, and its price fluctuates. The note states that it’s 980 US Dollars. But continues to say that, if “you contact us first 72 hours,” it changes. You get a “50% discount,” and get to pay $490 for your key. That may seem like a bargain, but don’t get fooled. That’s the ransomware’s goal. It aims to trick you into acting against your best interest. Don’t fall for it! Try to keep level-headed, and think this through. You have an infection on your PC that encrypted your data. It keeps your files under lock-down until you pay money for a special key. It claims that, once you pay, you’ll get the key. After you apply it, your data will get decrypted. Let that sink in. The release of your data rests on the promises of cyber extortionists. Do you believe that strangers will keep their word? That they won’t double-cross you, once they get your money? Don’t be naive! Don’t rely on the words of unknown individuals with malicious agendas. They will disappoint you. Instead, place your faith on backups. Like, cloud services and external storage. Do NOT pay the ransom! It earns you nothing but regret.

Blower Removal Instructions

STEP 1: Kill the Malicious Process

STEP 2: Reveal Hidden Files

STEP 3: Locate Startup Location

STEP 4: Recover Blower Encrypted Files

STEP 1: Stop the malicious process using Windows Task Manager

  • Open your task Manager by pressing CTRL+SHIFT+ESC keys simultaneously
  • Locate the process of the ransomware. Have in mind that this is usually a random generated file.
  • Before you kill the process, type the name on a text document for later reference.

end-malicious-process

  • Locate any suspicious processes associated with Blower encryption Virus.
  • Right click on the process
  • Open File Location
  • End Process
  • Delete the directories with the suspicious files.
  • Have in mind that the process can be hiding and very difficult to detect

STEP 2: Reveal Hidden Files

  • Open any folder
  • Click on “Organize” button
  • Choose “Folder and Search Options”
  • Select the “View” tab
  • Select “Show hidden files and folders” option
  • Uncheck “Hide protected operating system files”
  • Click “Apply” and “OK” button

STEP 3: Locate Blower encryption Virus startup location

  • Once the operating system loads press simultaneously the Windows Logo Button and the R key.

win-plus-r

Depending on your OS (x86 or x64) navigate to:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

  • and delete the display Name: [RANDOM]

delete backgroundcontainer

  • Then open your explorer and navigate to:

Navigate to your %appdata% folder and delete the executable.

You can alternatively use your msconfig windows program to double check the execution point of the virus. Please, have in mind that the names in your machine might be different as they might be generated randomly, that’s why you should run any professional scanner to identify malicious files.

STEP 4: How to recover encrypted files?

  • Method 1: The first and best method is to restore your data from a recent backup, in case that you have one.

windows system restore

  • Method 2: File Recovery Software – Usually when the ransomware encrypts a file it first makes a copy of it, encrypts the copy, and then deletes the original. Due to this you may try to use file recovery software to recover some of your original files.
  • Method 3: Shadow Volume Copies – As a last resort, you can try to restore your files via Shadow Volume Copies. Open the Shadow Explorer part of the package and choose the Drive you want to recover. Right click on any file you want to restore and click Export on it.

Leave a Comment