How to remove Philadelphia Ransomware virus and restore encrypted files

Philadelphia is a common example of malicious software that is called ransomware. This means that Philadelphia penetrates user’s PC, encrypts his files and demands a ransom for their decryption. Philadelphia ransomware was first discovered in the middle of 2016 and from that time became a serious threat to all users around the world. It can affect all most popular file extensions in which text, video, sound and image files could be stored. The encrypted files get .locked extension and the name of long string of random characters, to scare the user and to make the files even more inaccessible then they are. The current amount of ransom is 0.5 BTC which is approximately $500.

 

Philadelphia  ransomware virus

 

This virus has almost no difference from other common representatives of ransomware family: it uses AES and RSA encryption algorithms, is distributed via e-mail spam. The only distinctive feature is “Russian Roulette”. The window that is shown to victim has a field to enter the secret key (which can be bought on scammers website) and two timers. The “deadline” timer counts the time until total file deletion and the “Russian Roulette” timer counts the time until next random file deletion. Scammers encourage victims to pay in time with these methods. If you will pay immediately you will probably get all your files back, but if the “Russian Roulette” timer will reach zero – the virus will delete the random amount of files. This method is very effective and most of users paid.

 

 

Philadelphia  ransomware virus

 

How to remove Philadelphia Ransomware Virus

If you are a victim of Philadelphia Ransomware, the first thing you should do is to delete the virus itself. It is the first step in all cases, even if you have backups of all important files. The best way to perform ransomware deletion is automatic, with help of decent anti-viral tool. Of course, you can try to remove Philadelphia Ransomware manually, but this requires much experience and might call some other issues that will be much harder to resolve. Contrariwise, to remove Philadelphia Ransomware with help of AV-tool you should just enter the Safe mode and launch the scanning. We advise you to use Spyhunter AntiMalware for this purpose, because it has many advantages over other competitors: it is fast, lightweight, not expensive and compatible with other anti-viral programs. If you’re interested in purchasing Spyhunter – just click the link above this paragraph.

 

Download Spyhunter - Anti-malware scanner

Why we recommend SpyHunter

Spyhunter removes malware fully

It protects the system against all kinds of threats: viruses, adware and hijackers

24/7 Free Support Team

More about Spyhunter: User manual, System requirements, Terms of service, EULA and Privacy policy


Removal instruction

 

 

 

Step 1. Boot the system into safe mode

  • Press Start
  • Type Msconfig and press Enter

Safe mode. Step 1

 

  • Select Boot tab

Safe mode. Step 2

 

 

  • Select Safe boot and press Ok

More information about Safe mode: What is Safe Mode and how to boot computer in Safe Mode

 

Step 2. Show all hidden files and folders

  • Press Start
  • Click on Control Panel

Show hidden files. Step 1

 

  • Select Appearance and Personalization

Show hidden files. Step 2

 

  • Click on Folder Options
  • Select View tab
  • Select Show hidden files, folders and drives

Show hidden files. Step 3

 

  • Press Ok

 

Step 3. Remove virus files

 

Check next folders to find suspicious files:

  • %TEMP%
  • %APPDATA%
  • %ProgramData%

 

Step 4. Fix hosts file

  • Go to %SystemRoot%\System32\drivers\etc\ folder

Hosts_file_location

 

  • Open hosts file using Notepad or other text editor
  • Delete suspicious elements
  • Basic hosts file looks like this:

Hosts_file

 

Step 5. Clean registry (for experienced users)

  • Click Start
  • Type Regedit.exe and press Enter
  • Clean startup registry keys
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunOnce
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunServices
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

Step 6. Scan computer with antivirus

 

Step 7. Disable Safe Mode and restart computer

  • Press Start
  • Type Msconfig and press Enter
  • Select Boot tab
  • Remove the check near Safe boot

How to restore files encrypted by Philadelphia Ransomware

Usually, the decryption of files is the most complicated part, but in this case we have a quick and safe answer: EmsiSoft decryption tool. This tool was developed in September 2016 and can completely decrypt all files, corrupted by Philadelphia Ransomware. All you should do is to pass this link and follow the given instructions.

How to protect the system against ransomware

All species of ransomware use one simple method of distribution: the e-mail spam. Scammers create hundreds of fake mailboxes on free services and write few templates that night interest different types of victims. If scammers want to affect an average user, the template is made like a letter from large on-line store or delivery service. For businessmen it is written like an employee resume, invoice or a notification about some changes in legislation etc. Here are three simple advices that will help you to avoid any ransomware in future:

 

  • Always do backups of the important files and store them on an external hard drive, disconnected from thee PC.
  • Never open e-mails from unknown senders, especially if they contain links or additional files.
  • If you often use e-mails – install the “sandbox” program that will help you to open any file without letting it in the system. it may be a separate program or a part of anti-virus suite.

 

If you will listen to these advices, your computer won’t be infected again, and even if ransomware will manage top sneak on it somehow – it won’t cause any damage, because all files will be copied and stored in safe place.

 

 

 

Share your feedback to help other people
1 1 1 1 1 1 1 1 1 1 Rating 5.00 [2 Votes]

Add comment

Security code
Refresh

 Norton_scan_results

Google_SafeBrowsing_scan_results

AVG_Scan_results

What is MicTrayDebugger and is it dangerous

This is a brief entry about MicTrayDebugger: what is it, how it appeared in the system, is it dangerous and how to get rid of it.

What is HoeflerText and is it dangerous?

 

This article is dedicated to the fraud scheme that is called HoeflerText font wasn't found. We will explain you what is this scheme and how to avoid it.

What is Wpad.dat virus and how it is used

The topic of our today's article is a script that had been unjustly called a virus. It’s Wpad.dat, and it is not a virus. We will explain what is Wpad.dat and how to prevent fraudsters to deceive yourself with its help.

 

Cancer virus trollware

This is an article about crazy Cancer virus and the madness that it brings to victim's computer.

White Ops unveiled the biggest botnet ever, called Methbot

White Ops cyber-security company revealed the largest botnet in history, called Methbot. In this article you’ll find full information about the net, its width and possible methods to shut it down.

 

This website uses cookies to improve your experience