How to remove Ryuk virus and restore encrypted files

If you've suffered from an encrypting infection and you're sure that it is the Ryuk program – on this page you will find help. We suggest simple and safe tips for Ryuk uninstalling and potential ways to restore the spoiled data.

What is Ryuk

Ransomware is a bogey of mankind, and everyone knows that if you cannot view the data and there's a ransom note – it’s time to be scared. It’s a correct reaction, unfortunately. An encrypting virus is the most dangerous thing that can happen to you in the Net because a regular person has no resources to delete it. The exclusive situation when you can beat ransomware is if you are not facing a true one, but an imitation, that blocks your screen and tries to deceive you into paying a ransom. In all other cases, if ransomware was created and secured in a right method – you can only hope that virus fighters can beat it. If swindlers failed somehow, and there are some vulnerabilities, which allow you to get back files – we will tell to you what you can do in this article.




Let's find out, what we have to say about ransomware? It consists of a totally legal cryptography algorithm that changes the folders on operator’s computer and makes them unreadable without a key. That key is encrypted too, but with a different method. Usually, scammers choose RSA and AES algorithms, which have demonstrated themselves the very hard-to decrypt and fail-safe. These manners and the software based on them can be easily found on the Internet, so hackers just have to add techniques of defense, to restrict an access to a program, and create the reliable update and control pattern. Some viruses just act in standalone mode, and web-criminals know of another "client" not before he approaches them and sets off the funds. The complex viruses are work in another manner, and transmit reports to thousands addresses, to puzzle the security specialists and throw them off virus’ track.

Virus type is not important, as the AES and RSA algorithms are overly complex to hack them directly. It it requires centuries to perform all necessary calculations on a regular device and, possibly, few decades in case of usage of an industrial gear. We know only two solid manners to beat a ransomware: to find flaws in its code, or hack the Command & Control website, to find a master key. In some cases there is a breaker, able to stop ransomware's activity totally or to make it pass the infected PC. If some parson finds that breaker for Ryuk, or create a decryptor, we'll give you complete information in this article.


Here we've gathered some possibilities to check, prior to giving up and expecting for a decryption software. As it is said in previous paragraphs, web-criminals make errors, and certain peculiarities of the system might support you to restore data.


  • A protected copy is the sole totally efficient manner to get your info back, but you need to get rid of Ryuk first. Ensure that the ransomware is gone in full, as if it’s not – all files will be corrupted again, with the files that were saved on a flash disc.
  • If you do not employ the Windows via an admin profile – it's your fortunate day. The catch is that your system duplicates any information before they’re destroyed or changed. Suchlike files are called SVC, and Ryuk knows how to erase them. If you are employing the regular entry – the operating system requests for a permission at the very moment Ryuk goes to delete SVC. If you've seen such window and ignored it – your SVC are safe, and you might find a specialized program to restore the information.


If both of these advice didn't work and there is no way to recover lost data – you have to eliminate the ransomware from your machine and expect when a decryption software will be developed.

How to remove Ryuk

Unfortunately, you can't fully escape an automatic mode. This virus is too cunning and there is a chance pass some elements and then regret it (it could happen if you line up an outer data storage with your backups to a not-fully-clean device). It also lurks damn well, and you just won’t be able to get rid of it completely with your own hands. According to this, we have developed an effective deletion instruction which will suit all your needs. It contains several by-hand steps and one extra antivirus tool phase.

Removal instruction

If you are MAC user, follow this guide: how to decrypt files on MAC.




Step 1. Boot the system into safe mode

  • Press Start
  • Type Msconfig and press Enter

Safe mode. Step 1


  • Select Boot tab

Safe mode. Step 2



  • Select Safe boot and press Ok

More information about Safe mode: What is Safe Mode and how to boot computer in Safe Mode


Step 2. Show all hidden files and folders

  • Press Start
  • Click on Control Panel

Show hidden files. Step 1


  • Select Appearance and Personalization

Show hidden files. Step 2


  • Click on Folder Options
  • Select View tab
  • Select Show hidden files, folders and drives

Show hidden files. Step 3


  • Press Ok


Step 3. Remove virus files


Check next folders to find suspicious files:

  • %TEMP%
  • %ProgramData%


Step 4. Fix hosts file

  • Go to %SystemRoot%\System32\drivers\etc\ folder



  • Open hosts file using Notepad or other text editor
  • Delete suspicious elements
  • Basic hosts file looks like this:



Step 5. Clean registry (for experienced users)

  • Click Start
  • Type Regedit.exe and press Enter
  • Clean startup registry keys
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunOnce
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunServices
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

Step 6. Scan computer with antivirus

We suggest you to test Spyhunter AV software that is not simply effective, but is light weight and constantly progressing software which can clear the device of all perilous programs. Click the link under this paragraph to download Spyhunter and remove Ryuk.


Special Offer

Download Spyhunter - Anti-malware scanner

We advise downloading SpyHunter to see, if it can detect malware for you.

Spyhunter has a biggest malware database

It protects the system against all kinds of threats: Trojans, adware and hijackers

24/7 Free Support Team

SpyHunter scanner detects threats and malware for free, but to remove infected elements you need to purchase a full version of program for 39.99$. More information about Spyhunter, EULA and Privacy policy.


Step 7. Disable Safe Mode and restart computer

  • Press Start
  • Type Msconfig and press Enter
  • Select Boot tab
  • Remove the check near Safe boot

How to restore files

As you uninstalled the ransomware, it's time for some info recovery. As you know now, if you logged in from an admin account and you permitted the virus a pass to the computer – you have no manner to restore your files save for the previously saved copies. If you don't remember this – you might have a chance, but it will require especial recovery software. The best ones of them are Recuva or ShadowExplorer programs. They're easy to download on their official sites, with close instructions.

  • Click Start
  • Click Control Panel

Decrypt files. Step 1


  • Click System and Security

Decrypt files. Step 2


  • Select Backup and Restore

Decrypt files. Step 3


  • Select Restore files from backup
  • Select checkpoint to restore


Share your feedback to help other people
1 1 1 1 1 1 1 1 1 1 Rating 0.00 [0 Votes]

Add comment

Security code



Acronis suggestion to CrashPlans users

Around a month ago, there was an accident with CrashPlans backup software.

What is MicTrayDebugger and is it dangerous

This is a brief entry about MicTrayDebugger: what is it, how it appeared in the system, is it dangerous and how to get rid of it.

What is HoeflerText and is it dangerous?


This article is dedicated to the fraud scheme that is called HoeflerText font wasn't found. We will explain you what is this scheme and how to avoid it.

What is Wpad.dat virus and how it is used

The topic of our today's article is a script that had been unjustly called a virus. It’s Wpad.dat, and it is not a virus. We will explain what is Wpad.dat and how to prevent fraudsters to deceive yourself with its help.


Cancer virus trollware

This is an article about crazy Cancer virus and the madness that it brings to victim's computer.

This website uses cookies to improve your experience