Easy ransomware originates from Phobos familyThe virus demands ransom from the victim for data decryptionRansomware distribution in a nutshellRemove Easy ransomware virus and decrypt your files

In this guide, we will explain how to remove this ransomware from the system, and what you should do next.

The virus demands ransom from the victim for data decryption

Easy ransomware operators inform the victim that all data is “protected” with RSA-1024 algorithm. According to the note, computer’s security system was vulnerable, which led to a malware intrusion and complete file encryption. If the victim wants to decrypt files, the note recommends writing to the cybercriminals via provided email address, identical to the one appended to file names: easybackup@aol.com. The note instructs to put victim’s unique ID in the file subject. If the victim receives no answer within 24 hours, the criminals recommend reaching them via their Telegram account called @easybackup. The note also instructs not to damage or rename encrypted .easy files if the victim wants to open them ever again. Just like typical ransomware developers, operators behind this Phobos variant suggest decrypting up to 5 files (not exceeding 5 MB in size, non-archived) for free. Additionally, criminals state that they won’t decrypt databases, spreadsheets (XLS) and other file formats that are likely to contain information of highest importance to the victim. This is done to prevent test decryption on files that are the most valuable for the victim and might deter the victim from paying the ransom altogether. The only aim of this virus is to take your personal files hostage without leaving to chances to restore files for free. That said, it is important to mention that this ransomware runs several command line tasks to delete Volume Shadow Copies from the system. In this scenario, the victim loses all chances to restore system from a restore point. Keeping this ransomware virus or its remains on the system causes great danger for further intrusions. That said, we recommend removing the malware using a professional tool. After that, we strongly recommend scanning with after-care software, such as RESTORO to eliminate virus damage on Windows OS files. It is important to note that we do not recommend paying a ransom for ransomware developers. This never guarantees full data recovery, besides, the criminals might disappear as soon as they convince you to transfer the money. Money is the primary thing that they want, and your satisfaction or file recovery often isn’t exactly part of their plan. Besides, if you decide to pay up, criminals will surely identify you as a potential victim to target again. They will think that you have money and you are willing to spend it to recover your files. That said, they might try to send you deceptive emails, deliver you phishing links and similar. Phobos ransomware family is one of the largest cryptography-based malware variants out there today, among families like STOP/DJVU or DHARMA. These viruses have raked up massive sums of money for their developers. Do not support these criminals by spending your hard-earned money.

Ransomware distribution in a nutshell

Ransomware-type viruses like Easy are distributed in a slightly different manner than the majority of computer viruses. Developers of this specific ransomware spread it via hacked Remote Desktop (RDP) connections. That said, the cybercriminals target computers with weak RDP security. If you have a computer at home or your company with RDP necessarily enabled, you should disable it. If you do need to use it, make sure that you secure it with robust credentials. Another common ransomware distribution technique is malicious email spam. In this scenario, criminals send out thousands of deceptive emails with attachments to potential victims. These letters are often designed to look like they’re sent by a respectable company or service, and include a suggestion to view attached contents as well as send a “reply” soon. Examples of such email patterns are “view invoice – reply back” scenario, “you have a missing/pending payment to review,” “track your parcel – click tracking link or view attached details” and similar ones. Be very suspicious of any emails containing attachments, make sure to check for any questionable details (grammar mistakes, email address correctness, whole design). In general, we advise staying away from emails you didn’t wait for, or those that fall into spam/junk folders. Finally, many ransomware-type threats proliferate via torrents that can be downloaded via peer-to-peer download agents such as uTorrent or BitTorrent and similar. While these programs themselves aren’t malicious, they are used to share files between many users. In addition, the security of these files aren’t checked by these programs, only by antivirus programs and other security products installed on end hosts (user’s computer). Unfortunately, many users tend to ignore AV alerts when downloading software cracks and similar content, which often results in disastrous computer infection. Our recommendation is to get the content you want from legitimate sources only, ideally, from the original creator’s/vendor’s website.

Remove Easy ransomware virus and decrypt your files

Victims infected with the described virus should remove Easy ransomware as soon as possible. Delaying the removal procedure can cause even more damage, especially if the attack was carried out using hacked RDP ports. You should uninstall the ransomware remains using professional anti-malware. Then, run a scan with software like RESTORO to eliminate virus damage on Windows OS. Finally, make sure you secure the RDP connections or disable them at all. After completing Easy ransomware removal, you can use your data backups (created prior to the cyber crime incident) and start importing them to your computer. OUR GEEKS RECOMMEND Our team recommends a two-step rescue plan to remove ransomware and other remaining malware from your computer, plus repair caused virus damage to the system: GeeksAdvice.com editors select recommended products based on their effectiveness. We may earn a commission from affiliate links, at no additional cost to you. Learn more. Get INTEGO ANTIVIRUS for Windows to remove ransomware, Trojans, adware and other spyware and malware variants and protect your PC and network drives 24/7. This VB100-certified security software uses state-of-art technology to provide protection against ransomware, Zero-Day attacks and advanced threats, Intego Web Shield blocks dangerous websites, phishing attacks, malicious downloads and installation of potentially unwanted programs. Use INTEGO Antivirus to remove detected threats from your computer. Read full review here. RESTORO provides a free scan that helps to identify hardware, security and stability issues and presents a comprehensive report which can help you to locate and fix detected issues manually. It is a great PC repair software to use after you remove malware with professional antivirus. The full version of software will fix detected issues and repair virus damage caused to your Windows OS files automatically. RESTORO uses AVIRA scanning engine to detect existing spyware and malware. If any are found, the software will eliminate them. Read full review here.

Alternative software recommendations

Malwarebytes Anti-Malware

Method 1. Enter Safe Mode with Networking

Before you try to remove the virus, you must start your computer in Safe Mode with Networking. Below, we provide the easiest ways to boot PC in the said mode, but you can find additional ones in this in-depth tutorial on our website – How to Start Windows in Safe Mode. Also, see a video tutorial on how to do it: Instructions for Windows XP/Vista/7 users Instructions for Windows 8/8.1/10 users Now, you can search for and remove Easy ransomware virus files. It is very hard to identify files and registry keys that belong to the ransomware virus, Besides, malware creators tend to rename and change them repeatedly. Therefore, the easiest way to uninstall such type of a computer virus is to use a reliable malware removal program. In addition, we suggest trying a combination of INTEGO Antivirus (removes malware and protects your PC in real-time) and RESTORO (repairs virus damage to Windows OS files).

Method 2. Use System Restore

In order to use System Restore, you must have a system restore point, created either manually or automatically. Instructions for Windows XP/Vista/7 users Instructions for Windows 8/8.1/10 users After restoring the system, we recommend scanning the system with antivirus or anti-malware software. In most cases, there won’t be any malware remains, but it never hurts to double-check. In addition, we highly recommend checking ransomware prevention guidelines provided by our experts in order to protect your PC against similar viruses in the future. Removing spyware and malware is one step towards cybersecurity. To protect yourself against ever-evolving threats, we strongly recommend purchasing a Premium version of Malwarebytes Anti-Malware, which provides security based on artificial intelligence and machine learning. Includes ransomware protection. See pricing options and protect yourself now.

System Mechanic Ultimate Defense If you’re looking for an all-in-one system maintenance suite that has 7 core components providing powerful real-time protection, on-demand malware removal, system optimization, data recovery, password manager, online privacy protection and secure driver wiping technology. Therefore, due to its wide-range of capabilities, System Mechanic Ultimate Defense deserves Geek’s Advice approval. Get it now for 50% off. You may also be interested in its full review.

Disclaimer. This site includes affiliate links. We may earn a small commission by recommending certain products, at no additional cost for you. We only choose quality software and services to recommend.