Remove Monument Ransomware

0
56

I wrote this article to help you remove Monument Ransomware. This Monument Ransomware removal guide works for all Windows versions.

Monument ransomware is an updated version of Jigsaw ransomware. Over a short time period, the developers of the notorious win-locker released two new builds of the virus. The other variation is called DarkLocker ransomware. The only notable difference between the two reincarnations is the amount they ask for. Monument ransomware makes a higher demand. It requires victims to pay a ransom of 0.25 BTC (~$285.96 USD). The payment has to be made within 24 hours, otherwise the amount will be increased to 0.35 BTC (~$400.34 USD).

The final deadline for making the payment is 48 hours. Monument ransomware generates a unique decryption key and sends it to a command and control (C&C) server where it is stored for this time period. After the key gets deleted, it cannot be recovered. There is a countdown clock to keep users updated on the time they have left. DarkLocker ransomware lists a ransom of 0.15 BTC (~$171.22 USD) during the first 24 hours and 0.20 BTC ($228.29 USD) in the remainder.

The renegade developers have chosen the payment method with a purpose. The C&C server and the bitcoin cryptocurrency function as protection mechanisms to hide their identity. The server conceals their IP address and the geographic coordinates of their device. Bitcoin platforms offer a safe online payment solution. There are two upsides to using this particular cryptocurrency. First, the user is not requited to enter personal details when registering on the website. Second, the transaction cannot be traced. When a sum is paid in bitcoins, the recipient can seamlessly transfer it to his bank account.

Monument ransomware drops a ransom note where the bitcoin wallet address of the cyber thieves is listed. The sinister program displays the message on system launch. To make it comprehensible for more people, the authors of the win-locker have written it in three languages: English, Spanish, and Russian. This indicates that Monument ransomware has been created to launch attacks on different countries from across the globe. The ransom note explains the purpose of the clandestine program, provides instructions on how to pay the ransom, and displays the countdown clock to keep victims updated on how much time they have to make the payment.

Remove Monument Ransomware
The Monument Ransomware

Monument ransomware uses strong ciphers to lock files. The hackers have chosen a combination of AES-256 and RSA-2048 algorithms. The target list contains various file formats. This encompasses documents, photos, videos, audios, databases, archives, logs, and others. Monument ransomware is remarkable for using an exceptionally long file extension to mark the encrypted objects. It adds the following suffix to their original names: .To unlock your files send 0.15 Bitcoins to [Bitcoin wallet address] within 24 hours 0.20 after 24 hours.

The cyber crooks do their best to make victims feel pressed against the wall. Not only do they give people two days to make the payment, but they start deleting their files within an hour. Monument ransomware is set to delete between 1 and 5 files on one hour intervals. The later you pay, the more data you will end up losing. Due to the severely harsh terms, a lot of malware analysts consider this particular series of win-lockers the worst to have ever been created. While experts work on custom decryptors for the new builds, the best users can do is to enhance their level of protection.

Monument ransomware is spread in a couple of ways. Spam emails are the usual host for the covert program. One of the campaigns responsible for distributing the win-locker talks about an order from Amazon.com. The emails inform the recipient that his order has been dispatched. They contain a .zip attachment. Opening the file inside the attachment would unleash the win-locker into your system. If you receive a message about an order you do not recall placing, the letter is probably spam. To avoid disaster, do your research before accessing the file. Check the email address. If the message has been written on behalf of a given entity, go to its official website for reference.

The other way for Monument ransomware to enter your system is with the help of a rogue utility. A bundling scheme involving an application called Imminent Monitor has been cited. This is a remote administration tool (RAT). Renegade developers are using pirated versions of the program to host the win-locker. To avoid contacting infections through compromised software, take the time to read the terms and conditions. If there are extra programs offered, you should deselect them or terminate the install altogether. Additional software is often malware in disguise.

Monument Ransomware Removal

Method 1: Restore your encrypted files using ShadowExplorer
Usually, Monument Ransomware deletes all shadow copies, stored in your computer. Luckily, the ransomware is not always able to delete the shadow copies. So your first try should be restoring the original files from shadow copies.

  1. Download ShadowExplorer from this link: http://www.shadowexplorer.com/downloads.html.
  2. Install ShadowExplorer
  3. Open ShadowExplorer and select C: drive on the left panelshadowexplorer
  4. Choose at least a month ago date from the date field
  5. Navigate to the folder with encrypted files
  6. Right-click on the encrypted file
  7. Select “Export” and choose a destination for the original file

Method 2: Restore your encrypted files by using System Restore

  1. Go to Start –> All programs –> Accessories –> System tools –> System restore
  2. Click “Nextsystem restore
  3. Choose a restore point, at least a month ago
  4. Click “Next
  5. Choose Disk C: (should be selected by default)
  6. Click “Next“. Wait for a few minutes and the restore should be done.

Method 3: Restore your files using File Recovery Software
If none of the above method works, you should try to recover encrypted files by using File Recovery Software. Since Monument Ransomware first makes a copy of the original file, then encrypts it and deletes the original one, you can successfully restore the original, using a File Recovery Software. Here are a few free File Recovery Software programs:

  1. Recuva
  2. Puran File Recovery
  3. Disk Drill
  4. Glary Undelete
SHARE
Daniel Stoyanov
Daniel Stoyanov has a Master's degree in Computer Science from the Technical University of Sofia, Bulgaria. He is also a Microsoft Certified Professional. Daniel provides top cyber security news with in-depth coverage of malware, vulnerabilities, PC and Network security, online safety.If you have any questions feel free to ask him right now.

NO COMMENTS

LEAVE A REPLY

Time limit is exhausted. Please reload CAPTCHA.