I wrote this article to help you remove RansomPlus Ransomware. This RansomPlus Ransomware removal guide works for all Windows versions.

RansomPlus ransomware was only discovered a few days ago. According to malware specialists, the clandestine program has been written on Visual Studio 2015. RansomPlus ransomware has classic technical characteristics and the same objective as most win-lockers. The nefarious program uses an algorithm to encrypt the user’s personal files. It appends the .encrypted extension to the names of the targeted items. Once it has rendered them inaccessible, it demands a ransom to restore them.

RansomPlus ransomware encrypts different file types, including documents, photos, audios, videos, archives, and others. If you store important documentation on your machine, you could suffer serious setbacks in your endeavors. If you are considering the option to pay the ransom, you need to take the risks into account. The people behind RansomPlus ransomware are criminals. There is no guarantee that paying them will resolve the issue. They might not restore your files. Even if they do, remnants from the virus could remain on your computer. You can fall victim to a second attack in time.

RansomPlus ransomware uses AES algorithm to encrypt files. This cryptosystem is used by a lot of win-lockers. It has been proven to be effective. Time will tell how good of a code the hackers have devised. In the meantime, victims will have to go for alternative solutions. One option is to recover files from their shadow volume copies. There is no word on whether the insidious program deletes them. You can also try to do a system restore. This will erase all files which have been saved after a designated time point. You need to be certain that RansomPlus ransomware had not yet entered your system at the point you choose. Keep in mind that the infection could lay in stealth mode for a while.

The first task RansomPlus ransomware carries out is to encrypt the vulnerable file types. This is the most important operation. Once the covert program has locked your data, it will display its ransom note. The file is titled YOUR FILES ARE ENCRYPTED!!!.txt. A copy of it is dropped in all folders which contain encrypted objects. The cyber thieves behind RansomPlus ransomware give a short and straightforward message. They inform people what has happened on their system and tell them what they are required to do. Users have to pay the ransom through an online platform and send them the transaction ID per email. Their address is andresaha82@gmail.com.

The hackers demand a ransom of 0.25 BTC. This converts to $247.69 USD, according to the current exchange rate. They have provided a link to a platform where you can purchase bitcoins. There are many bitcoin vendors. This cryptocurrency has gained prominence due to providing a high level of security for online transactions. Cyber criminals have taken advantage of this fact. The developers of RansomPlus ransomware can collect the payment without disclosing their identity. Bitcoin platforms do not require users to give personal information. The hackers can get away with the ransom money without risking to be pursued by the authorities.

Having RansomPlus ransomware penetrate your computer means you have been neglectful of your security. The usual way for the win-locker to enter people’s machines is via spam emails. The shady program travels hidden behind attachments. The host for RansomPlus ransomware can be a zipped folder, a compressed archive, a single text document, or an image. Opening the file can be enough to unleash the infection into your system. This is why we advise users to handle their postage with the utmost caution. Proof the sender’s contacts to confirm he is who he claims to be. In many instances, spammers write on behalf of legitimate entities to throw people off.

Another way to contact RansomPlus ransomware is through a bundle. The secluded program can use freeware, shareware, and pirated utilities as hosts. The hacker who has attached the virus may have used an obfuscator. Program obfuscators hide malicious codes to avert detection from the operating system. Only anti-virus programs can detect concealed threats. To block infections from infiltrating your machine, you should stick to confirmed programs and sources. Another preventive measure you can take is to read the terms and conditions of the software you install. Viruses often pose as useful tools, included with the main program as a bonus. We advise you never to accept additional tools.

RansomPlus Ransomware Removal

Method 1: Restore your encrypted files using ShadowExplorer
Usually, RansomPlus Ransomware deletes all shadow copies, stored in your computer. Luckily, the ransomware is not always able to delete the shadow copies. So your first try should be restoring the original files from shadow copies.

1. Download ShadowExplorer from this link: http://www.shadowexplorer.com/downloads.html.
2. Install ShadowExplorer
3. Open ShadowExplorer and select C: drive on the left panel
4. Choose at least a month ago date from the date field
5. Navigate to the folder with encrypted files
6. Right-click on the encrypted file
7. Select “Export” and choose a destination for the original file

Method 2: Restore your encrypted files by using System Restore

1. Go to Start –> All programs –> Accessories –> System tools –> System restore
2. Click “Next“
3. Choose a restore point, at least a month ago
4. Click “Next“
5. Choose Disk C: (should be selected by default)
6. Click “Next“. Wait for a few minutes and the restore should be done.

Method 3: Restore your files using File Recovery Software
If none of the above method works, you should try to recover encrypted files by using File Recovery Software. Since RansomPlus Ransomware first makes a copy of the original file, then encrypts it and deletes the original one, you can successfully restore the original, using a File Recovery Software. Here are a few free File Recovery Software programs:

1. Recuva
2. Puran File Recovery
3. Disk Drill
4. Glary Undelete