I wrote this article to help you remove Amnesia 2 Ransomware. This Amnesia 2 Ransomware removal guide works for all Windows versions.

The Amnesia 2 Ransomware is the newest version of the original Amnesia infection. Unsurprisingly, as a classic ransomware, don’t expect any originality from this pest. It does what all ransomware pieces do. Amnesia 2 enters your machine with the help of spam email messages but we will get back to that later. Then, the virus locates all of your private files and encrypts them. And finally, it extorts you for money. Once in, the ransomware doesn’t waste time. It immediately performs a scan of your PC in search for your sensitive data. Needless to say, it doesn’t take long before it finds everything. Then, Amnesia 2 uses a combination of locking algorithms to encrypt both your files and the decryption key. This means that all of your pictures, videos, documents, music, MS Office files, etc. get locked and become completely inaccessible to you. You are no longer able to open them or listen to them. All you see is their empty icons. You also see their names but they have been altered.

To solidify its hold over your data, Amnesia 2 adds one of the following extension to each locked file: “.[black.mirror@qq.com].oled”, “.SON”, “.Help244@Ya.RU] .LOCKED”, “.@decrypt2017”, “.@decrypt_files2017”, “.CRYPTBOSS”, or “.TRMT”. Seeing any of these add-ons means that the encryption process is over and all of your valuable data is being kept hostage. This situation could cause you to panic very easily. But you should try to remain calm. Crooks want you to panic and be scared as this way you would be more willing to comply with their demands.

What are their demands? Money, of course. Once the file-locking process is complete, the ransomware drops the “RECOVER-FILES.HTML” file for you. This is the so-called ransom note. It explains your situation, and ironically, offers you a way out. Isn`t is strange that the same people who took your data are now trying to help you? Of course, it is. And they are not actually helping you. They just want your money. According to the note, the only way of freeing your data is by purchasing a special decryption tool which costs 0.5 Bitcoins ($1,330). As you can see, this is a pretty hefty sum. Even more considering the fact that you have zero guarantees that you will get what you paid for whatsoever. Of course, you don’t.

You cannot trust crooks to keep their end of the bargain. You cannot be sure that they will send you a working decryptor if they send you any at all. Also, the note offers a free recovery of one file as a demonstration but this is a bad idea as well. If you contact these people they may use your email address to harass you even more. Don’t fall into that trap. Paying is not an option. Even if you get the right decryption key, it doesn’t remove the ransomware from your machine. You have to do that. Use our removal guide below or use an automatic solution. Either way, Amnesia 2 has to go. Once your PC is clean, you can safely recover your locked data.

As we said, Amnesia 2 get distributed with a massive spam email campaign. The crooks attack malicious files to seemingly legitimate emails and if you open them, the ransomware gets installed on your machine. Here is what you should and shouldn’t do. First of all, always proceed with caution when you receive an email from a stranger. Don’t blindly open any message that you get. Second, hackers often write on behalf of some well-known company.

Always check to see if the two email addresses match by visiting the said company`s official site. Don’t be fooled by logos and stamps too. Crooks are creative and they go out of their way to trick you. Be more doubting and vigilant. Keep in mind that actual organizations usually use your name in the email and hackers go with “Dear Friend/Customer”. Don’t let yourself be fooled. Also, get yourself a reliable anti-malware program, keep it up to date and regularly scan your PC to be sure it is clean. Another important piece of advice is to always keep backups of your most important files.

Amnesia 2 Ransomware Removal

Method 1: Restore your encrypted files using ShadowExplorer
Usually, Amnesia 2 Ransomware deletes all shadow copies, stored in your computer. Luckily, the ransomware is not always able to delete the shadow copies. So your first try should be restoring the original files from shadow copies.

1. Download ShadowExplorer from this link: http://www.shadowexplorer.com/downloads.html.
2. Install ShadowExplorer
3. Open ShadowExplorer and select C: drive on the left panel
4. Choose at least a month ago date from the date field
5. Navigate to the folder with encrypted files
6. Right-click on the encrypted file
7. Select “Export” and choose a destination for the original file

Method 2: Restore your encrypted files by using System Restore

1. Go to Start –> All programs –> Accessories –> System tools –> System restore
2. Click “Next“
3. Choose a restore point, at least a month ago
4. Click “Next“
5. Choose Disk C: (should be selected by default)
6. Click “Next“. Wait for a few minutes and the restore should be done.

Method 3: Restore your files using File Recovery Software
If none of the above method works, you should try to recover encrypted files by using File Recovery Software. Since Amnesia 2 Ransomware first makes a copy of the original file, then encrypts it and deletes the original one, you can successfully restore the original, using a File Recovery Software. Here are a few free File Recovery Software programs:

1. Recuva
2. Puran File Recovery
3. Disk Drill
4. Glary Undelete