I wrote this article to help you remove All_Your_Documents Ransomware. This All_Your_Documents Ransomware removal guide works for all Windows versions.

All_Your_Documents ransomware is a malicious win-locker which targets over 2500 file types. The nefarious program uses a combination of RSA-2048 and AES-128 ciphers to encrypt files. A unique feature of this win-locker is that it moves the objects. It merges them together in a .rar archive, titled All_Your_Documents. The archive is placed on the desktop. The insidious program creates a ransom note in .txt format which is also called All_Your_Documents. The name of the ransomware actually comes from the titles of the files it produces. The virus does not introduce itself with a given name.

The ransom message begins with the word “attention”, written in capitals in five languages: English, German, French, Spanish, and Italian. All_Your_Documents ransomware makes sure to acquire the victim’s undivided attention. It urges the owner of the infected computer to read the note carefully. In the message, the attackers explain what has occurred. As you would see upon checking your folders, your personal files are nowhere to be found. This is because they have been encrypted and moved to the archive, placed on the desktop. The explanation that the program has encrypted your documents, photos, videos, and other files is an understatement. The list of targeted formats is vast. Pretty much, only the system files are left intact.

The ransom note goes on to elaborate what you have to do. The developers of All_Your_Documents ransomware demand a ransom from the victims. They provide a code which leads to a Tor browser page. This is the payment website. The reason for using the Tor network to process the transaction is security. The cyber thieves do not want to risk getting caught. This web browser provides enhanced data protection. It conceals the IP address and hides the geographic location of the involved parties.

The payment method has been selected with a purpose, as well. The owners of All_Your_Documents ransomware require victims to pay in bitcoins. This cryptocurrency was originally devised as a safe way to conduct online transactions. The original idea behind this currency was to protect users from data extortion mechanisms. Bitcoin platforms do not require people to disclose personal information. Furthermore, the transactions cannot be traced. These favorable terms allow the attackers to swindle computer users without facing the slightest risk of repercussions.

According to research, the owners of All_Your_Documents ransomware initially ask for $354 USD. There is reportedly a deadline for paying this amount. If you do not pay within the designated time frame, the ransom will increase. This is but a scare tactic, used to pressure people. A lot of attackers resort to such trickery. According to the creators of All_Your_Documents ransomware, the problem will be solved once you pay the ransom. You will have your files decrypted and you will be able to resume your work on your computer with no further issues. This may not be the case. Performing a decryption is one thing, removing the win-locker is quite another. The files of the secluded program will remain on your hard drive. The hackers may be able to launch a second attack and compromise your data all over again.

The best way to deal with computer infections is to block them from entering your machine. There is information about the distribution techniques All_Your_Documents ransomware uses. The malignant program gets spread through Trojan horses. The Trojan-dropper can penetrate your system through a spam email or a RDP port attack. If you are having difficulty in filtering spam from genuine postage, allow us to give you a few pointers. First and foremost, check the email address of the sender. This is the best indication about the legitimacy of an electronic message.

Spammers often write on behalf of reputable entities to lead users astray. This is why you should do a checkup every time. If you have doubts about the reliability of a given website, you should look for information about it. Entering an infected domain can be enough to transfer a virus to your computer. This process is called a drive-by installation. Be careful about the websites you visit and the links you follow.

All_Your_Documents Ransomware Removal

Method 1: Restore your encrypted files using ShadowExplorer
Usually, All_Your_Documents Ransomware deletes all shadow copies, stored in your computer. Luckily, the ransomware is not always able to delete the shadow copies. So your first try should be restoring the original files from shadow copies.

1. Download ShadowExplorer from this link: http://www.shadowexplorer.com/downloads.html.
2. Install ShadowExplorer
3. Open ShadowExplorer and select C: drive on the left panel
4. Choose at least a month ago date from the date field
5. Navigate to the folder with encrypted files
6. Right-click on the encrypted file
7. Select “Export” and choose a destination for the original file

Method 2: Restore your encrypted files by using System Restore

1. Go to Start –> All programs –> Accessories –> System tools –> System restore
2. Click “Next“
3. Choose a restore point, at least a month ago
4. Click “Next“
5. Choose Disk C: (should be selected by default)
6. Click “Next“. Wait for a few minutes and the restore should be done.

Method 3: Restore your files using File Recovery Software
If none of the above method works, you should try to recover encrypted files by using File Recovery Software. Since All_Your_Documents Ransomware first makes a copy of the original file, then encrypts it and deletes the original one, you can successfully restore the original, using a File Recovery Software. Here are a few free File Recovery Software programs:

1. Recuva
2. Puran File Recovery
3. Disk Drill
4. Glary Undelete