I wrote this article to help you remove “We have encrypted all your personal files” Ransomware. This “We have encrypted all your personal files” Ransomware removal guide works for all Windows versions.

The number of encryption viruses has gone up in recent years. The infections which target files are becoming more sophisticated. If you have contacted a malicious program which displays a message beginning with “We have encrypted all your personal files”, we regret to inform you that you have fallen victim to Thunder Crypt ransomware. The win-locker does not introduce itself formally. The name of the program is only listed in the top window frame of the ransom message. The alternative name “We have encrypted all your personal files” ransomware is used for reference purposes, since some victims are unable to identify the threat amid all the commotion.

It makes sense to be intimidated by a virus which gets straight in your face. Still, you should try to maintain your composure. The creators of “We have encrypted all your personal files” ransomware have devised an elaborate message which aims to make people believe that the only way out of the situation is to pay the ransom. The note explains the actions of the insidious program in a calm and collective way. The hackers state that they have encrypted your personal files using the AES-2048 algorithm. This is a strong cryptosystem.

“We have encrypted all your personal files” ransomware uses a public encryption key to render the code scheme of the targeted objects. A private decryption key is required to unlock them. To notify people about its demands, the nefarious program produces a ransom note. The file is displayed as a pop-up message. In the title of the window, you will see the name Thunder Crypt. This is the only indication about the name of the parasite. “We have encrypted all your personal files” ransomware discloses all details through the ransom message.

The insidious program starts off by informing the victim that his files have been encrypted. The next statement is that they can be unlocked during a certain time period. The note references a countdown clock, situated on the left side of the pop-up window. The developers of “We have encrypted all your personal files” ransomware have produced two versions of the virus which only differ in terms of the deadline. The amount of time you will have after the win-locker infects your data will be either 24 or 48 hours. The cyber criminals require people to pay in Bitcoins. This is a cryptocurrency which has become the most common choice of ransomware vendors. This is because the platforms for trading Bitcoins do not ask users to list personal details. The crooks can accept the money without taking the risk of having their identity exposed.

The ransom amounts to 0.345 BTC. With the exchange rate for the crypto currency reaching a record high, this equals $590.78 USD. To prove that there is a working decryption key, the authors of “We have encrypted all your personal files” ransomware have included an option to unlock one file of the user’s choice for free. The object of choice has to be no bigger than 3 MB in size. Users can send the requested file to the coders per email. They have provided a contact form which can also be used for inquiries. If you are intending to look for an alternative solution, the ransom note will try to stop you before you take the initiative. The message elaborates that removing the win-locker with an antivirus program would make the recovery impossible. The hackers warn people not to damage the program.

Be advised that cyber thieves cannot be trusted to make good on a proposed deal. You should resolve the problem on your own. To spare yourself the trouble of dealing with “We have encrypted all your personal files” ransomware, you need to keep your guard up. This win-locker, like many others you may encounter, travels with spam emails. The secluded program gets concealed behind attachments. The sender behind the bogus message will try to make you believe that the file is a document on an important matter, like a letter, a delivery package, a bill, a fine, a court hearing or something else. To filter spam from legitimate postage, you need to check the email address. Spammers often write on behalf of existing organizations and copy their contacts to make the notification look genuine. Since they cannot access a company email address, they will register a fake account.

“We have encrypted all your personal files” Ransomware Removal

Method 1: Restore your encrypted files using ShadowExplorer
Usually, “We have encrypted all your personal files” Ransomware deletes all shadow copies, stored in your computer. Luckily, the ransomware is not always able to delete the shadow copies. So your first try should be restoring the original files from shadow copies.

1. Download ShadowExplorer from this link: http://www.shadowexplorer.com/downloads.html.
2. Install ShadowExplorer
3. Open ShadowExplorer and select C: drive on the left panel
4. Choose at least a month ago date from the date field
5. Navigate to the folder with encrypted files
6. Right-click on the encrypted file
7. Select “Export” and choose a destination for the original file

Method 2: Restore your encrypted files by using System Restore

1. Go to Start –> All programs –> Accessories –> System tools –> System restore
2. Click “Next“
3. Choose a restore point, at least a month ago
4. Click “Next“
5. Choose Disk C: (should be selected by default)
6. Click “Next“. Wait for a few minutes and the restore should be done.

Method 3: Restore your files using File Recovery Software
If none of the above method works, you should try to recover encrypted files by using File Recovery Software. Since “We have encrypted all your personal files” Ransomware first makes a copy of the original file, then encrypts it and deletes the original one, you can successfully restore the original, using a File Recovery Software. Here are a few free File Recovery Software programs:

1. Recuva
2. Puran File Recovery
3. Disk Drill
4. Glary Undelete