I wrote this article to help you remove Revenge Ransomware. This Revenge Ransomware removal guide works for all Windows versions.

Revenge is the nth new ransomware infection on the malware stage. Actually, it is an updated version of an old threat (the CryptoMix ransomware) with a new name. Either way, it is dangerous. The ransomware family is considered the most dreaded one out there. Researchers and experts unite in the view that ransomware pieces, and Trojan horses, are the absolute worst cyber pest you can possibly get stuck with. And there is a reason for that.

Revenge deserves that title as much as every other ransomware strain. Its only goal is your money and it relies on a pretty clever technique to get it. Let`s explain. Like almost every other member of the ransomware family, Revenge follows a standard pattern. First, it slithers into your machine in silence. Then, it locks all of your files. And finally, it blackmails your for money in exchange for those files. One thing at a time, though.

First, the invasion. How did Revenge enter your PC? Did you download it intentionally? We doubt it. But you still did something to help it enter. Ransomware infections cannot get it without your approval. However, crooks are aware that you would never give a green light to such a dangerous virus so they turn to trickery and deception to dupe you. They rely on the oldest tricks in the book. Those include spam email messages, fake program updates, corrupted pages, unverified sources, freeware bundles, and even the help of a Trojan horse infection. Any of these tactics would do provided that you do something yourself.

Your carelessness is required. The pest cannot succeed without it. If you are vigilant, it cannot dupe you as you will spot the intruder on time and remove it on the spot. But if you are distracted and in a rush, the infection will go right by you and settle in your machine. Think about it. Which option is better? Being more cautious and preventing the ransomware from entering? Or dealing with its shenanigans later? There is no argument here. Prevention is always the better choice. So, be more careful. Don’t open emails from unknown senders. Don’t skip the Terms and Conditions when installing an update or a freeware bundle. Stay away from suspicious pages/torrents/links/ads, etc. A little extra attention could save you a ton of trouble.

Once in your PC, Revenge proceeds to step number two. The encryption. The ransomware doesn’t waste any time. Shortly after the invasion, it locates all of your data that you have stored on your machine and encrypts it with the AES-256 encryption algorithm and the “[32_random_characters].REVENGE” pattern. “.REVENGE” is the extension the pests appends to your locked files to solidify its grip. Seeing this add-on means that the locking process is over and your files are no longer accessible. Your pictures, videos, music, documents, presentations, MS Office files, work-related data are all locked and you cannot use them in any way. Your PC cannot recognize them anymore because of their new extension. And renaming them or moving them into another folder does nothing as well. Revenge keeps them hostage and demands a ransom in exchange for their release.

When the encryption process finishes, Revenge drops a TXT file named “# !!!HELP_FILE!!! #.txt”. This is the ransom note and it comes in English, Polish, German, Italian and Korean. This note explains your situation stating that if you want your files back you have to pay a ransom. It also provides an email address via which you are supposed to contact the crooks so they can give you detailed payment instructions.

Hackers promise that once you pay, they will send you a special tool to help you decrypt your data. But the fact that they promise doesn’t mean they will actually deliver. There are no guarantees when it comes to making deals with cybercriminals. What if you pay and they don’t send you the tool? Or, what if they send you the wrong tool? And even if they do send you a fully working decryptor and you free your data, you still lose. Why? Because the decryptor only removes the encryption, not the infection.

The Revenge ransomware remains on your PC and it can strike again anytime. You will find yourself back to square one but with less money and exposed privacy. Yes, paying the crooks also means exposing your private details to them. Needless to say, they will use them for nothing but their malicious purposes and the money you give them will go for more malware creation. Don’t help hackers expand their “business”. Don’t pay. Instead, use our removal guide below and get rid of this nasty ransomware for good. And a piece of advice for the future: get yourself a reliable anti-malware program, keep it up to date and regularly scan your machine to be sure it is clean.

Revenge Ransomware Removal

Method 1: Restore your encrypted files using ShadowExplorer
Usually, Revenge Ransomware deletes all shadow copies, stored in your computer. Luckily, the ransomware is not always able to delete the shadow copies. So your first try should be restoring the original files from shadow copies.

1. Download ShadowExplorer from this link: http://www.shadowexplorer.com/downloads.html.
2. Install ShadowExplorer
3. Open ShadowExplorer and select C: drive on the left panel
4. Choose at least a month ago date from the date field
5. Navigate to the folder with encrypted files
6. Right-click on the encrypted file
7. Select “Export” and choose a destination for the original file

Method 2: Restore your encrypted files by using System Restore

1. Go to Start –> All programs –> Accessories –> System tools –> System restore
2. Click “Next“
3. Choose a restore point, at least a month ago
4. Click “Next“
5. Choose Disk C: (should be selected by default)
6. Click “Next“. Wait for a few minutes and the restore should be done.

Method 3: Restore your files using File Recovery Software
If none of the above method works, you should try to recover encrypted files by using File Recovery Software. Since Revenge Ransomware first makes a copy of the original file, then encrypts it and deletes the original one, you can successfully restore the original, using a File Recovery Software. Here are a few free File Recovery Software programs:

1. Recuva
2. Puran File Recovery
3. Disk Drill
4. Glary Undelete