Decrypt Protect Ransomware and how to fully remove it.

WARNING: This post is meant for self-help only. This post is meant only to assist with removal of malware covered in the post. So for the safety and protection of yourself and others, do not download files or programs where links are given to in this post.

I am going to try to keep this a short post, because I do not want to be rambling on when you are infected with this thing.

There is a new piece of ransomware going around for Windows that encrypts your files. This is not good that ransomware actually encrypts files this time around, because that means that actual removal is only half the battle. Then you have to decrypt your files, otherwise you will be unable to use them. Lucky for us, the encryption has already been cracked and a decryption tool has been released. But before we get into decryption, we have to remove the ransomware from your computer.

First, you will want to boot your computer into safe mode with networking. This is done by pressing the power button on your computer and repeatedly pressing the F8 key until you come to a menu with boot options such as Safe Mode. You will want to use the arrow keys to go to Safe Mode With Networking. Then press enter.

Next you will want to download and install Malwarebytes Anti-Malware. This program can be downloaded here. Once it has been installed, or you have updated it if you already had it installed, do a quick scan. Once the scan is completed, it may prompt you to restart your computer, which you will not want to do, we will restart after we have decrypted the files.

Now for the decryption tool. The encryption that the ransomware used to encrypt your files is relatively simple, which is why it was so easy to crack. You can download the decryption tool here. Save it to your desktop and then open a command line window by typing cmd into the search bar of the start menu and pressing enter. Navigate to the desktop directory. Now, run the same exe (decrypt_mblblock.exe) with the drive letters of all the drives you have mounted. (in the case of the C drive: decrypt_mblblock.exe C:\)

If after decryption, you find that there are still html files that the ransomware used, you can delete those. After decryption and mop up, you can go ahead and restart your computer in normal mode. You will find that all of the files that the ransomware encrypted are back.

Thank You for reading, hopefully this post can help you with removal of this thing. If some of these instructions do not make sense, please ask a competent professional to assist you.