During the process, the ransomware leaves notifications called _readme.txt in all the corrupted data folders. This notification informs the victim about the cyber-attack and the consequent encryption of files contained in the computer. The criminals promise to reverse the encryption once the victim can pay the ransom fee but if one fails to pay, the files may remain locked forever. Two emails, namely; support@bestyourmail.ch, datarestorehelp@airmail.cc provided in the ransom note belong to cybercriminals and can be used by the victim to contact them.

The ransom note demands money: why you shouldn’t pay cybercriminals to restore your files

Victims who write to cybercriminals are informed that $980 is the ransom fee, but there is a caveat that a 50% price slash is available for those that can pay within 72 hours of getting their computer compromised. However, the inability to make the transfer within that limited time means that only the full payment becomes acceptable. Another challenge the victim might face could be how to send the money to the cybercriminals. This is because bank payments or other regular form of money transfer reveals the recipient’s identity, and this is not something that cybercriminals desire. Therefore, they insist that the victim make payment via cryptocurrency transfer since it is an anonymous way of receiving funds. But not everyone has a virtual cryptocurrency wallet address or knows how to purchase such currencies. However, it is important to note that ransoms should never be paid, and victims shouldn’t even communicate with these rogues because it’s simply not worth it. This idea is backed up by the official FBI recommendations for ransomware victims as well as by cybersecurity experts globally. These are the factors that make it absolutely pointless to pay the ransom:

Paying ransom offers no benefit to the victim because cybercriminals don’t keep their promise of providing effective decryption tools.It is an incentive that encourages criminality.It helps cybercriminals to enhance their capacity to cause more harm.When you pay a ransom, you make yourself liable to more extortions.

The ransomware drops additional malware on the computer

Although more attention is being put on ADWW ransomware virus but it must be emphasized that there are other equally dangerous RATs travelling alongside it. RAT is an acronym that stands for Remote Access Trojans and is used in pilfering sensitive personal details. RATs can remotely steal passwords, banking details, software login information, etc. Two of such threats are observed during this ransomware variant analysis, and they’re known under VIDAR and AZORULT names. These are some of the reasons that make it crucial for victims to remove ADWW ransomware virus once it is detected on their computers. The longer this threat stays in a computer, the more potential damage it and related malware can cause. For this reason, we recommend that you follow the guide provided below on how to prepare your computer for malware removal. Additionally, we recommend that you download RESTORO (secure download link) to scan infected computer and try to repair virus damage to Windows OS files caused by the virus.

Ransomware Summary

REPAIR VIRUS DAMAGE

How this ransomware spreads and ways to stay on the safe side

The developers of this malware intend to infect lots of computers using deceptive methods like unsolicited malware-embedded emails and attachments, pirated software contents uploaded to malicious online torrents, and the use of P2P file sharing methods, among several others.

How you can safeguard your computer

Virtually every computer is potentially at risk of malware infection. However, it is the activities a computer owner indulges in that increase or reduce the chances of their computer becoming infected. Those that install strong antivirus and make use of only original software contents bought directly from the copyright owners minimize chances of becoming a victim, while those that habitually visit malicious online torrent platforms share software via P2P or open emails and attachments indiscriminately significantly increase their chance of triggering a ransomware attack. Therefore, such activities that expose a computer should be totally avoided. Those who try to download software illegally believe it’s a smart idea, but on the contrary, it isn’t worth the risk and could end in regret. Instead pay the necessary fee as requested by the software copyright owners and use it safely. We studied cases of random STOP/DJVU victims over a period of time, and we were able to observe an interesting pattern. Certain popular software contents were found to have been repeatedly cloned and used by cybercriminals. Here are some of them:

VMware Workstation;Adobe Photoshop;Corel Draw;Adobe Illustrator;Microsoft Office;Cubase;Tenorshare 4ukey;League of Legends and others.

Regardless of the risks involved, it is also unethical to download copyrighted software content illegally. A lot of resources must have been spent by the developers of such software content, and thus they deserve to earn their profit. However, when users share them via P2P platforms or make use of the cloned versions, they deny them such entitlements. It even makes more sense to patronize the original content developers and be safe than to use it illegally at greater risk. Victims of ransomware attacks often express regret when they consider the losses they have incurred in terms of time wasted trying to retrieve damaged files, important files that couldn’t be replaced, and other problems. It would help if you also were cautious when checking your email. Be wary of files/attachments in the following data formats: PDF, DOCX, or XLS, because cybercriminals can exploit the functionality of these formats to insert malicious scripts that can launch malware once the file is opened by the victim. Additionally, if you can sense that the email sender urges you to click on inserted links/email attachments as soon as possible and threatens that something unpleasant is about to happen if you do not do as said and reply to them, it is most likely a scam. Cybercriminals often try to scare the target with lines such as “your email account will be closed” or “your subscription will be renewed automatically” as well as “your password will expire in 3 days and you will lose access to your account.” Do not be convinced or scared by such deceptive statements. Another common sign of deception is a set of grammar and typo errors in the email that’s allegedly sent by your colleague, well-known company or online store. Virtual criminals typically lack these writing skills and their emails reflect that. If you’ve already become a victim of ADWW ransomware virus, please do not pay heed to any website claiming to have decryption solutions because most of them aren’t reliable and simply used by cybercriminals to spread other forms of malware. The only trustworthy and expert-approved methods are described here. Keep in mind that there is no magic way to recover all files encrypted by this ransomware strain, unless you were affected by offline key encryption; additionally, you may succeed to repair some image or video formats as outlined in the same guide.

Removing ADWW Ransomware Virus

It is very important to remove ADWW ransomware virus and other malware that might have sneaked into your computer along with it. The reason is to mitigate possible damage and protect your privacy. So, when removing the virus, the infected computer should be set up in Safe Mode with Networking mode before running a full scan using any suitable antivirus. In addition, we strongly recommend using RESTORO to repair damage caused on Windows OS components and files. If you’ve taken all the necessary steps to complete ADWW virus removal, then here are other things you might have to do as well:

All passwords used previously should be changed for safety reasons.Use any available backup to replace lost files.You may also have to report to the police or any relevant government agency responsible for handling such issues.

OUR GEEKS RECOMMEND Our team recommends a two-step rescue plan to remove ransomware and other remaining malware from your computer, plus repair caused virus damage to the system: GeeksAdvice.com editors select recommended products based on their effectiveness. We may earn a commission from affiliate links, at no additional cost to you. Learn more. Get INTEGO ANTIVIRUS for Windows to remove ransomware, Trojans, adware and other spyware and malware variants and protect your PC and network drives 24/7. This VB100-certified security software uses state-of-art technology to provide protection against ransomware, Zero-Day attacks and advanced threats, Intego Web Shield blocks dangerous websites, phishing attacks, malicious downloads and installation of potentially unwanted programs. Use INTEGO Antivirus to remove detected threats from your computer. Read full review here. RESTORO provides a free scan that helps to identify hardware, security and stability issues and presents a comprehensive report which can help you to locate and fix detected issues manually. It is a great PC repair software to use after you remove malware with professional antivirus. The full version of software will fix detected issues and repair virus damage caused to your Windows OS files automatically. RESTORO uses AVIRA scanning engine to detect existing spyware and malware. If any are found, the software will eliminate them. Read full review here.

Method 1. Enter Safe Mode with Networking

Before you try to remove ADWW Ransomware Virus virus, you must start your computer in Safe Mode with Networking. Below, we provide the easiest ways to boot PC in the said mode, but you can find additional ones in this in-depth tutorial on our website – How to Start Windows in Safe Mode. Also, if you prefer a video version of the tutorial, check our guide How to Start Windows in Safe Mode on Youtube. Instructions for Windows XP/Vista/7 users Instructions for Windows 8/8.1/10/11 users Now, you can search for and remove ADWW Ransomware Virus files. It is very hard to identify files and registry keys that belong to the ransomware virus, Besides, malware creators tend to rename and change them repeatedly. Therefore, the easiest way to uninstall such type of a computer virus is to use a reliable security program such as INTEGO Antivirus. For virus damage repair, consider using RESTORO.

Method 2. Use System Restore

In order to use System Restore, you must have a system restore point, created either manually or automatically. Instructions for Windows XP/Vista/7 users Instructions for Windows 8/8.1/10/11 users After restoring the system, we recommend scanning the system with antivirus or anti-malware software. In most cases, there won’t be any malware remains, but it never hurts to double-check. In addition, we highly recommend checking ransomware prevention guidelines provided by our experts in order to protect your PC against similar viruses in the future.

Alternative software recommendations

Malwarebytes Anti-Malware Removing spyware and malware is one step towards cybersecurity. To protect yourself against ever-evolving threats, we strongly recommend purchasing a Premium version of Malwarebytes Anti-Malware, which provides security based on artificial intelligence and machine learning. Includes ransomware protection. See pricing options and protect yourself now.

System Mechanic Ultimate Defense If you’re looking for an all-in-one system maintenance suite that has 7 core components providing powerful real-time protection, on-demand malware removal, system optimization, data recovery, password manager, online privacy protection and secure driver wiping technology. Therefore, due to its wide-range of capabilities, System Mechanic Ultimate Defense deserves Geek’s Advice approval. Get it now for 50% off. You may also be interested in its full review.

Disclaimer. This site includes affiliate links. We may earn a small commission by recommending certain products, at no additional cost for you. We only choose quality software and services to recommend.

Decrypt ADWW files

Fix and open large ADWW files easily:

It is reported that STOP/DJVU ransomware versions encrypt only the beginning 150 KB of each file to ensure that the virus manages to affect all files on the system. In some cases, the malicious program might skip some files at all. That said, we recommend testing this method on several big (>1GB) files first.

STOP/DJVU decryption tool usage guide

STOP/DJVU ransomware versions are grouped into old and new variants. ADWW Ransomware Virus is considered the new STOP/DJVU variant, just like BPTO, ISWR, ISZA, BPSM, ZOUU, MBTF, ZNSM (find full list here). This means full data decryption is now possible only if you have been affected by offline encryption key. To decrypt your files, you will have to download Emsisoft Decryptor for STOP DJVU, a tool created and maintained by a genius security researcher Michael Gillespie. Note! Please do not spam the security researcher with questions whether he can recover your files encrypted with online key - it is not possible. In order to test the tool and see if it can decrypt ADWW files, follow the given tutorial.

Meanings of decryptor’s messages

The ADWW decryption tool might display several different messages after failed attempt to restore your files. You might receive one of the following messages: Error: Unable to decrypt file with ID: [example ID] This message typically means that there is no corresponding decryption key in the decryptor’s database. No key for New Variant online ID: [example ID]Notice: this ID appears to be an online ID, decryption is impossible This message informs that your files were encrypted with online key, meaning no one else has the same encryption/decryption key pair, therefore data recovery without paying the criminals is impossible. Result: No key for new variant offline ID: [example ID]This ID appears to be an offline ID. Decryption may be possible in the future. If you were informed that an offline key was used, but files could not be restored, it means that the offline decryption key isn’t available yet. However, receiving this message is extremely good news, meaning that it might be possible to restore your ADWW extension files in the future. It can take a few months until the decryption key gets found and uploaded to the decryptor. We recommend you to follow updates regarding the decryptable DJVU versions here. We strongly recommend backing up your encrypted data and waiting.

Victims of ADWW Ransomware Virus should report the Internet crime incident to the official government fraud and scam website according to their country:

In the United States, go to the On Guard Online website.In Australia, go to the SCAMwatch website.In Germany, go to the Bundesamt für Sicherheit in der Informationstechnik website.In Ireland, go to the An Garda Síochána website.In New Zealand, go to the Consumer Affairs Scams website.In the United Kingdom, go to the Action Fraud website.In Canada, go to the Canadian Anti-Fraud Centre.In India, go to Indian National Cybercrime Reporting Portal.In France, go to the Agence nationale de la sécurité des systèmes d’information.

If you can’t find an authority corresponding to your location on this list, we recommend using any search engine to look up “[your country name] report cyber crime”. This should lead you to the right authority website. We also recommend staying away from third-party crime report services that are often paid. It costs nothing to report Internet crime to official authorities. Another recommendation is to contact your country’s or region’s federal police or communications authority.