REMK is the 214th version of DJVU ransomware
Contents
REMK is a ransomware-type virus which originates from STOP/DJVU malware developers. The ransomware uses AES+RSA cryptography to encrypt all personal files on the system. During the attack, the ransomware marks affected files by adding .remk file extensions. To inform the victim about the attack and ways to acquire decryption software, _readme.txt ransom note is created. The victim may find this note on Desktop and other computer locations. Aside from that, the malware also installs AZORULT Trojan to steal user’s passwords saved in browsers.
As _readme.txt note suggests, REMK virus encrypts files such as documents, photos, databases, spreadsheets, archives, videos, and other data formats. It uses a very powerful, even military-grade encryption algorithm to do so, leaving no possibility to reverse the damage. According to the ransom note, the only way to recover files is to pay up – the sooner, the better. The ransom price for the decryption tool costs $490 if the victim contacts the attackers within 72 hours. In other scenario, the ransom price rises to $980.
The creators of the crypto-malware suggest testing the decryption tool they offer by sending one small encrypted file to them via provided emails:
helpdatarestore@firemail.cc, helpmanager@mail.ch. The criminals then send a decrypted version of it back to the victim, proving that they actually can recover the data. While this might seem convincing, we do not recommend paying the ransom. By doing so, you would support their malicious business model, which results in even more malware variants and more victims worldwide.
Threat Summary
| Name | REMK Ransomware Virus |
| Type | Ransomware; File-encrypting malware |
| Ransom note | _readme.txt |
| Ransom demand | $490 or $980 |
| Extension used | .remk file extension |
| Contact emails | helpdatarestore@firemail.cc, helpmanager@mail.ch |
| Distribution | Spreads via infected files that can be downloaded from the Internet – malicious software cracks and keygens mainly |
| Additional details | Installs AZORULT password-stealing Trojan |
| Decryption options | Data can be restored using data backups. In case of offline encryption, check for updates in STOP decrypter guide. |
| Removal | Remove using malware removal software while in Safe Mode |
REMK ransomware virus seeks to cause frustration as it locks victim’s data securely. Instant removal of data access can cause serious problems to the victim in work or study life. With that said, the most important thing becomes data recovery, therefore the victim begins searching for decryption tools online.
Before doing so, we strongly advise to remove REMK ransomware virus using instructions provided below the article or a robust malware removal tool.
Data decryption – what are the chances?
Decrypting .remk files using any third-party recovery tools is impossible. The best chance to recover your files is by backup. Another case of data recovery is if you were subject to offline encryption mode, which we’ll describe in detail now.
Once the ransomware enters victim’s computer, it begins the attack by connecting to its Command&Control server (a remote server to receive commands) so that an individual key for encryption would be requested. At this point, all you need to know is that the virus might succeed or fail to establish such connection. If it fails to do it, your files will be locked using an offline encryption key, or, in other words, a technique that’s easier to reverse.
Since there is only one offline encryption/decryption key pair, whenever someone affected by the same encryption pays the ransom, receives the decryption key and shares it with malware researchers, decryption tool can be updated. This can’t happen with online encryption keys, as they are generated individually per victim.
We recommend visiting DJVU ransomware decryption guide to check for updates whether the recovery key is available or not.
Ransomware infects computers with a help of users’ themselves
Ransomware like REMK, FOOP or others can infiltrate your computer system due to inattentive activity online. To be precise, your computer can get compromised if you download suspicious and untrustworthy files from the world wide web without checking their safety first. In general, torrents and other illegal downloads aren’t considered safe at all.
Unfortunately, this is exactly where computer users turn to when they want to download paid software for free. They start looking up for software cracks, keygens, and other tools. These tools are known to be the primary distributors for DJVU malware versions.
Once opened, the fake installers will drop the malware on the system and ensure its execution. The data encryption then starts, leaving the victim no chances to stop it.
Other ransomware variants can travel in malicious spam, fake updaters, appear in infected websites and elsewhere. To protect yourself, always think before clicking on suspicious links, ads, or email attachments so that you would not ruin your browsing experience in a minute.
Rush to remove REMK ransomware now
Victims should remove REMK ransomware virus and check their computer system for additional malware. This is needed to protect victim’s privacy, security, and cleanse the computer system from potential dangers left behind by the ransomware. As mentioned earlier, DJVU versions tend to install password-stealing Trojans such as AZORULT.
Now that you’re ready to begin REMK removal, please concentrate on the instructions provided below. Follow each step attentively to fully eliminate the malware from your system.
OUR GEEKS RECOMMEND
Our team recommends a two-step rescue plan to remove ransomware and other remaining malware from your computer, plus repair caused virus damage to the system:
STEP 1. REMOVE AUTOMATICALLY WITH ROBUST ANTIVIRUS
STEP 2. REPAIR VIRUS DAMAGE TO YOUR COMPUTER
GeeksAdvice.com editors select recommended products based on their effectiveness. We may earn a commission from affiliate links, at no additional cost to you. Learn more.
REMK Ransomware Removal Guidelines
Method 1. Enter Safe Mode with Networking
Step 1. Start Windows in Safe Mode with Networking
Before you try to remove the virus, you must start your computer in Safe Mode with Networking. Below, we provide the easiest ways to boot PC in the said mode, but you can find additional ones in this in-depth tutorial on our website – How to Start Windows in Safe Mode. Also, see a video tutorial on how to do it:
Instructions for Windows XP/Vista/7 users
- First of all, turn off your PC. Then press the Power button to start it again and instantly start pressing F8 button on your keyboard repeatedly in 1-second intervals. This launches the Advanced Boot Options menu.
- Use arrow keys on the keyboard to navigate down to Safe Mode with Networking option and press Enter.
Instructions for Windows 8/8.1/10 users
- Open Windows Start menu, then press down the Power button. On your keyboard, press down and hold the Shift key, and then select Restart option.
- This will take you to Windows Troubleshoot screen. Choose Troubleshoot > Advanced Options > Startup Settings > Restart. Tip: If you can't find Startup Settings, click See more recovery options.
- In Startup Settings, press the right key between F1-F9 to enter Safe Mode with Networking. In this case, it is the F5 key.
Step 2. Remove files associated with the virus
Now, you can search for and remove REMK Ransomware files. It is very hard to identify files and registry keys that belong to the ransomware virus, Besides, malware creators tend to rename and change them repeatedly. Therefore, the easiest way to uninstall such type of a computer virus is to use a reliable malware removal program. In addition, we suggest trying a combination of INTEGO Antivirus (removes malware and protects your PC in real-time) and RESTORO (repairs virus damage to Windows OS files).
Method 2. Use System Restore
In order to use System Restore, you must have a system restore point, created either manually or automatically.
Step 1. Boot Windows in Safe Mode with Command Prompt
Instructions for Windows XP/Vista/7 users
- Shut down your PC. Start it again by pressing the Power button and instantly start pressing F8 button on your keyboard repeatedly in 1-second intervals. You will see Advanced Boot Options menu.
- Using arrow keys on the keyboard, navigate down to Safe Mode with Command Prompt option and press Enter.
Instructions for Windows 8/8.1/10 users
- Launch Windows Start menu, then click the Power button. On your keyboard, press down and hold the Shift key, and then choose Restart option with the mouse cursor.
- This will take you to Windows Troubleshoot screen. Choose Troubleshoot > Advanced Options > Startup Settings > Restart. Tip: If you can't find Startup Settings, click See more recovery options.
- In Startup Settings, press the right key between F1-F9 to enter Safe Mode with Command Prompt. In this case, press F6 key.
Step 2. Start System Restore process
- Wait until system loads and command prompt shows up.
- Type cd restore and press Enter, then type rstrui.exe and press Enter. Or you can just type %systemroot%system32restorerstrui.exe in command prompt and hit Enter.
- This launches System Restore window. Click Next and then choose a System Restore point created in the past. Choose one that was created before ransomware infection.
- Click Yes to begin the system restoration process.
After restoring the system, we recommend scanning the system with antivirus or anti-malware software. In most cases, there won't be any malware remains, but it never hurts to double-check. In addition, we highly recommend checking ransomware prevention guidelines provided by our experts in order to protect your PC against similar viruses in the future.
Alternative software recommendations
Malwarebytes Anti-Malware
Removing spyware and malware is one step towards cybersecurity. To protect yourself against ever-evolving threats, we strongly recommend purchasing a Premium version of Malwarebytes Anti-Malware, which provides security based on artificial intelligence and machine learning. Includes ransomware protection. See pricing options and protect yourself now.
System Mechanic Ultimate Defense
If you're looking for an all-in-one system maintenance suite that has 7 core components providing powerful real-time protection, on-demand malware removal, system optimization, data recovery, password manager, online privacy protection and secure driver wiping technology. Therefore, due to its wide-range of capabilities, System Mechanic Ultimate Defense deserves Geek's Advice approval. Get it now for 50% off. You may also be interested in its full review.
Disclaimer. This site includes affiliate links. We may earn a small commission by recommending certain products, at no additional cost for you. We only choose quality software and services to recommend.
Norbert Webb is the head of Geek’s Advice team. He is the chief editor of the website who controls the quality of content published. The man also loves reading cybersecurity news, testing new software and sharing his insights on them. Norbert says that following his passion for information technology was one of the best decisions he has ever made. “I don’t feel like working while I’m doing something I love.” However, the geek has other interests, such as snowboarding and traveling.
I received this Personal ID:
0214OIQuhkjddniV5FovVGqsfRbxrdinWFZgDjEIpbBuP40ySLre
Is this online and cannot be decrypt?
My personal id end with TQ . So tell me that you can encrypted my data . Please answer me.. because my all data related my daughter.
Try a data recovery tool to detect deleted files – decryption, however, might not be possible.
hi sir , can i ask if there is recommended software to decrypt the files
my personal id ended with t1
yesterday i got my office pc encrypted i have search for the solution i didn’t get the solution . i think my ID IS ONLINE TOO…
i hope there is a solution if you got let me know .
-:: THIS IS THE RANSOM MSG ::-
ATTENTION!
Don’t worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
Please note that you’ll never restore your data without payment.
Check your e-mail “Spam” or “Junk” folder if you don’t get answer more than 6 hours.
To get this software you need write on our e-mail:
helpdatarestore[@]firemail.cc
Reserve e-mail address to contact us:
helpmanager[@]mail.ch
Your personal ID:
0214OIQuhkjdgRNGURO7sT90J7E3xoCJhEd45rkGPlcBV3FvgwjT
Hello,
My id finishes with t1 which means it is an offline key, do you think the files can be saved?
Yes – just stay patient and check for updates.
hi mr Nornert
thanks for your guidance , my computer files are encrypted by remk Ransomware Virus and my System ID dos not end with “t1” that means it is a online remk ransomware key , yes ?
and another reason for online key is that my file are not able to be decrypted by decrypt_STOPDjvu.exe , this Decryptor software after types a comments like this :No key for New Variant online ID: cDYCDCJ4stJTkYrCbSI4LMV03V12EChnHizucCwY
Notice: this ID appears to be an online ID, decryption is impossible
what can I do now ?
I have important file on my labtob like my thesis .
please help me ,
thank you very much
Impossible to decrypt, just like the decryptor says