What is Outsider Ransomware
Outsider is a ransomware family that has developed multiple versions of file-encrypting malware. This specific version (Outsider) encrypts files located on servers and users’ PCs. Recently, Outsider has been identified as GarrantyDecrypt-Outsider because it looks very similar to another ransomware called GarrantyDecrypt with minor differences. The range of extensions that can be assigned to encrypted files includes .protected, .gomer, .edab, .crypt, .popotic1, .popoticus, .sguard, .guarded, .mapo, .sivo, and .mbit. To illustrate, the original file 1.txt will be altered to 1.txt.protected or similarly. After this, the virus creates a usual txt file called HOW_TO_RESTORE_FILES.txt.
! SYSTEM SECURITY ALERT !
—————————————————————————–
Your SERVER was tried to be attacked by an outsider.
Immediatly change your password, use a minimum of 8 characters in length.
—————————————————————————–
All your personal files was encrypted with RSA public key (1024 bit) to SAVE them from a third party persons.
Now they are ENCRYPTED and SAFE!
To RESTORE all your files back immediatly, follow this few simple steps:
1) Our SECURE-SERVER service charge a payment for file decryption and preventing damage of your SERVER by 3th party persons;
2) After your SUCCESSFUL payment, write us an E-MAIL with your unique SERVER-ID and Payment ID;
3) Receive an DECRYPTION TOOL from us back to your E-MAIL;
4) Run the tool on your SERVER and safe-decrypt all your files back to NORMAL state.
We STRONGLY RECOMMEND you NOT to use any other decryption tool, files will be LOST! Only our DECRYPTION TOOL can turn back your files.
We guarantee:
100% Successful restoring all of your files
100% Satisfaction guarantee
100% Safe and secure service
As a proof, you can send us 1 file and we will DECRYPT it for free and send it back to you.
——————————————————————————
Our E-MAIL: secureserver@memeware.net
Payment type: Bitcoin
Summ: $900
Our wallet: 1CfMU2eKnajfpnYvLbWR3m7jZRXujtx8Cm
Your SERVER-ID: *****
——————————————————————————
For any questions, write us: secureserver@memeware.net
MEMEWARE SECURE-SERVER SYSTEMS © 2018 ! ATTENTION !
--------------------------------------------------------------------------------------------
! STRICTLY FORBIDDEN TO USE THIRD-PARTY DECRYPTION SOFTWARE - FILES WILL BE LOST !
--------------------------------------------------------------------------------------------
Due vulnerability in your system all files have been protected with strong private key to safe them from unathorized access.
To RESTORE your files, follow this instructions:
1. Gomer service charges a payment for file decryption tool
2. Contact us with attached Gomer-readme.txt
3. Receive Gomer file decryption tool
4. Run the tool and successfully RESTORE all your files!
We guarantee:
100% Successful restoring all of your files
100% Satisfaction guarantee
100% Fast and secure service
As a proof of our trusted service, you can send us 1 file and get it decrypted for free!
--------------------------------------------------------------------------------------------
! ONLY ORIGINAL GOMER DECRYPTION TOOL CAN RESTORE YOUR FILES !
--------------------------------------------------------------------------------------------
Contacts: support-gomer@pm.me
Payments accepted: Bitcoin (BTC)
ID KEY:
gMWCXd52gagzYTakkupc2dqCy0xNvLiodz+1yw*** In this note, extortionists say that RSA algorithms prevent your data from manual decryption. Any attempts to restore it may end up dramatic and lead to its permanent loss. They claim that your files are safe and waiting to be unlocked. The only thing you need to do is sacrifice 900$ in BTC through their wallet linked in the message. Once done, you should notify them via e-mail and get your decryption key. Even though Outsider developers give an opportunity to decrypt a couple of files for free, we recommend against meeting their requests whatever the case. A better way would be removing Outsider from your PC and attempt to decrypt data with free software.
How Outsider Ransomware infected your computer
Most sneaky and common ways of ransomware penetration are botnets, keyloggers, trojans, poor RDP configuration, fake software cracking tools, and finally – e-mail spam. Cybercriminals set up automatic newsletters with malvertising attachments that are sent all over the Internet. If you see that somebody unknown asks you to open a suspicious link or download a file (MS Office documents, PDFs, executables, JavaScript files, etc.), then maybe it is a trap in terms of ransomware infection. To evade this, you can clean your e-mail box regularly or leave it to special applications that sort out messages and prevent you from opening malicious stuff. You can learn more information about safety measures and the uninstallation process down below.
- Download Outsider Ransomware Removal Tool
- Get decryption tool for .protected, .gomer or .edab files
- Recover encrypted files with Stellar Data Recovery Professional
- Restore encrypted files with Windows Previous Versions
- Restore files with Shadow Explorer
- How to protect from threats like Outsider Ransomware
Download Removal Tool
To remove Outsider Ransomware completely, we recommend you to use Norton Antivirus from Symantec. It detects and removes all files, folders and registry keys of Outsider Ransomware and prevents future infections by similar viruses.
Alternative Removal Tool
To remove Outsider Ransomware completely, we recommend you to use SpyHunter 5. It detects and removes all files, folders and registry keys of Outsider Ransomware. The trial version of Spyhunter 5 offers virus scan and 1-time removal for FREE.
Outsider Ransomware files:
HOW_TO_RESTORE_FILES.txt
{randomfilename}.exe
Outsider Ransomware registry keys:
no information
How to decrypt and restore .protected, .gomer or .edab files
Use automated decryptors
Download Kaspersky RakhniDecryptor
Use following tool from Kaspersky called Rakhni Decryptor, that can decrypt .protected, .gomer or .edab files. Download it here:
There is no purpose to pay the ransom because there is no guarantee you will receive the key, but you will put your bank credentials at risk.
Dr.Web Rescue Pack
Famous antivirus vendor Dr. Web provides free decryption service for the owners of its products: Dr.Web Security Space or Dr.Web Enterprise Security Suite. Other users can ask for help in the decryption of .protected, .gomer or .edab files by uploading samples to Dr. Web Ransomware Decryption Service. Analyzing of files will be performed free of charge and if files are decryptable, all you need to do is purchase a 2-year license of Dr.Web Security Space worth $120 or less. Otherwise, you don’t have to pay.
If you are infected with Outsider Ransomware and removed it from your computer you can try to decrypt your files. Antivirus vendors and individuals create free decryptors for some crypto-lockers. To attempt to decrypt them manually you can do the following:
Use Stellar Data Recovery Professional to restore .protected, .gomer or .edab files
- Download Stellar Data Recovery Professional.
- Click Recover Data button.
- Select type of files you want to restore and click Next button.
- Choose location where you would like to restore files from and click Scan button.
- Preview found files, choose ones you will restore and click Recover.
Using Windows Previous Versions option:
- Right-click on infected file and choose Properties.
- Select Previous Versions tab.
- Choose particular version of the file and click Copy.
- To restore the selected file and replace the existing one, click on the Restore button.
- In case there is no items in the list choose alternative method.
Using Shadow Explorer:
- Download Shadow Explorer program.
- Run it and you will see screen listing of all the drives and the dates that shadow copy was created.
- Select the drive and date that you want to restore from.
- Right-click on a folder name and select Export.
- In case there are no other dates in the list, choose alternative method.
If you are using Dropbox:
- Login to the DropBox website and go to the folder that contains encrypted files.
- Right-click on the encrypted file and select Previous Versions.
- Select the version of the file you wish to restore and click on the Restore button.
How to protect computer from viruses, like Outsider Ransomware, in future
1. Get special anti-ransomware software
Use ZoneAlarm Anti-Ransomware
Famous antivirus brand ZoneAlarm by Check Point released a comprehensive tool, that will help you with active anti-ransomware protection, as an additional shield to your current protection. The tool provides Zero-Day protection against ransomware and allows you to recover files. ZoneAlarm Anti-Ransomware is compatible with all other antiviruses, firewalls, and security software except ZoneAlarm Extreme (already shipped with ZoneAlarm Anti-Ransomware) or Check Point Endpoint products. The killer features of this application are: automatic file recovery, overwrite protection that instantly and automatically recovers any encrypted files, file protection that detects and blocks even unknown encryptors.
2. Back up your files
As an additional way to save your files, we recommend online backup. Local storages, such as hard drives, SSDs, flash drives or remote network storages can be instantly infected by the virus once plugged in or connected to. Outsider Ransomware uses some techniques to exploit this. One of the best services and programs for easy automatic online backup is iDrive. It has the most profitable terms and simple interface. You can read more about iDrive cloud backup and storage here.
3. Do not open spam e-mails and protect your mailbox
Malicious attachments to spam or phishing e-mails is most popular method of ransomware distribution. Using spam filters and creating anti-spam rules is good practice. One of the world leaders in anti-spam protection is MailWasher Pro. It works with various desktop applications, and provides very high level of anti-spam protection.
