How to remove Ebola ransomware and decrypt .[newebola@aol.com].ebola files

Ebola ransomware encryption process

Ebola ransomware is a new type of Dharma encryptor. This malware usually attacks computers by the means of email messages, or installs on your computer with the help of open ports. Once it injects into your system, in the most cases it immediately proceeds scanning and encryption processes, but it also can wait till the special event. When it’s done, some of your files are unreadable, as the virus changes the structure of your files and their extensions to .[newebola@aol.com].ebola as well. Don’t try to remove Ebola ransomware encryption by yolurself, as you may damage all your encrypted data! In order to make you pay the virus also creates the pop-up window, that contains the following information:

All FILES ENCRYPTED “RSA1024”
All YOUR FILES HAVE BEEN ENCRYPTED!!! IF YOU WANT TO RESTORE THEM, WRITE US TO THE E-MAIL newebola@aol.com
IN THE LETTER WRITE YOUR ID, YOUR ID
IF YOU ARE NOT ANSWERED, WRITE TO EMAIL: newebola@aol.com
YOUR SECRET KEY WILL BE STORED ON A SERVER 7 DAYS, AFTER 7 DAYS IT MAY BE OVERWRITTEN BY OTHER KEYS, DON’T PULL TIME, WAITING YOUR EMAIL
FREE DECRYPTION FOR PROOF
You can send us up to 1 file for free decryption. The total size of files must be less than 1Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)
DECRYPTION PROCESS:
When you make sure of decryption possibility transfer the money to our bitcoin wallet. As soon as we receive the money we will send you:
1. Decryption program.
2. Detailed instruction for decryption.
3. And individual keys for decrypting your files.
!WARNING!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.

Somewhere nearby the encrypted files you can also find a ransom note, that is called RETURN FILES.txt and it duplicates the previous message. We advise you to avoid any contact with the intruders, as they don’t give you any firm guarantee, and it’s easy for them to trick you. So if you are interested in how to remove Ebola ransomware and decrypt .[newebola@aol.com].ebola files, you may read our guide for free!

Article’s Guide

  1. How to remove Ebola Ransomware from your computer
  2. How to remove Ebola Ransomware encryption from your files
  3. Data Recovery
  4. Automated decryption tools
  5. Windows Previous Versions

How to remove Ebola Ransomware from your computer?

We strongly recommend you to use a powerful anti-malware program that has this threat in its database. It will mitigate the risks of the wrong installation, and will remove Ebola from your computer with all of its leftovers and register files.

Solution for Windows users: our choice is Norton 360 . Norton 360 scans your computer and detects various threats like Ebola, then removes it with all of the related malicious files, folders and registry keys.

Download Norton windows compatible

If you are Mac user, we advise you to use Combo Cleaner.


How to decrypt .[newebola@aol.com].ebola files?

Once you’ve removed the virus, you are probably thinking how to decrypt .ebola files. Let’s take a look at possible ways of decrypting your data.

Recover data with Data Recovery

Data Recovery

  1. Download and install Data Recovery
  2. Select drives and folders with your files, then click Scan.
  3. Choose all the files in a folder, then press on Restore button.
  4. Manage export location.

Download Stellar Data Recovery

The download is an evaluation version for recovering files. To unlock all features and tools, purchase is required ($49.99-299). By clicking the button you agree to EULA and Privacy Policy. Downloading will start automatically.


Restore data with automated decryption tools

Unfortunately, due to the novelty of Ebola ransomware, there are no available automatic decryptors for this encryptor yet. Still, there is no need to invest in the malicious scheme by paying a ransom. You are able to recover files manually.
You can try to use one of these methods in order to restore your encrypted data manually.

Restore data with Windows Previous Versions

This feature is working on Windows Vista (not Home version), Windows 7 and later versions. Windows keeps copies of files and folders which you can use to restore data on your computer. In order to restore data from Windows Backup, take the following steps:

  1. Open My Computer and search for the folders you want to restore;
  2. Right-click on the folder and choose Restore previous versions option;
  3. The option will show you the list of all the previous copies of the folder;
  4. Select restore date and the option you need: Open, Copy and Restore.

Restore the system with System Restore

You can always try to use System Restore in order to roll back your system to its condition before infection infiltration. All the Windows versions include this option.

  1. Type restore in the Search tool;
  2. Click on the result;
  3. Choose restore point before the infection infiltration;
  4. Follow the on-screen instructions.

Was this tutorial helpful?
[Total: 0 Average: 0]

Leave a Comment

Time limit is exhausted. Please reload CAPTCHA.