How to remove PAY IT OR LOST IT ransomware and decrypt .AES files

PAY IT OR LOST IT encryption process

PAY IT OR LOST IT is a new type of file-encryption ransomware, the aim of which is to make you pay a ransom for the decryption services. This virus spreads by the means of email attachment. The code of a virus is injected into it and once a user opens this attachment, the device immediately becomes infected. However, creators of file-encryption ransomwares use a number of other ways of spreading it. It goes without saying that after installation of a free software you may become infected with PAY IT OR LOST IT ransomware too. We should warn you, if your device is infected, don’t try to remove PAY IT OR LOST IT ransomware without automatic tools, as it may lead to permanent damage of your files!

When PAY IT OR LOST IT ransomware gets into the system, it immediately executes AES-256 and RSA-4096 encryption algorithms and the whole process can be subdivided into 2 steps. In the very beginning The virus scans a hard drive for definite file formats. Usually, PAY IT OR LOST IT ransomware attacks Office documents and media files, as they can potentially be very valuable for a user. When it’s done, the virus changes the structures of the files and adds .AES extension to them. The next step is to make you pay, so PAY IT OR LOST IT ransomware creates a pop-up window, that contains the following information:

YOU ARE HACKED!!! Your files are encrypted, and send us ransom to be retrieved

If you are reading this text, it means, we've hacked your corporate network. Now all your data is encrypted with very serious and powerful algorithms (AES256 and RSA-4,096). These algorithms now in use in military intelligence, NSA and CIA . No one can help you to restore your data without our special decipherer. Don't even waste your time. If you think you are lucky that your file still in readable then you making a big mistake. Each time you open or copy a file will trigger the ransomware to spread to another victim in the organization. If you make a step to the IT support then say good bye to your files forever. But there are good news for you. We don't want to do any damage to your business. We are working for profit. The core of this criminal business is to give back your valuable data in the original form (for ransom of course). For the fastest solution of the problem, please, write immediately in your first letter: the name of your company, the domain name of your corporate network and the URL of your corporate website It is important ! And please do not start your first letter to us with the words: "It's a mistake !! Our company is just trimming and grooming little dogs. We don't have money at all." "There is a big mistake on our site ! We are not leaders in our industry and all our competitors don't suck our huge ****. We're just ? small company, and we are dying because of hard competition." "We are not the Super Mega International Corporation ltd., we are just a nursery etc." We see it 5 times a day. This **** doesn't work at all !!! Don't waste our and your time. Remember ! We don't work for food. You have to pay for decryption in Bitcoins (BTC). If you think you pay $50 and you'll get the decryptor, you are 50 million light years away from reality :) The ransom begins from 0.06 BTC up to 100 BTC. If you don't have money don't even write to us. We don't do charity ! As soon as we get bitcoins you'll get all your decrypted data back. Man is the master of everything and decides everything.
Email: naned@mail-card.net
Bitcoin address: *Address*

If you are unlucky and has already got infected with PAY IT OR LOST IT ransomware, don’t pay ransoms a cent! They are criminals and nothing can stop them from deceiving you, even if they give a word of honor! Do not despair, as we provide you with a guide on how to remove PAY IT OR LOST IT ransomware and decrypt .AES files for free!


Article’s Guide

  1. How to remove PAY IT OR LOST IT Ransomware from your computer
  2. How to remove PAY IT OR LOST IT Ransomware encryption from your files
  3. Data Recovery
  4. Automated decryption tools
  5. Windows Previous Versions

How to remove Mike Ransomware from your computer?

We strongly recommend you to use a powerful anti-malware program that has this threat in its database. It will mitigate the risks of the wrong installation, and will remove PAY IT OR LOST IT from your computer with all of its leftovers and register files.

Solution for Windows users: our choice is Norton 360 . Norton 360 scans your computer and detects various threats like PAY IT OR LOST IT, then removes it with all of the related malicious files, folders and registry keys.

Download Norton windows compatible

If you are Mac user, we advise you to use Combo Cleaner.


How to decrypt .AES files?

Once you’ve removed the virus, you are probably thinking how to decrypt .AES files. Let’s take a look at possible ways of decrypting your data.

Recover data with Data Recovery

Data Recovery

  1. Download and install Data Recovery
  2. Select drives and folders with your files, then click Scan.
  3. Choose all the files in a folder, then press on Restore button.
  4. Manage export location.

Download Stellar Data Recovery

The download is an evaluation version for recovering files. To unlock all features and tools, purchase is required ($49.99-299). By clicking the button you agree to EULA and Privacy Policy. Downloading will start automatically.


Restore data with automated decryption tools

Unfortunately, due to the novelty of PAY IT OR LOST IT ransomware, there are no available automatic decryptors for this encryptor yet. Still, there is no need to invest in the malicious scheme by paying a ransom. You are able to recover files manually.
You can try to use one of these methods in order to restore your encrypted data manually.

Restore data with Windows Previous Versions

This feature is working on Windows Vista (not Home version), Windows 7 and later versions. Windows keeps copies of files and folders which you can use to restore data on your computer. In order to restore data from Windows Backup, take the following steps:

  1. Open My Computer and search for the folders you want to restore;
  2. Right-click on the folder and choose Restore previous versions option;
  3. The option will show you the list of all the previous copies of the folder;
  4. Select restore date and the option you need: Open, Copy and Restore.

Restore the system with System Restore

You can always try to use System Restore in order to roll back your system to its condition before infection infiltration. All the Windows versions include this option.

  1. Type restore in the Search tool;
  2. Click on the result;
  3. Choose restore point before the infection infiltration;
  4. Follow the on-screen instructions.

Was this tutorial helpful?
[Total: 0 Average: 0]

Leave a Comment

Time limit is exhausted. Please reload CAPTCHA.