Age_empires@india.com Ransomware Removal Guide

Age_empires@india.com Ransomware is your new enemy to fear in the world of malware because if this infection strikes, you will most likely lose your files to this attack. This ransomware can infiltrate your system without your knowledge and encrypt your files in a matter of a few minutes. There is no method or tool as of yet to decrypt these files unless you risk to pay the ransom fee demanded by the criminals behind this vicious infection. However, even if you transfer the money, there is no guarantee that you will actually get the private key or a decryption tool. We do not recommend that you pay these crooks, but this is totally your decision to make. The only way for you to recover your files after this attack may be having a backup copy of your files on a removable drive. But even so, do not try to copy the clean files back onto your PC until you remove Age_empires@india.com Ransomware from your system. Please read our full report if you want to know more about this dangerous infection and how you may be able to avoid similar threats in the future.

The most likely way for this ransomware to show up on your system is that you download its executable file from a spam e-mail. This malicious file may be attached as an image or text document. These criminals know how to make you think that what you are about to open is an important file for you to see just like in the case of the e-mail itself. These crooks may use different approaches to trick you. Most often they draw your attention to such spam e-mails by using misleading subjects, such as a reference to an unpaid invoice, an undelivered parcel, wrong credit card details, and so on. These are definitely topics that would catch your eyes. And, once you open such a mail, you will most likely want to see the attached document as well, which is supposed to be the problematic invoice or booking in question. However, when you try to run this downloaded attached file, you practically infect your computer with Age_empires@india.com Ransomware. This is why you should be extra careful whenever you open mails even in your inbox since such spam mails may be able to fool your filter and then you, too. Make sure that you only download attachments when you know for sure that they were meant for you to get.

Another frequently used method for distributing ransomware is Exploit Kits. These kits exploit known bugs and security holes in your browsers and drivers (Java and Flash). If you forget to update these, it is possible that you end up on a malicious website that runs a code and drops such an infection onto your system without your noticing it. You do not even need to click on any content on such a page as it is just enough to load it in your browser. This can happen, for example, when you click on a corrupt link or third-party ad and you get redirected to such a malicious webpage. We cannot confirm that this ransomware is spread this way but knowing this you can certainly protect your system from similar attacks. In any case, we suggest that you delete Age_empires@india.com Ransomware immediately after you notice its presence.

Once you open the downloaded executable file, you initiate this ransomware. It uses the RSA-2048 algorithm to encrypt all your photos, videos, documents, and third-party program files. We have found that this infection is based on the CrySIS Ransomware engine and seems to belong to the same family as Redshitline Ransomware and Ecovector3@aol.com Ransomware. When a file gets encrypted, its extension changes to “.id-B4500913.{Age_empires@india.com}.xtbl.” Therefore, your files will look something like “mydocument.doc.id-B4500913.{Age_empires@india.com}.xtbl.” After the encryption is done, this program creates a file called "Decryption instructions.txt" in every folder that has been affected. This file contains information about the decryption. Just like the image that comes up as your new desktop wallpaper when all the damage is done. This is how you are informed about the encryption of your files. You are instructed to send an e-mail to “Age_empires@india.com” or “Age_empires@aol.com” depending on the version you have. You are supposed to get the details of payment in a reply message. It is most likely that you have to transfer the ransom fee in Bitcoins. This amount can range from 0.1 to 2 BTC generally, which is around 57 to 1144 USD. You may think that paying this fee is the only solution for you to get your files back. However, you should consider the fact that these are actually criminals who may not always keep their promise. Also, it is possible that some technical problems emerge and you cannot get your private key even after you pay. Therefore, we recommend that you remove Age_empires@india.com Ransomware ASAP.

This infection uses a random-name executable file that may well start with “Payload” as in “Payload1.exe,” “Payload_c.exe,” and so on. You need to delete every occurrence of this file as well as the background image and the text files to make sure that no leftovers remain on your system. Please refer to our instructions below if you feel up to the task to delete Age_empires@india.com Ransomware from your system. If you want to be certain that your PC is all clean and protected from similar threats, we advise you to install a reputable anti-malware program, such as SpyHunter to take care of all known malware infections. Once your computer is free of threats, you can start to transfer your backed up files back onto your machine, if you have them on an external drive.

How to remove Age_empires@india.com Ransomware from Windows

1. Press Win+E.
2. Check the following locations and delete the random-name (“*”) malicious file:
   %ALLUSERSPROFILE%\Start Menu\Programs\Startup\*.exe
   %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe
   %USERPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe
   %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe
   %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\Startup\*.exe
   %WINDIR%\Syswow64\*.exe (64-bit)
   %WINDIR%\System32\*.exe
3. Delete the malicious wallpaper “C:\Users\user\how to decrypt your files.jpg”
4. Bin all occurrences of "Decryption instructions.txt" from all affected directories.
5. Empty your Recycle Bin.
6. Press Win+R and type regedit. Press OK.
7. Overwrite the following registry value data with the path of a background image of your choice:
   HKCU\Control Panel\Desktop\Wallpaper where the value data is “C:\Users\user\how to decrypt your files.jpg”
   HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Wallpapers\BackgroundHistoryPath0 where the value data is “C:\Users\user\how to decrypt your files.jpg”
8. Delete the following registry keys:
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\* (random name) where the value data is “%WINDIR%\Syswow64\*(random name).exe”
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\* (random name) where the value data is “%WINDIR%\System32\*(random name).exe”
9. Exit editor.
10. Restart your computer.