Ferosas Removal

What is Ferosas

Ferosas is a virus that infects a computer and corrupts the files on it. A ransom of hundreds of dollars is demanded of the victims if they want to get their files back. This file-locking ransomware affects Windows computers and can be very devastating for those who aren’t ready. Still, there are a few possible solutions to get at least some of the corrupted files back. If your computer was infected with Ferosas, then a lot of the files have become unusable. The encrypted files simply have a new extension appended to their names — .Ferosas. These can be image, video, audio, files, text files, spreadsheets, and a multitude of other types.

Ferosas Removal

picture.jpg.ferosas A ransom note in a file named _readme.txt is created and put in your folders. It contains the contacts of the extortionists behind Ferosas (bufalo@firemail.cc, gorentos@bitmessage.ch, and a Telegram account called @datarestore). You can compare the Ferosas ransom note with the notes of the other STOP/DJVU variants — Drume, Guvara, Promorad2.

Download Removal Toolto remove Ferosas

In the ransom note, the developers of Ferosas demand money — $490 or $980. The cheaper sum is for those who contact the extortionists in the first three days. $490 may be a ridiculous price, but $980 is even more outrageous. Looks like the ransom note is trying to rush the victims, to stress them out, to discourage them from researching solutions. This is predatory, but expected of cybercriminals.

You shouldn’t pay the ransom. Not just because that would be supporting crime (what the developers of Ferosas are doing is illegal). Ransomware developers, even the ones who are competent enough to decrypt the flies that they have encrypted, don’t always keep their promise to provide the people who paid with working decryption tools. Sometimes extortionists ask for more money, other times they just leave. If a cryptovirus is old, the extortionists might have already lost the decryption keys. Whatever the reason, according to CyberEdge, only around 60% of those who paid the ransom actually recovered their encrypted data.

How to be ready for ransomware?

Ransomware is difficult to solve one it has infected the system, but there are ways to minimize the risk and harm. Ferosas is part of the STOP/DJVU family of ransomware, so we can look at how DJVU cryptoviruses and other malware have behaved in the past and come up with a few bits of advice:

Create file backups. It’s very important to have backups of all the important files and programs. With backups, recovering from Ferosas or another serious virus could be relatively painless. Be familiar with phishing emails. Malicious spam is very often used to spread malware, and all the people in your organization, company, or family who use the same computer or network could encounter a malicious spam email and unwittingly invite a virus, or leak private information. Update your antivirus and your software. Sometimes, malware targets security holes that could be patched with already-existing updates. Use antivirus software to scan unfamiliar files and links before opening them. Be careful when pirating software cracks (or any file). STOP/DJVU viruses have sometimes been distributed in software cracks. Freeware bundles and adware, too, have distributed ransomware. Be skeptical when downloading and installing free software, especially from sites that have a history of pushing unwanted software on their users.
Download Removal Toolto remove Ferosas

Are the files really lost?

Encryption is useful for securing connections to protect private information from being exposed. Thanks to encryption, we can do things like online banking without someone impersonating us and taking over our bank accounts. The developers of Ferosas are only a few of the many online criminals who abuse encryption to extort money.

Encrypted files basically have their contents — their building blocks — scrambled. Generally, ransomware uses symmetric encryption on the files. Symmetric encryption is fast, but not very safe, as it allows the same key that encrypted the files to decrypt them, too. So then the cryptovirus would encrypt the symmetric key with an asymmetric algorithm. There is no way to decrypt that without getting the private key from Ferosas’ developers — with the exception of the offline key, which might be used if the connection with Ferosas’s server didn’t work. In that case, try the decryptor that @demonslay335 has developed (here’s direct download).

In many cases, including Ferosas, ransomware-encrypted files cannot be decrypted, but there are other things to try. Restoring from backups, maybe even file recovery software. There is a guide just below this article.

How to remove Ferosas

First of all, Ferosas should be removed from the system, along with whatever Trojans it probably brought with it. Because Ferosas tries to cripple Windows Defender, it might be a good idea to try an additional antivirus program, like Anti-Malware Tool, or Anti-Malware Tool. Ferosas messes with other settings, too, like which websites can be accessed (you might need to edit your hosts file to fix that).

Stage 1: Delete Browser Extension

First of all, we would recommend that you check your browser extensions and remove any that are linked to Ferosas. A lot of adware and other unwanted programs use browser extensions in order to hijacker internet applications.

Remove Ferosas Extension from Google Chrome

  1. Launch Google Chrome.
  2. In the address bar, type: chrome://extensions/ and press Enter.
  3. Look for Ferosas or anything related to it, and once you find it, press ‘Remove’.

Uninstall Ferosas Extension from Firefox

  1. Launch Mozilla Firefox.
  2. In the address bar, type: about:addons and press Enter.
  3. From the menu on the left, choose Extensions.
  4. Look for Ferosas or anything related to it, and once you find it, press ‘Remove’.

Delete Ferosas Extension from Safari

  1. Launch Safari.
  2. Press on the Safari Settings icon, which you can find in the upper-right corner.
  3. Select Preferences from the list.
  4. Choose the Extensions tab.
  5. Look for Ferosas or anything related to it, and once you find it, press ‘Uninstall’.
  6. Additionally, open Safari Settings again and choose Downloads.
  7. If Ferosas.safariextz appears on the list, select it and press ‘Clear’.

Remove Ferosas Add-ons from Internet Explorer

  1. Launch Internet Explorer.
  2. From the menu at the top, select Tools and then press Manage add-ons.
  3. Look for Ferosas or anything related to it, and once you find it, press ‘Remove’.
  4. Reopen Internet Explorer.In the unlikely scenario that Ferosas is still on your browser, follow the additional instructions below.
  5. Press Windows Key + R, type appwiz.cpl and press Enter
  6. The Program and Features window will open where you should be able to find the Ferosas program.
  7. Select Ferosas or any other recently installed unwanted entry and press ‘Uninstall/Change’.

Alternative method to clear the browser from Ferosas

There may be cases when adware or PUPs cannot be removed by simply deleting extensions or codes. In those situations, it is necessary to reset the browser to default configuration. In you notice that even after getting rid of weird extensions the infection is still present, follow the below instructions.

Use Chrome Clean Up Tool to Delete Ferosas

  1. Launch Google Chrome.
  2. In the address box, type: chrome://settings/ and press Enter.
  3. Expand Advanced settings, which you can find by scrolling down.
  4. Scroll down until you see Reset and Cleanup.
  5. Press on Clean up computer. Then press Find.

This Google Chrome feature is supposed to clear the computer of any harmful software. If it does not detect Ferosas, go back to the Clean up computer and reset settings.

Reset Mozilla Firefox to Default

Download Removal Toolto remove Ferosas

If you still find Ferosas in your Mozilla Firefox browser, you should be able to get rid of it by restoring your Firefox settings to default. While extensions and plug-ins will be deleted, this will not touch your browser history, bookmarks, saved passwords or Internet cookies.

  1. Launch Mozilla Firefox
  2. Into the address box, type: about:support and press Enter.
  3. You will be redirected to a Troubleshooting Information page.
  4. From the menu on the right side, select Refresh Firefox.
  5. Confirm your choice by clicking Refresh Firefox in the new window.
  6. Your browser will close automatically in order to successfully restore the settings.
  7. Press Finish.

Reset Safari Browser to Normal Settings

  1. Launch Safari.
  2. Press on the Safari Settings icon, which you can find in the upper-right corner.
  3. Press Reset Safari.
  4. A new window will appear. Select the boxes of what you want to reset or use the screenshot below to guide you. Once you have selected everything, press ‘Reset’.
  5. Restart Safari.

Restore Internet Explorer to Default Settings

  1. Launch Internet Explorer.
  2. From the top menu, press on Tools and then Internet Options.
  3. In the new window that opens, choose the Advanced tab.
  4. At the bottom of the window, below Reset Internet settings, there will be a ‘Reset’ button. Press that.

While extensions and plug-ins will be deleted, this will not touch your browser history, bookmarks, saved passwords or Internet cookies.

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>