Remove Skymap

What is Skymap

Skymap is a file-encrypting computer virus, a tool in the extortion scheme that has been filling the pockets of its developers since December 2018. Skymap is a new version of STOP/DJVU, a cryptovirus that spreads additional malware and changes system settings of the infected computers. Although there are a few ways to restore the encrypted files, reversing the decryption is very unlikely. The files locked by Skymap have their names changed and the “.Skymap†suffix appended.

Remove Skymap

picture.jpg.skymap A file called “_readme.txt†is created to present a message from Skymap’s developers. They provide their email addresses — bufalo@firemail.cc, gorentos@bitmessage.ch — and a Telegram address, @datarestore. If you were infected with Skymap, this is what the text of the ransom note should be:

As you can see, the criminals behind Skymap ask for at least a few hundred dollars for a decryption key and raise the price with time. It’s useful to research alternative ways to unlock or otherwise restore the Skymap-locked files before considering contacting the extortionists.

Download Removal Toolto remove Skymap

How Skymap locks the files

Skymap locks files by encrypting them. The files are fundamentally changed by the process — while they’re encrypted, nothing can be derived from them. Don’t edit or change the encrypted files in any way, not even their names. If you ever get the chance to decrypt Skymap-locked files, they need to be in their original state. A decryption key is necessary to unlock the files. In public-key cryptography, a decryption key is different than the encryption key and doesn’t need to be known by the party doing the encryption. So, only the criminals who created Skymap have the key to your files.

When Skymap infects a computer, it can remain undetected if it successfully disables the antivirus software that’s guarding the infected computer. Skymap brings with it malicious programs that can do that. Then it starts encrypting.

The encryption process takes some resources and is bound to be noticed, so Skymap justifies the slowdown of the system by displaying a fake system update window.

How ransomware is distributed

Cryptoviruses related to Skymap use Pirated software to infect computers. It seems like a lot of the victims of STOP/DJVU pirated some software before being infected with a cryptovirus. Software cracks are a good disguise for Skymap, and people who download a fake crack will likely ignore antivirus warnings if any are displayed because antivirus programs are expected to be alarmed by software-modifying tools. It’s important to read antivirus warnings carefully. Skymap can also come in an e-mail attachment. This could be an office file that asks for macros to be enabled, or an archive that supposedly needs to be opened. Or an executable with a fake extension (like “picture.jpg.exeâ€). The goal of Skymap’s developers is to send out hundreds or even thousands of spam letters carrying the infection. The extortionists can be satisfied even if only a small fraction of the recipients end up running the infected files. For Skymap, each infection is potentially earning a few hundred dollars, after all. This method of spreading ransomware is relatively new, only in the mainstream since the start of 2018.

Download Removal Toolto remove Skymap

Skymap is not the only ransomware virus that is part of an ongoing campaign: GandCrab, Dharma, Globeimposter are all still being developed and finding new ways to get around cybersecurity.

How to remove the Skymap virus

Removing Skymap is not a very easy task: this virus not only brings other malware with it, but also makes modifications to settings. For example, Skymap can change the hosts file to control which websites can be accessed. You might need to fix it. Skymap and the other malware should be removed using an antivirus program: Anti-Malware Tool, Anti-Malware Tool, or another powerful app. If the system files were somehow damaged by Skymap, Anti-Malware Tool might be able to fix that, or native Windows tools. After the cryptovirus is removed, the Skymap-encrypted files can be restored. If you have backup copies of what was lost to Skymap, you can restore them and return to regular computer use. If there is no backup copy, there are other ways to try to get the files back — they are described in the guide below this article.

Contacting Skymap’s developers to restore the files is not a good idea. Ransomware developers are notoriously unreliable when it comes to fixing the locked files. Even after they are paid, there is a good chance that they either start ignoring you, or demand more money. Some cryptoviruses sometimes get free decryptors developed for them by security researchers. At the moment, there is no free decryptor for Skymap. The closest thing to it could be STOPDecrypter (here’s a direct download) by @demonslay335, if support for Skymap is added. Then files that Skymap encrypted offline can be restored using that program. Remember that you can keep the Skymap files (and the ID that Skymap created) for later, in case the extortionists leak the decryption keys (that has happened before).

Stage 1: Delete Browser Extension

First of all, we would recommend that you check your browser extensions and remove any that are linked to Skymap. A lot of adware and other unwanted programs use browser extensions in order to hijacker internet applications.

Remove Skymap Extension from Google Chrome

  1. Launch Google Chrome.
  2. In the address bar, type: chrome://extensions/ and press Enter.
  3. Look for Skymap or anything related to it, and once you find it, press ‘Remove’.

Uninstall Skymap Extension from Firefox

  1. Launch Mozilla Firefox.
  2. In the address bar, type: about:addons and press Enter.
  3. From the menu on the left, choose Extensions.
  4. Look for Skymap or anything related to it, and once you find it, press ‘Remove’.

Delete Skymap Extension from Safari

  1. Launch Safari.
  2. Press on the Safari Settings icon, which you can find in the upper-right corner.
  3. Select Preferences from the list.
  4. Choose the Extensions tab.
  5. Look for Skymap or anything related to it, and once you find it, press ‘Uninstall’.
  6. Additionally, open Safari Settings again and choose Downloads.
  7. If Skymap.safariextz appears on the list, select it and press ‘Clear’.

Remove Skymap Add-ons from Internet Explorer

  1. Launch Internet Explorer.
  2. From the menu at the top, select Tools and then press Manage add-ons.
  3. Look for Skymap or anything related to it, and once you find it, press ‘Remove’.
  4. Reopen Internet Explorer.In the unlikely scenario that Skymap is still on your browser, follow the additional instructions below.
  5. Press Windows Key + R, type appwiz.cpl and press Enter
  6. The Program and Features window will open where you should be able to find the Skymap program.
  7. Select Skymap or any other recently installed unwanted entry and press ‘Uninstall/Change’.

Alternative method to clear the browser from Skymap

There may be cases when adware or PUPs cannot be removed by simply deleting extensions or codes. In those situations, it is necessary to reset the browser to default configuration. In you notice that even after getting rid of weird extensions the infection is still present, follow the below instructions.

Use Chrome Clean Up Tool to Delete Skymap

  1. Launch Google Chrome.
  2. In the address box, type: chrome://settings/ and press Enter.
  3. Expand Advanced settings, which you can find by scrolling down.
  4. Scroll down until you see Reset and Cleanup.
  5. Press on Clean up computer. Then press Find.

This Google Chrome feature is supposed to clear the computer of any harmful software. If it does not detect Skymap, go back to the Clean up computer and reset settings.

Download Removal Toolto remove Skymap

Reset Mozilla Firefox to Default

If you still find Skymap in your Mozilla Firefox browser, you should be able to get rid of it by restoring your Firefox settings to default. While extensions and plug-ins will be deleted, this will not touch your browser history, bookmarks, saved passwords or Internet cookies.

  1. Launch Mozilla Firefox
  2. Into the address box, type: about:support and press Enter.
  3. You will be redirected to a Troubleshooting Information page.
  4. From the menu on the right side, select Refresh Firefox.
  5. Confirm your choice by clicking Refresh Firefox in the new window.
  6. Your browser will close automatically in order to successfully restore the settings.
  7. Press Finish.

Reset Safari Browser to Normal Settings

  1. Launch Safari.
  2. Press on the Safari Settings icon, which you can find in the upper-right corner.
  3. Press Reset Safari.
  4. A new window will appear. Select the boxes of what you want to reset or use the screenshot below to guide you. Once you have selected everything, press ‘Reset’.
  5. Restart Safari.

Restore Internet Explorer to Default Settings

  1. Launch Internet Explorer.
  2. From the top menu, press on Tools and then Internet Options.
  3. In the new window that opens, choose the Advanced tab.
  4. At the bottom of the window, below Reset Internet settings, there will be a ‘Reset’ button. Press that.

While extensions and plug-ins will be deleted, this will not touch your browser history, bookmarks, saved passwords or Internet cookies.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>