How to Recover Invisible Empire Ransomware Files
Invisible Empire Ransomware Description and Removal Instructions:
Malware Category: Ransomware
Invisible Empire Ransomware is a new version of the crypto-virus Jigsaw Ransomware. Invisible Empire Ransomware targets PCs running Windows OS and requests $150 to decrypt yor files. Every file that has been encrypted will have its extension changed to: .payransom. Fortunately, there is a way of decrypting the files encrypted by Invisible Empire Ransomware.
When running, Invisible Empire Ransomware will start encrypting certain types of files stored on local or mounted network drives using an AES cryptography, with the private key stored only on a control server.
Invisible Empire Ransomware will create help_your_files.html and put a shortcut to it in every folder where a file was encrypted. Those files contain instructions explaining how to pay the ransom. For the victims to pay the ransom, the virus requests a payment to be sent to a specific bitcoin address. When Invisible Empire Ransomware is initiated on the computer, it will inject deep into the system infecting Explorer.exe and svchost.exe, modify the registry to start with Windows, and disable the Automatic Repair feature. Once active, it will start the processes of encrypting files. These types of ransomware are very hard to detect. Nevertheless, the virus will show its presence after the encryption finishes.
Invisible Empire Ransomware will not just encrypt files and block your computer, it will also collect valuable information that will be sent to the control server. Such software could lead to more malware coming into your computer and even cause a loss of data. Such threats are not to be underestimated!
If you are infected, we at SpywareTechs.com recommend you to download SpyHunter Malware Security Suite in order to remove the infection automatically:
Once you get rid of Invisible Empire Ransomware (see how to remove Invisible Empire Ransomware in our article), you can try to recover your files using the methods below:
How to Recover Files Encrypted by Invisible Empire Ransomware:
You can try to recover your files from a system backup. If there is no backup available, one can try to restore the files using the Shadow Copy Service. Windows XP Service Pack 2 and future versions have an integrated feature called Shadow Copy Service which will automatically create backup copies of your files. This method is not bullet-proof, as Invisible Empire Ransomware may delete the shadow copies.
1. How to Restore Files Using the Shadow Copy Service:
Method 1. Using Windows Previous Version tab:
*The Windows System Protection service must`ve been enabled before the infection, otherwise it will not work.
- Right-click on the encrypted file, select Properties from the menu.
- Click on “Previous Version” tab (If missing, this means that Windows System Protection has not been enabled).
- Choose a previous version copy and click on the Copy button. Select a directory you wish to recover the file to, or you can try to restore the selected file, directly, by hitting the Restore button.
The method could be used to recover an entire folder. Just right-click on the highlighted folder and select Properties, and then Previous Version tab.
Method 2. Using Shadow Explorer:
Using Shadow Explorer to restore whole folders. You can download the program from the link below:
Download and run the program. A list of available drives will show up on the left side. Beside it, you will see available dates for created shadow copies. One could select the drive and the date to restore to.
2. How to recover files encrypted by Invisible Empire Ransomware using DemonSlay335`s Decryption Tool:
DemonSlay335 from Bleeping Computer has modified his Jigsaw Ransomware Decrypter tool to work with this virus. Please note that some files may fail to be decrypted.
*Before proceeding with the steps below, please open Task Manager and kill the processes: %UserProfile%\AppData\Roaming\Wrkms\wrkms.exe and %UserProfile%\AppData\Local\Systmd\systmd.exe. From MSConfig turn off the startup entry related to the aforementioned files.
1. Download JigSawDecrypter.zip from the following link and save it on your desktop:
2. Once you`ve downloaded it, extract the archive and double-click on the JigSawDecrypter.exe to run it.
3. Click on “Select Directory” to select the path.
4. Click on “Decrypt My Files” button to start the decryption. When the process finishes, a message in green “Files Decrypted!” will appear.
Nevertheless, if you want to be protected from Invisible Empire Ransomware, get SpyHunter!