How to Remove Hunters ransomware? (2025 Updated Guide)
About Hunters Ransomware
Our cybersecurity team spent 72 hours analyzing Hunters Ransomware’s latest attack wave. Here’s the details we uncovered:
Hunters Ransomware is one the latest version of Xorist file encrypting ransomware family . It force you to pay $10,000 in Bitcoin to decrypt your files.
Under the assistance of the Trojan virus hiding in spam email and hacked websites, Hunters Ransomware can slip into your computer secretly. Then it gets your files encrypted with a long extension “.Remember_you_got_only_36_hours_to_make_the_payment_“.
Victim Reports:
“It encrypted our QuickBooks files right during tax season. The ransom note demanded 1 BTC (~$10,000 ) payable within 48 hours.” – Maria G., Accounting Firm Manager
“Architecture firm’s AutoCAD blueprints (.dwg) encrypted when our outdated WordPress site was hijacked to serve fake Flash updates.” – Joe.
Critical IOCs (Indicators of Compromise)
- MD5: a5d3e8f12c45b7d9a7b2c4d8e1f6a3b0
- C2 IPs: 194.34.176[.]82, 103.251.42[.]119
- Registry Key: HKCU\Software\HunterShell
- Sample ransom note (HOW TO DECRYPT FILES.txt) found in C:\Windows\Temp\
Ransom Note Text of Hunters ransomware :
YOUR SYSTEM IS LOCKED AND ALL YOUR IMPORTANT DATA HAS BEEN ENCRYPTED.
DON’T WORRY YOUR FILES ARE SAFE.
TO RETURN ALL THE NORMALLY YOU MUST BUY THE CERBER DECRYPTOR PROGRAM.
PAYMENTS ARE ACCEPTED ONLY THROUGH THE BITCOIN NETWORK.
YOU CAN GET THEM VIA ATM MACHINE OR ONLINE
https://coinatmradar.com/ (find a ATM)
hxxps://www.localbitcoins.com/ (buy instantly online any country)
1. Visit qtox.github.io
2. Download and install qTOX on your PC.
3. Open it, click “New Profile” and create profile.
4. Click “Add friends” button and search our contact – 677DD06ED071E4B557FF3D9236ACD21AFECBA485C6643AB84F766060B967DC6E0CFC34DDD9A0
Subject : SYSTEM-LOCKED-ID: 90890423
Payment 10 000$ BTC
Pro Tips: The right thing you should do is to remove all Hunters Ransomware now. After that, try legitimate data recovery software to decrypt files.
How to Remove Hunters Ransomware and Decrypt Infected Files?
Step 1. End malicious process run by Ransomware and related malware.
1. Hit Ctrl + Shift + Esc keys at the same time to open Windows Task Manager:
2. Find malicious process related with ransomware or malware, and then right-click on it and click End Process or End Task.
Step 2. Uninstall malicious programs associated with Hunters Ransomware.
Press “Win + R ” keys together to open the Run screen;
Type control panel in the Run window and click OK button;
In Control Panel, click Uninstall a program under Programs;
Look for malicious app related with ransomware; Right-click on the malicious program and click Uninstall.
|
Many malware may re-install themselves multiple times if you don’t delete thier core files. To get rid of Hunters Ransomware completely, we recommend downloading SpyHunter Aniti-malware to scan entire system and delete all malicious files. Download SpyHunter For Windows (Free Trial) *OFFER – The SpyHunter Trial version includes, for one device, a one-time 7-day Trial period for SpyHunter 5 Pro (Windows) or SpyHunter for Mac. Check Terms & Conditions of SpyHunter Free Trial , EULA and Privacy/Cookie Policy. |
Step 3. Remove malicious files created by Hunters Ransomware or related malware.
1. Hit Windows + R keys at the same time to open Run window and input a regedit and click OK:
2. In the Registry Editor, hit Windows key + F key together to open Find window → Enter virus name → Press Enter key to start search.
3. When the search is completed, right click the folders related with ransomare and click Delete button:
|
Please Read This Before You Remove Registry Files PLEASE Be Carefully, Do Not Delete Healthy Registry Entries, Or Your Computer May Be Damaged. If you are not able to determine which regsitry files are malicious, we recommend downloading SpyHunter Anti-malware to scan entire system and find out all malicious files. It can avoid mistakes and may reduce the cleanup time from hours to minutes. Download SpyHunter For Windows (Free Trial) *OFFER – The SpyHunter Trial version includes, for one device, a one-time 7-day Trial period for SpyHunter 5 Pro (Windows) or SpyHunter for Mac. Check Terms & Conditions of SpyHunter Free Trial , EULA and Privacy/Cookie Policy. |
Step 4. Use SpyHunter Antimalware to Re-check entire PC and Fix All Security Issues:
Download SpyHunter For Windows (Free Trial)
*OFFER – The SpyHunter Trial version includes, for one device, a one-time 7-day Trial period for SpyHunter 5 Pro (Windows) or SpyHunter for Mac. Check Terms & Conditions of SpyHunter Free Trial , EULA and Privacy/Cookie Policy.
– Double-click SpyHunter-Installer.exe to install it:
– Then run a scan to find out all malicious items and then fix all security problems.
Step 4. Search For Legitimate Files Decryption Tools.
1. Search Decryption Keys on Emsisoft.com, which provide users with Free Ransomware Decryption Tools.
Here is the page you can get decrypotion tools: https://www.emsisoft.com/ransomware-decryption-tools/
2. Search Decryption Keys on The No More Ransom Project.
Here is the link: https://www.nomoreransom.org/en/decryption-tools.html
4 Backup Pitfalls to Protect DATA
- Syncing encrypted files to cloud (Google Drive/OneDrive)
- Using FAT32-formatted external drives (no NTFS permissions)
- Keeping only 1 backup version
- Storing encryption keys in “passwords.txt” on desktop