Thanks to the rapid advancement of technology in the last decade, our computer and IT devices have become a lot more secure. But that doesn’t mean you’re completely safe from the cunning hackers and cybercriminals who are constantly employing new methods to make people fall into their traps. Undoubtedly, RIBD ransomware is one of the most dangerous tools at their disposal and will thwart attempts to recover files.
This ransomware will get into your computer, lock your files with encryption, and demand a ransom to give them back. But don’t panic. In this article, we will study what it is, how the ransomware gets into your device, and how to remove it and recover the encrypted RIBD files.
What is RIBD?
RIBD is a kind of malicious ransomware that locks your files with high-grade encryption and demands a ransom to decrypt the files for you. The scheme of attacking your computer with ransomware is simple. It’s to encrypt important files in the computer and then make the computer’s owner pay a ransom to get the decryption key.
Unfortunately, in the panic of the idea of losing the encrypted files forever, many people choose to pay the ransom to get them back as soon as possible. This makes the ransomware scheme a great success from the cyber criminals’ point of view. RIBD ransomware works in the same way.
In this case, the cyber crooks will encrypt your files with RIBD ransomware. Consequently, all the files it encrypts will have a “.ribd” file extension on them. When this ransomware completes the encryption process, it will simply drop a text file “_readme.txt” that contains the ransom note demanding $980 to decrypt all your encoded files.
In the ransom note, they will make the offer more alluring by simply giving you a 50% discount if you make the payment within 72 hours after receiving it. Next, the cybercriminals will ask you to contact them via “[email protected]/[email protected]” for more details. Emails provided are one example of what they used. To avoid people from connecting the dots, they change addresses, likely in batches, and set up mail redirection.
It’s totally up to you if you want to believe these frauds or not. But even if you pay them the full ransom, there’s no guarantee that they will keep their end of the deal. In the end, you will be left with encrypted files and a $980 hole in your bank account.
Therefore, you should never trust these con artists. The best and safest way is to use reputed software to remove the RIBD ransomware from your computer and restore files yourself or with the help of a professional.
A Brief Overview of RIBD Ransomware
Here’s a rundown of the traits RIBD ransomware possesses:
| Name | RIBD |
| Threat classification | Ransomware, crypto-virus |
| Encrypted file extension | .ribd |
| Genealogy | DJVU ransomware |
| Ransom note | _readme.txt |
| Ransom | $490 – $980 in Bitcoins |
| Contact information | [email protected] [email protected] (prone to change) |
| Distribution methods | Spam emails Pirated website content/illegal websites Remote Desktop Protocol Torrent websites |
| Main removal methods | Professional anti-malware software |
How Does RIBD Ransomware Get Into Computers?
Cybercriminals use multiple ways to infect computers with the RIBD ransomware. Here are some of the most notable ways the RIBD ransomware gets inside your computer:
Spam
Spam is the most common method of injecting ransomware into computers. Cyber crooks sent you fraudulent emails posing as a legitimate organization. In the spam mail, they will use multiple excuses such as receipts, order confirmation, or bank messages, to lure the recipient into clicking on a specific link within. Once you click on the fraudulent link, RIBD ransomware sneaks into your system and starts the encryption process.
Therefore, you should always double-check the email ID of the sender to make sure it’s not a spam email from some cybercriminal. For example, instead of the official email of PayPal, [email protected], the cybercriminals might send you the email from an ID like “[email protected]” or “service[,]@paypal.com” to make it seem like it’s legitimate. Thus, once again, always check if the email ID of the sender is correct before you do anything.
Furthermore, you should also check the email content with your antivirus program or a security browser extension to ensure there is no malicious content, link, or attachment.
Software Exploitation
Cybercriminals often use vulnerabilities or security holes of different software to hack into your computer and put in ransomware like RIBD. To avoid that, you should always keep your operating system (OS) and your software updated. Updates for your OS and software frequently contain security patches and bug fixes that prevent hackers from exploiting the program. Ergo, if you don’t want to get a sudden ransom note, update those today!
Malicious Scripts and Hyperlinks
If you often get into suspicious websites or click on fishy malicious scripts or hyperlinks, then your computer might get affected with RIBD or similar ransomware. In case you don’t want to welcome ransomware into your computer, you should not click on P2P sites and websites with pirated or illegal content. That’s because sometimes free things will cost you the most.
RDP (Remote Desktop Protocol)
Hackers often use the Remote Desktop Protocol (RDP), a built-in feature of Windows OS, to inject the RIBD ransomware into your computer. This way, they can access your computer from a remote location and manually install the ransomware inside To avoid falling into this trap, you should always use ports different from 3389 TCP accompanied by a complex password.
Removing RIBD Ransomware
Before you even think about getting your encrypted data back, you should always remove the RIBD ransomware from your computer. The reason is simple. Even if you restore your files, the ransomware in your computer will simply encrypt them again.
We recommend you use antivirus or anti-malware protection and removal software from a reputable company. The professional antivirus programs from reputed cybersecurity firms can easily detect and remove most kinds of ransomware, including RIBD, from your computer. However, even if they terminate the ransomware, these anti-malware programs won’t be able to break the encryption on affected files. But don’t worry, we will demonstrate techniques to recover RIBD files in the next section.
3 Procedures to Recover Encrypted RIBD Files
Now you know how to eliminate the RIBD ransomware from your computer using professional anti-malware programs. Once again, they can’t help you recover the already encrypted data. As a result, we will show you three easy ways to recover the encrypted RIBD files.
1. Use A Third-party Data Recovery Software to Get RIBD Files Back
If you want to recover the encrypted RIBD files, using a data recovery tool from a trustworthy data restoration company is your best choice. With a professional data retrieval tool, you can easily restore most of your encrypted files, including photos, videos, documents, slides, and more. You can use a data recovery software of your choice, as long as it has an admirable reputation.
Since the majority of data recovery tools have a similar user interface, you can restore your files following the steps below:
- First, download and install the data rescue software of your choosing to your computer.
- Launch the software on your computer, select the type of files you want to recover, and click “Next.”
- Now you must pick the drive or the folder the files you want to recover are located. Click on the drive or folder and then the “Scan” option.
- After the scan is complete, all the recoverable files will be available in the next menu. Review the files and select the ones you want to get back.
- Next, click on the “Recover” button.
- Now, select a location where you would like to store files you recover and click on the “OK” button to complete the recovery process.
2. Recover Files with RIBD Extension Using System Restore
Even though the new RIBD ransomware can corrupt the System Restore files, using the eponymous functionality can still help you recover lots of encrypted files. However, you should carry out the entire process by activating the “Safe Mode with Command Prompt” option. Let’s get into it.
Activating Safe Mode with Command Prompt on Windows
Here’s how you can activate the “Safe Mode with Command Prompt” feature in different versions of Windows OS:
- For computers with Windows XP/Vista/7: Here’s what to do:
- First, restart your computer, and before it starts again, press the “F8” key (might be different for your motherboard) multiple times.
- Next, your computer will load the “Advanced Boot Options” menu. Here, use the downward-facing arrow key of your keyboard to bring the cursor to the “Safe Mode with Command Prompt” option.
- Now, press the “Enter” key.
- For machines with Windows 8/8.1/10: Follow the instructions below:
- Press the “Windows + I” keys on your keyboard to open the “Settings” app.
- Next, click on the “Update & security” option.
- Now, select the “Recovery” option and then click on “Restart now.”
- Once the computer reboots, navigate to Troubleshoot → Advanced options → Startup Settings → Restart.
- After the computer restarts again, press the “F5” key to turn on “Safe Mode with Command Prompt.”
Recovering Files after Entering Safe Mode
Once your computer loads into Safe Mode with Command Prompt, follow the steps below to retrieve RIBD files:
- After the Command Prompt window opens, type “cd restore” and press the “Enter” key.
- Next, type “rstrui.exe” and press the “Enter” key again.
- Now, once a new “System Restore” window appears, click on the “Next” button.
- After that, you will find multiple backup files in the next menu. Choose a backup file version that was created before the ransomware infection and click on the “Next” button again.
- Now, click on the “Yes” button of the next pop-up menu and the file restoration process will commence.
3. Restore RIBD Files to Their Previous Version on Windows
As long as you’re using Windows 7 or later versions of Windows OS, you can get your files back by restoring them to their earlier versions. Here’s how you can do it:
- Left-click on the encrypted file and choose the “Properties” option. A new window will pop up.
- Next, click on the “Previous Versions” tab from the new window.
- Now, select a version of the file when it wasn’t affected by the ransomware and click on the “Copy” button.
- After that, click on the “Restore” button.
With this, your file will be restored to its prior version, i.e., when it wasn’t impacted by the RIBD ransomware. However, please note that this method might not be effective all the time. Ergo, we highly encourage you to use the first two methods. If neither of the two works for restoring a particular file, you can use this one as your last resort.
