Everbe 2.0 ransomware

September 9, 2018

What is 2.0 ransomware

Everbe 2.0 ransomware is a virus that has three previous versions.

Everbe 2.0 ransomware is a file-encrypting virus which encrypts user’s files by using an AES algorithm and displays a ransom note to inform its victims about the loss of their files. Encrypted data is marked with the ..divine or ..eV3rbe file extensions. After files are corrupted, the ransomware displays a ransom text message named “Readme” or “!=How_to_decrypt_files=!.txt.” Such notes are used to scare the victim into contacting the cybercriminals via eV3ebe@rape.lol email address in a 24 hour period. Cybercrooks have also been trying to convince users to pay a particular ransom to receive a decryption tool for their corrupted files. Everbe 2.0 virus is not decryptable as its other similar variants and is the latest version of the Everbe ransomware.

Everbe 2.0 ransomware

The newest variant of Everbe 2.0 ransomware showed up mid-July and is dubbed Hyena Locker ransomware. It encrypts files with a strong cipher and adds .HYENA file extension. Victims are asked to contact hackers using hyena@rape.lol or hyena@cock.lu email addresses, which is presented in a ransom note !_HOW_RECOVERY_FILES_!.txt:

Download Removal Toolto remove 2.0 ransomware

As evident, Everbe 2.0 ransomware evolves, and it is more and more dangerous with each version – still not decryptable by security experts. Thus, users should not take this attack lightly. Nevertheless, no matter how desperate some users can be to get their files back, researchers do not recommend contact cybercriminals, as it can lead to money loss.

You better remove Everbe 2.0 virus using anti-malware tool like and clean your system immediately after noticing any locked files on your system. Encrypted data is important to recover, but you need to be aware that plugging any USB or another external drive to a compromised system can result in permanent data loss. Ransomware will lock any incoming files, regardless if they are downloaded from the internet or a back-up.

Although this variant is not decryptable, you will find instructions below on how to use third-party tools that might help you to possibly recover data. Additionally, if malware is blocking the operation of security software, the guide below will help you with Everbe 2.0 ransomware removal when using Safe Mode with Networking. The cyber threat can disable anti-virus programs, so anti-malware tools and preferably two different ones can ensure that all possible infections are detected in time.

Some piece of advice would be to keep copies of important data safe on external devices such as USB drives, iCloud, or other. Various sneaky viruses like Everbe 2.0 ransomware will not be able to access safely-stored files, and they will remain safe even though the cyber threat encrypts those documents which are on your PC.

How does 2.0 ransomware works

If you receive an email that you are not expecting and it is from a company you do not know or service you do not use, be aware that this might contain virus-filled attachment or link with virus activation source. Delete these ambiguous letters immediately without opening.

Spam email box fills up with questionable content automatically. And, while there is a possibility that a legitimate email might have sneaked in there, you should still take great care when opening messages from your Spam box. If you open any email casually and click on links or attachments – you are in at an increased risk of malware infection.

Download Removal Toolto remove 2.0 ransomware

As soon as the contaminated file is opened, ransomware executes its malicious code on your PC. Thus, take several precautionary measures to avoid infection:

Do not open every spam email (and especially attachments) casually – make sure it is legitimate first; Employ robust anti-malware software and keep it up to date; Download programs and updates from legitimate sources only; Patch your software as soon as new updates are out; Avoid using file-sharing or cracked software websites.

How to delete 2.0 ransomware

To remove Everbe 2.0 ransomware or any other ransomware, you need to employ legitimate tool. and Anti-MalwareNorton Internet Security can be used for that purpose. These programs scan the computer system thoroughly and, if any threats are detected, eliminate them promptly. After that, you can proceed with normal computer operation.

If Everbe 2.0 ransomware removal goes as planned, you can try to decrypt and recover your files. Use backups or below mentioned methods to restore encrypted data. Keep your anti-virus programs up to date, since ransomware uses system vulnerabilities to its advantage. Make sure your anti-virus is set to scan your machine automatically from time to time.

Stage 1: Delete Browser Extension

First of all, we would recommend that you check your browser extensions and remove any that are linked to 2.0 ransomware. A lot of adware and other unwanted programs use browser extensions in order to hijacker internet applications.

Remove 2.0 ransomware Extension from Google Chrome

  1. Launch Google Chrome.
  2. In the address bar, type: chrome://extensions/ and press Enter.
  3. Look for 2.0 ransomware or anything related to it, and once you find it, press ‘Remove’.

Uninstall 2.0 ransomware Extension from Firefox

  1. Launch Mozilla Firefox.
  2. In the address bar, type: about:addons and press Enter.
  3. From the menu on the left, choose Extensions.
  4. Look for 2.0 ransomware or anything related to it, and once you find it, press ‘Remove’.

Delete 2.0 ransomware Extension from Safari

  1. Launch Safari.
  2. Press on the Safari Settings icon, which you can find in the upper-right corner.
  3. Select Preferences from the list.
  4. Choose the Extensions tab.
  5. Look for 2.0 ransomware or anything related to it, and once you find it, press ‘Uninstall’.
  6. Additionally, open Safari Settings again and choose Downloads.
  7. If 2.0 ransomware.safariextz appears on the list, select it and press ‘Clear’.

Remove 2.0 ransomware Add-ons from Internet Explorer

  1. Launch Internet Explorer.
  2. From the menu at the top, select Tools and then press Manage add-ons.
  3. Look for 2.0 ransomware or anything related to it, and once you find it, press ‘Remove’.
  4. Reopen Internet Explorer.In the unlikely scenario that 2.0 ransomware is still on your browser, follow the additional instructions below.
  5. Press Windows Key + R, type appwiz.cpl and press Enter
  6. The Program and Features window will open where you should be able to find the 2.0 ransomware program.
  7. Select 2.0 ransomware or any other recently installed unwanted entry and press ‘Uninstall/Change’.

Alternative method to clear the browser from 2.0 ransomware

There may be cases when adware or PUPs cannot be removed by simply deleting extensions or codes. In those situations, it is necessary to reset the browser to default configuration. In you notice that even after getting rid of weird extensions the infection is still present, follow the below instructions.

Use Chrome Clean Up Tool to Delete 2.0 ransomware

  1. Launch Google Chrome.
  2. In the address box, type: chrome://settings/ and press Enter.
  3. Expand Advanced settings, which you can find by scrolling down.
  4. Scroll down until you see Reset and Cleanup.
  5. Press on Clean up computer. Then press Find.

This Google Chrome feature is supposed to clear the computer of any harmful software. If it does not detect 2.0 ransomware, go back to the Clean up computer and reset settings.

Reset Mozilla Firefox to Default

If you still find 2.0 ransomware in your Mozilla Firefox browser, you should be able to get rid of it by restoring your Firefox settings to default. While extensions and plug-ins will be deleted, this will not touch your browser history, bookmarks, saved passwords or Internet cookies.

  1. Launch Mozilla Firefox
  2. Into the address box, type: about:support and press Enter.
  3. You will be redirected to a Troubleshooting Information page.
  4. From the menu on the right side, select Refresh Firefox.
  5. Confirm your choice by clicking Refresh Firefox in the new window.
  6. Your browser will close automatically in order to successfully restore the settings.
  7. Press Finish.

Reset Safari Browser to Normal Settings

  1. Launch Safari.
  2. Press on the Safari Settings icon, which you can find in the upper-right corner.
  3. Press Reset Safari.
  4. A new window will appear. Select the boxes of what you want to reset or use the screenshot below to guide you. Once you have selected everything, press ‘Reset’.
  5. Restart Safari.

Restore Internet Explorer to Default Settings

  1. Launch Internet Explorer.
  2. From the top menu, press on Tools and then Internet Options.
  3. In the new window that opens, choose the Advanced tab.
  4. At the bottom of the window, below Reset Internet settings, there will be a ‘Reset’ button. Press that.

While extensions and plug-ins will be deleted, this will not touch your browser history, bookmarks, saved passwords or Internet cookies.

Download Removal Toolto remove 2.0 ransomware

Leave a Reply

Your email address will not be published. Required fields are marked *