Homamcore

11 minutes ago, Aimi said:

To be clear, Ransomware often doesn't like like a virus.
Anyway, don't mess with your files at all. They encrypted, and just changing the file extension doesn't mean they'll magically work.

Do you know the name of the Ransomware? Does it say anything in the dropped text files or the Tor site you were directed to?

I couldn't find the name of the Ransomware.

The text file contains this:

All your files are Encrypted!
For data recovery needs decryptor.
How to buy decryptor:

----------------------------------------------------------------------------------------

| 1. Download Tor browser - https://www.torproject.org/ and install it.

| 2. Open link in TOR browser - http://decrmbgpvh6kvmti.onion/
               
| 3. Follow the instructions on this page 

----------------------------------------------------------------------------------------

Note! This link is available via "Tor Browser" only.

------------------------------------------------------------
Free decryption as guarantee.
Before paying you can send us 1 file for free decryption.
------------------------------------------------------------

alternate address - http://helpinfh6vj47ift.onion/

DO NOT CHANGE DATA BELOW
###s6dlsnhtjwbhr###           15 E5 8B 60 98 4C 2F 84 5C 96 93 08 B6 31 C1 AA
83 BD 1B 7F 95 F7 27 F3 E7 27 DD 7D 3A C3 88 F9
C1 95 39 6F 9D 94 BE F9 6C 90 10 E5 C6 9C CD 13
86 21 2E 9F E8 FD 17 1D 6B 35 FD 39 ED 74 B5 DE
98 89 0A 71 5E 1B FD FC 7A 12 4F FA F3 82 FA 55
39 08 96 F4 B0 93 06 AA BC 85 B0 F0 6C 0F 83 6B
3E 1F BA D3 75 03 85 D0 53 1F B7 1C C7 DB 80 58
9E C0 B2 FA BB E9 2B 30 42 33 07 90 47 76 94 B9
7A DE 17 BE 5C C0 05 0C 37 99 51 47 0C 60 C7 28
80 01 BE 24 52 89 52 26 50 EB E5 4C 42 07 29 76
00 C6 A8 01 D8 5E F8 03 DC 87 C3 30 37 F8 86 DB
6C 46 B8 99 6D DB 72 E1 C3 1A C0 E5 0E 73 93 C3
7F A8 AC EB 2D 93 37 E2 44 B1 4E D6 E2 39 73 78
F3 52 A5 22 FF E2 26 89 38 76 ED 7D 3B 37 43 24
3F F1 CF C9 5C 9B 3A 06 67 50 77 30 11 C7 A5 F4
67 09 B0 CF 77 5E E5 6D 5C 02 5C 35 B0 F6 C6 BB
###             

Hey guys, my laptop got infected with ransomware and every file in it got encrypted and a (.DOCM) extension added. I tried to delete the extension to some files, some of them opened perfectly and another didn't and got damaged. Also, every folder has a text file named (Restore-My-Files), it contains instructions to open a link in tor browser and follow the instructions. According to what I read on the internet it will ask me to pay money in Bitcoin. Is there any way to fix this issue and remove the virus? and if not and I had to format the whole laptop can I transfer the important data to USB flash drive and after I format I can remove the extension and the virus won't come back? Or should I format the whole laptop?