Help with Ransomware virus

[Homamcore]

Hey guys, my laptop got infected with ransomware and every file in it got encrypted and a (.DOCM) extension added. I tried to delete the extension to some files, some of them opened perfectly and another didn't and got damaged. Also, every folder has a text file named (Restore-My-Files), it contains instructions to open a link in tor browser and follow the instructions. According to what I read on the internet it will ask me to pay money in Bitcoin. Is there any way to fix this issue and remove the virus? and if not and I had to format the whole laptop can I transfer the important data to USB flash drive and after I format I can remove the extension and the virus won't come back? Or should I format the whole laptop? 

[Aimi]

To be clear, Ransomware often doesn't like like a virus.
Anyway, don't mess with your files at all. They encrypted, and just changing the file extension doesn't mean they'll magically work.

Do you know the name of the Ransomware? Does it say anything in the dropped text files or the Tor site you were directed to?

[Electronics Wizardy]

If you just want to remove the virus id just wipe the laptop and reinstall. THen restore backups. You don't know where it mess with stuff, so just start fresh.

[Homamcore]

11 minutes ago, Aimi said:

To be clear, Ransomware often doesn't like like a virus.
Anyway, don't mess with your files at all. They encrypted, and just changing the file extension doesn't mean they'll magically work.

Do you know the name of the Ransomware? Does it say anything in the dropped text files or the Tor site you were directed to?

I couldn't find the name of the Ransomware.

The text file contains this:

 

All your files are Encrypted!
For data recovery needs decryptor.
How to buy decryptor:

----------------------------------------------------------------------------------------

| 1. Download Tor browser - https://www.torproject.org/ and install it.

| 2. Open link in TOR browser - http://decrmbgpvh6kvmti.onion/
               
| 3. Follow the instructions on this page 

----------------------------------------------------------------------------------------

Note! This link is available via "Tor Browser" only.

------------------------------------------------------------
Free decryption as guarantee.
Before paying you can send us 1 file for free decryption.
------------------------------------------------------------

alternate address - http://helpinfh6vj47ift.onion/

DO NOT CHANGE DATA BELOW
###s6dlsnhtjwbhr###           15 E5 8B 60 98 4C 2F 84 5C 96 93 08 B6 31 C1 AA
83 BD 1B 7F 95 F7 27 F3 E7 27 DD 7D 3A C3 88 F9
C1 95 39 6F 9D 94 BE F9 6C 90 10 E5 C6 9C CD 13
86 21 2E 9F E8 FD 17 1D 6B 35 FD 39 ED 74 B5 DE
98 89 0A 71 5E 1B FD FC 7A 12 4F FA F3 82 FA 55
39 08 96 F4 B0 93 06 AA BC 85 B0 F0 6C 0F 83 6B
3E 1F BA D3 75 03 85 D0 53 1F B7 1C C7 DB 80 58
9E C0 B2 FA BB E9 2B 30 42 33 07 90 47 76 94 B9
7A DE 17 BE 5C C0 05 0C 37 99 51 47 0C 60 C7 28
80 01 BE 24 52 89 52 26 50 EB E5 4C 42 07 29 76
00 C6 A8 01 D8 5E F8 03 DC 87 C3 30 37 F8 86 DB
6C 46 B8 99 6D DB 72 E1 C3 1A C0 E5 0E 73 93 C3
7F A8 AC EB 2D 93 37 E2 44 B1 4E D6 E2 39 73 78
F3 52 A5 22 FF E2 26 89 38 76 ED 7D 3B 37 43 24
3F F1 CF C9 5C 9B 3A 06 67 50 77 30 11 C7 A5 F4
67 09 B0 CF 77 5E E5 6D 5C 02 5C 35 B0 F6 C6 BB
###             

[demonix00]

Restoring files affected by a ransomware attack isn't as simple as removing the added file extension as the files have been encrypted and would need to be decrypted in order to restore them, and since there most likely isn't any means to decrypt them without paying the attackers ransom then all the files are now lost and can't be recovered and the best thing to do is to nuke EVERYTHING without backing any files up and starting from scratch and next time you should keep a backup (that isn't connected to any computer all the time) of all personal files.

[Avionon]

It would be best to know what sort of Ransomware it is. It could be possible that the Ransomware is outdated and has no master server, therefore, making it impossible to actually get your files back even if you wanted to make a payment.

 

You'll likely have to restore backups (that are pristine and clean) way before this ransomware got in and encrypted everything. If not, then I'm afraid all your files are lost.

 

17 hours ago, demonix00 said:

Restoring files affected by a ransomware attack isn't as simple as removing the added file extension as the files have been encrypted and would need to be decrypted in order to restore them, and since there most likely isn't any means to decrypt them without paying the attackers ransom then all the files are now lost and can't be recovered and the best thing to do is to nuke EVERYTHING without backing any files up and starting from scratch and next time you should keep a backup (that isn't connected to any computer all the time) of all personal files.

demonix00 has the right idea with nuking your computer if you don't have any backups saved onto something like a USB that isn't/wasn't connected to the computer when the attack happened.