How to remove AD ransomware and decrypt .[].ad files

AD ransomware encryption process

AD is a new type of GlobeImposter ransomware virus. It means that this virus changes the structures of your files (encrypts) by the means of special algorithms in order to make you pay for restoring these files (decrypt). To achieve this aim hackers use a number of tricks such as bundles, malicious email attachments, brute forcing of the open ports of your device and etc. Infection can be unnoticed by the user, as searching (it looks for suitable media files and documents) and encryption processes may be proceeded in the background. As the result, your files are unreadable, as the extensions of them changed to .[].ad. Don’t try to remove AD ransomware encryption by the renaming of files, you can corrupt them! The purpose of these attacks, as it’s been already mentioned, is to make you pay, that’s why hackers left special notes with the demand for decryption. In our case this ransom note is called Read_For_Restore_File.html and it contains the following information:

Your documents, photos, databases and all the rest files encrypted cryptographically strong algoritm RSA-2048.
Without a secret key stored with us, the restoration of your files is impossible
To start the recovery process:
Register email box to or (do not waste time sending letters from your standard email address, they will all be blocked).
Send a email from your new email address to: with your personal ID.
In response, we will send you further instructions on decrypting your files.
Your personal ID:
*ID number*
———– P.S. ———–
It is in your interest to respond as soon as possible to ensure the recovery of your files, because we will not store your decryption keys on our server for a long time.
?heck the folder “Spam” when waiting for an email from us.
If we do not respond to your message for more than 48 hours, write to the backup email :
Q: Did not receive an answer?
A: Check the SPAM folder.
Q: My spam folder is empty, what should I do?
A: Register email box to or and do the steps above.

There is no reason to believe them. It’s easy for the to trick you, as you don’t have any guarantee, that they will really help you. Moreover, if you pay them, you will be a potential aim for the next attack. So, my advice is to avoid paying ransoms and read our guide on how to remove AD ransomware and [].ad files!

Article’s Guide

  1. How to remove AD Ransomware from your computer
  2. How to remove AD Ransomware encryption from your files
  3. Data Recovery
  4. Automated decryption tools
  5. Windows Previous Versions

How to remove AD Ransomware from your computer?

We strongly recommend you to use a powerful anti-malware program that has this threat in its database. It will mitigate the risks of the wrong installation, and will remove AD from your computer with all of its leftovers and register files.

Solution for Windows users: our choice is Norton 360 . Norton 360 scans your computer and detects various threats like AD, then removes it with all of the related malicious files, folders and registry keys.

Download Norton windows compatible

If you are Mac user, we advise you to use Combo Cleaner.

How to decrypt .[].ad files?

Once you’ve removed the virus, you are probably thinking how to decrypt .ad files. Let’s take a look at possible ways of decrypting your data.

Recover data with Data Recovery

Data Recovery

  1. Download and install Data Recovery
  2. Select drives and folders with your files, then click Scan.
  3. Choose all the files in a folder, then press on Restore button.
  4. Manage export location.

Download Stellar Data Recovery

The download is an evaluation version for recovering files. To unlock all features and tools, purchase is required ($49.99-299). By clicking the button you agree to EULA and Privacy Policy. Downloading will start automatically.

Restore data with automated decryption tools

Unfortunately, due to the novelty of AD ransomware, there are no available automatic decryptors for this encryptor yet. Still, there is no need to invest in the malicious scheme by paying a ransom. You are able to recover files manually.
You can try to use one of these methods in order to restore your encrypted data manually.

Restore data with Windows Previous Versions

This feature is working on Windows Vista (not Home version), Windows 7 and later versions. Windows keeps copies of files and folders which you can use to restore data on your computer. In order to restore data from Windows Backup, take the following steps:

  1. Open My Computer and search for the folders you want to restore;
  2. Right-click on the folder and choose Restore previous versions option;
  3. The option will show you the list of all the previous copies of the folder;
  4. Select restore date and the option you need: Open, Copy and Restore.

Restore the system with System Restore

You can always try to use System Restore in order to roll back your system to its condition before infection infiltration. All the Windows versions include this option.

  1. Type restore in the Search tool;
  2. Click on the result;
  3. Choose restore point before the infection infiltration;
  4. Follow the on-screen instructions.

Was this tutorial helpful?
[Total: 2 Average: 4]

Leave a Comment

Time limit is exhausted. Please reload CAPTCHA.