How to remove Oo7 ransomware and decrypt .id-*random*.[].oo7 files

Oo7 ransomware encryption process

Oo7 ransomware is the newest version of Dharma file-encryption ransomware, the main function of which is to prevent a user from the accessing to the definite file formats. The other representatives of this family are: KRAB, Cash and Money ransomwares. It’s very simple to become infected with this virus, as hackers use a number ways of disseminating it. The one of the most widely used is malicious email attachments. The code of the virus is injected into a common, harmless file and once the recipient opens it, the code begins its work. Moreover, the code may be injected into installators that are distributed free by the means of torrent trackers and file sharing services. If you are already infected with this malware, don’t try to remove Oo7 ransomware encryption manually, as it may damage your files permanently. Here you can find the example of files that are encrypted with Oo7 ransomware:

As soon as Oo7 ransomware injects into the system, it immediately starts the encryption process. This process can be subdivided into scanning and encryption itself. Oo7 scans all hard drives and folders, while you are doing your regular things. When the suitable files are found, Oo7 simply changes their structures with the help of special unique algorithms. This process can hardly be noticed and the result of it is always the same – unreadable files. Moreover, the virus changes the extensions of the files to .id-*random*.[].oo7 ones. The main purpose of this attack is to force you to buy decryption tool, that’s why the virus also creates the ransom note in the form of pop-up window, that provides us with the following information:

All your files have been encrypted!

All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail
Write this ID in the title of your message
In case of no answer in 24 hours write us to these
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files.
Free decryption as guarantee
Before paying you can send us up to 1 file for free decryption. The total size of files must be less than 1Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)
How to obtain Bitcoins
The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click ‘Buy bitcoins’, and select the seller by payment method and price.
Also you can find other places to buy Bitcoins and beginners guide here:

How Can I Buy Bitcoin?

Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.

Their words cannot be trusted, as the only thing, that is important for them is money. There is no any firm guarantee that you will get the decryption tool after the payment, Moreover, instead of it hackers can send you other malicious software, so we strongly advise you to avoid any contact with them. And if you wonder how to remove Oo7 ransomware and decrypt .id-*random*.[].oo7 files, you can use our guide for free!

Article’s Guide

  1. How to remove Oo7 Ransomware from your computer
  2. How to remove Oo7 Ransomware encryption from your files
  3. Data Recovery
  4. Automated decryption tools
  5. Windows Previous Versions

How to remove Oo7 Ransomware from your computer?

We strongly recommend you to use a powerful anti-malware program that has this threat in its database. It will mitigate the risks of the wrong installation, and will remove Oo7 from your computer with all of its leftovers and register files.

Solution for Windows users: our choice is Norton 360 . Norton 360 scans your computer and detects various threats like Oo7, then removes it with all of the related malicious files, folders and registry keys.

Download Norton windows compatible

If you are Mac user, we advise you to use Combo Cleaner.

How to decrypt .id-*random*.[].oo7 files?

Once you’ve removed the virus, you are probably thinking how to decrypt .id-*random*.[].oo7 files. Let’s take a look at possible ways of decrypting your data.

Recover data with Data Recovery

Data Recovery

  1. Download and install Data Recovery
  2. Select drives and folders with your files, then click Scan.
  3. Choose all the files in a folder, then press on Restore button.
  4. Manage export location.

Download Stellar Data Recovery

The download is an evaluation version for recovering files. To unlock all features and tools, purchase is required ($49.99-299). By clicking the button you agree to EULA and Privacy Policy. Downloading will start automatically.

Restore data with automated decryption tools

Unfortunately, due to the novelty of Oo7 ransomware, there are no available automatic decryptors for this encryptor yet. Still, there is no need to invest in the malicious scheme by paying a ransom. You are able to recover files manually.
You can try to use one of these methods in order to restore your encrypted data manually.

Restore data with Windows Previous Versions

This feature is working on Windows Vista (not Home version), Windows 7 and later versions. Windows keeps copies of files and folders which you can use to restore data on your computer. In order to restore data from Windows Backup, take the following steps:

  1. Open My Computer and search for the folders you want to restore;
  2. Right-click on the folder and choose Restore previous versions option;
  3. The option will show you the list of all the previous copies of the folder;
  4. Select restore date and the option you need: Open, Copy and Restore.

Restore the system with System Restore

You can always try to use System Restore in order to roll back your system to its condition before infection infiltration. All the Windows versions include this option.

  1. Type restore in the Search tool;
  2. Click on the result;
  3. Choose restore point before the infection infiltration;
  4. Follow the on-screen instructions.

Was this tutorial helpful?
[Total: 0 Average: 0]

Leave a Comment

Time limit is exhausted. Please reload CAPTCHA.