Aawt ransomware is one of the most recent Djvu/STOP ransomware versions. It’s a dangerous piece of malware that encrypts files and later demands money in exchange for their decryption. This ransomware adds .aawt to encrypted files, hence why it’s known as Aawt ransomware. You will not be able to open any files with the .aawt extension unless you first use a decryptor on them. However, getting the decryptor is tricky. The malware operators will try to sell it to you for $980 but engaging with the cybercriminals comes with serious risks. If you have a backup, file recovery should not be an issue as long as you first fully remove Aawt ransomware from your computer.


Aawt ransomware note


Immediately upon malware initiation, files are encrypted and have the extension .aawt added to them. All pictures, videos, images, documents, and other personal files will be encrypted because the ransomware primarily targets files that are most important to users. For example, text.txt would become text.txt.aawt if encrypted. Once the encryption process is complete, a _readme.txt ransom note will be dropped in every folder that contains encrypted files. The note explains the process of acquiring the decryptor. Unfortunately, you are asked to pay a $980 ransom. The note also mentions a 50% discount for victims who make contact within the first 72 hours but we recommend being skeptical. Trusting cybercriminals to send you the Aawt ransomware decryptor even if you pay is not recommended. Cybercriminals can just take your money; there is nothing really stopping them from doing so. This has happened to many victims in the past.

Aawt ransomware files

At the time of writing, there is no free way to retrieve files without a backup. Despite the fact that malware researchers frequently offer free decryptors to help ransomware victims, you won’t find one for Aawt ransomware at this time. Ransomware versions from the Djvu/STOP malware family use online keys to encrypt files, which essentially means the keys are unique to each user. For a decryptor to work for you, you need your specific key. So unless those keys are released by the cybercriminals themselves, it’s unlikely that a free Aawt ransomware decryptor will be made available. Though it’s worth mentioning that it’s not impossible that those keys will eventually be released by the cybercriminals themselves. Additionally, while Emsisoft’s free decryptor for Djvu/STOP is unlikely to work, it’s worth a try.

If you have saved your files in a backup, you can start recovering them as soon as you remove Aawt ransomware from your computer. For that, choose a good anti-virus program because you could additionally damage the device if you try to do it manually.

How does ransomware infect computers?

A computer can become infected with malware in several different ways. Users’ poor online habits frequently result in malware infections. You run a significant risk of encountering a serious infection, for instance, if you open unsolicited email attachments, click on dubious links, use torrents to pirate copyrighted content, etc.

One of the most typical methods for malware to infect computers is through users opening infected email attachments. Malicious emails are usually disguised to look like they’re sent from legitimate companies, though the attempts are often quite sloppy. It’s worth mentioning that as long as the attachments are not opened, the emails are not dangerous. Malicious emails are also usually pretty easy to identify. The most evident sign is when emails supposedly sent by well-known companies contain grammar and spelling mistakes. For instance, if you receive a parcel notification but the email is full of grammar/spelling mistakes, it’s almost certainly a malicious email. Legitimate businesses will avoid grammar/spelling mistakes as best as possible because they look unprofessional. Another sign is generic words like “User”, “Member”, and “Customer” being used instead of your name when addressing you. Because it makes the email feel more personal, companies whose services you use will always address you by name in correspondence.

The email address of the sender might also help identify malicious emails. If you receive an unsolicited email asking you to perform some action (e.g. to open an attachment or to click on a link), you should check the sender’s email address before doing anything. If the address looks to be random, the email is probably malicious. However, even if an email address seems to be legitimate, you should still verify that the sender is who they say they are.

We should stress that malicious spam campaigns can also be really sophisticated. If cybercriminals have access to sensitive personal information, they can make their malicious emails look much more convincing. For example, the email targeting a victim would have no mistakes, address them by name, and contain some details that would make the email look more credible. It’s a very good idea to always scan email attachments with anti-virus software or at least VirusTotal before opening them.

Lastly, malware can be distributed through torrents. It’s not a secret that torrent sites are full of malicious torrents, mainly because they’re very poorly moderated. Torrents for TV series, video games, movies, etc., are frequently found to contain malware.

Aawt ransomware removal

Because ransomware is a sophisticated infection, it is recommended to use a reliable anti-malware program to remove Aawt ransomware. You run the danger of further harming your device if you try to do it manually. You can access your backup and begin restoring your files once the ransomware has been completely eliminated.

Users without backups will find file recovery to be far more difficult, if not impossible. Unfortunately, there isn’t a free Aawt ransomware decryptor available right now. Though it is not available now, it’s possible that it will be released in the future. Thus, you should back up your encrypted files and wait for a free Aawt ransomware decryptor to be released. NoMoreRansom is a good source for decryptors.

Aawt ransomware is detected as:

  • Win32:RansomX-gen [Ransom] by Avast/AVG
  • HEUR:Trojan-Ransom.Win32.Stop.gen by Kaspersky
  • RDN/Ransomware.Stop by McAfee
  • Trojan:Win32/Redline.MKU!MTB by Microsoft
  • Gen:Heur.Mint.Zard.53 vby BitDefender
  • A Variant Of Win32/Kryptik.HQVD by ESET
  • Trojan.MalPack.GS by Malwarebytes
  • Gen:Heur.Mint.Zard.53 (B) by Emsisoft

Aawt ransomware detections


Quick Menu

Step 1. Delete Aawt (.aawt) ransomware using Safe Mode with Networking.

Remove Aawt (.aawt) ransomware from Windows 7/Windows Vista/Windows XP
  1. Click on Start and select Shutdown.
  2. Choose Restart and click OK. Windows 7 - restart
  3. Start tapping F8 when your PC starts loading.
  4. Under Advanced Boot Options, choose Safe Mode with Networking. Remove Aawt (.aawt) ransomware - boot options
  5. Open your browser and download the anti-malware utility.
  6. Use the utility to remove Aawt (.aawt) ransomware
Remove Aawt (.aawt) ransomware from Windows 8/Windows 10
  1. On the Windows login screen, press the Power button.
  2. Tap and hold Shift and select Restart. Windows 10 - restart
  3. Go to Troubleshoot → Advanced options → Start Settings.
  4. Choose Enable Safe Mode or Safe Mode with Networking under Startup Settings. Win 10 Boot Options
  5. Click Restart.
  6. Open your web browser and download the malware remover.
  7. Use the software to delete Aawt (.aawt) ransomware

Step 2. Restore Your Files using System Restore

Delete Aawt (.aawt) ransomware from Windows 7/Windows Vista/Windows XP
  1. Click Start and choose Shutdown.
  2. Select Restart and OK Windows 7 - restart
  3. When your PC starts loading, press F8 repeatedly to open Advanced Boot Options
  4. Choose Command Prompt from the list. Windows boot menu - command prompt
  5. Type in cd restore and tap Enter. Uninstall Aawt (.aawt) ransomware - command prompt restore
  6. Type in rstrui.exe and press Enter. Delete Aawt (.aawt) ransomware - command prompt restore execute
  7. Click Next in the new window and select the restore point prior to the infection. Aawt (.aawt) ransomware - restore point
  8. Click Next again and click Yes to begin the system restore. Aawt (.aawt) ransomware removal - restore message
Delete Aawt (.aawt) ransomware from Windows 8/Windows 10
  1. Click the Power button on the Windows login screen.
  2. Press and hold Shift and click Restart. Windows 10 - restart
  3. Choose Troubleshoot and go to Advanced options.
  4. Select Command Prompt and click Restart. Win 10 command prompt
  5. In Command Prompt, input cd restore and tap Enter. Uninstall Aawt (.aawt) ransomware - command prompt restore
  6. Type in rstrui.exe and tap Enter again. Delete Aawt (.aawt) ransomware - command prompt restore execute
  7. Click Next in the new System Restore window. Get rid of Aawt (.aawt) ransomware - restore init
  8. Choose the restore point prior to the infection. Aawt (.aawt) ransomware - restore point
  9. Click Next and then click Yes to restore your system. Aawt (.aawt) ransomware removal - restore message


More information about WiperSoft and Uninstall Instructions. Please review WiperSoft EULA and Privacy Policy. WiperSoft scanner is free. If it detects a malware, purchase its full version to remove it.

  • wipersoft

    WiperSoft Review Details WiperSoft (www.wipersoft.com) is a security tool that provides real-time security from potential threats. Nowadays, many users tend to download free software from the Intern ...

  • mackeeper

    Is MacKeeper a virus? MacKeeper is not a virus, nor is it a scam. While there are various opinions about the program on the Internet, a lot of the people who so notoriously hate the program have neve ...

  • malwarebytes-logo2

    While the creators of MalwareBytes anti-malware have not been in this business for long time, they make up for it with their enthusiastic approach. Statistic from such websites like CNET shows that th ...


Site Disclaimer

2-remove-virus.com is not sponsored, owned, affiliated, or linked to malware developers or distributors that are referenced in this article. The article does not promote or endorse any type of malware. We aim at providing useful information that will help computer users to detect and eliminate the unwanted malicious programs from their computers. This can be done manually by following the instructions presented in the article or automatically by implementing the suggested anti-malware tools.

The article is only meant to be used for educational purposes. If you follow the instructions given in the article, you agree to be contracted by the disclaimer. We do not guarantee that the artcile will present you with a solution that removes the malign threats completely. Malware changes constantly, which is why, in some cases, it may be difficult to clean the computer fully by using only the manual removal instructions.

Leave a Reply