Eebn ransomware belongs to the Djvu/STOP ransomware family. The malware will encrypt all your personal files, essentially taking them hostage. Encrypted files will have .eebn added to them, and a _readme.txt ransom note will be dropped once file encryption is complete. You will not be able to open encrypted files unless you first use a decryptor on them. However, getting the decryptor is not easy because the only people who have it are the cybercriminals operating this malware. They will try to sell it to you but buying it is not a good idea because there are no guarantees you’d actually get it. Even if you do, the decryptor may not work.


Eebn ransomware note


Files encrypted by the Eebn ransomware will have .eebn added to them, hence why it’s known as Eebn ransomware. You will, unfortunately, find that your photos, videos, images, documents, etc., will be encrypted. As an example, an encrypted text.txt file would become text.txt.eebn. Once files have been fully encrypted, there will be a _readme.txt ransom note in all folders that have encrypted files. The note contains information on how to acquire the Eebn ransomware decryptor. Unfortunately, it involves paying $980 in ransom. There supposedly is a 50% discount for victims who make contact within the first 72 hours but you should be skeptical. In general, trusting cybercriminals to send you the Eebn ransomware decryptor even if you pay is not a good idea. Ransomware does not operate like a regular business that has obligations, so there’s nothing really stopping cybercriminals from simply taking your money.

Eebn ransomware files

At this moment in time, recovering files for free without a backup is not possible. While malware researchers often release free decryptors to help ransomware victims, it’s not always possible to make one. Djvu/STOP ransomware versions use online keys to encrypt files, which means the keys are unique to each user. Your particular key is necessary for a decryptor to work on your files. Unless those keys are released by the cybercriminals themselves, a free Eebn ransomware decryptor is not very likely. There is Emsisoft’s free decryptor for Djvu/STOP but while it’s worth a try, it’s unlikely to work.

If you have saved files in a backup, you can start recovering files as soon as you delete Eebn ransomware from your device. Make sure to use a good anti-virus program because otherwise, you risk causing additional damage to your device.

How did ransomware enter your computer?

There are many ways a piece of malware could infect a computer. It can happen if you open the wrong email attachment, pirate via torrents, do not install security updates, etc. In many cases, developing good online habits can help with avoiding malware.

One of the most common ways users infect their computers with malware is by opening malicious email attachments. Malicious files are attached to emails that are made to seem like they’re sent by legitimate companies. Though in most cases, malicious emails are pretty obvious. The emails are not dangerous as long as the attached file remains unopened. If you know what to look for, you should be able to recognize malicious emails fairly easily. The most obvious sign is grammar/spelling mistakes in emails that are supposed to be sent by known companies. For example, if you get an email from a parcel delivery service but the email is full of grammar mistakes, it’s likely a malicious email. Companies will avoid mistakes in their official emails because they look unprofessional. But for whatever reason, malicious emails are full of mistakes.

Another sign that you could be dealing with a malicious email is generic words like “User”, “Member”, and “Customer” used instead of your name. Emails by companies whose services you use will always address you by name because it gives the email a more personal feel. But since malicious actors do not have access to personal information, they use generic words.

The sender’s email address can also give away a malicious email. Thus, that’s the first thing you should check. If the email address looks random, it’s likely spam. But even if an email address looks legitimate, you should still research it to see whether it actually belongs to whomever the sender claims to be.

It’s worth mentioning that malicious spam emails can also be much more sophisticated. If cybercriminals have access to certain personal information and put more effort into emails, they can look much more convincing. For example, the email would not have any mistakes, address you by name, and contain specific information that would make the email seem more credible.

Another ransomware distribution method we should mention is torrents. It’s no secret that torrent sites are often quite poorly moderated, which allows malicious actors to spread torrents with malware in them. Torrents for movies, TV shows, video games, etc., often have malware in them. So downloading copyrighted content via torrents is not only stealing but also dangerous for the computer.

Eebn ransomware removal

Since ransomware is a fairly complex infection, it should be removed using professional tools. There are plenty of good anti-virus programs that will remove Eebn ransomware from your device without issue, so you have a wide range of options if you don’t already have such a program installed.

It’s important to mention that you should not try to access your backup until you fully delete Eebn ransomware. If it’s still present when you connect to backup, the backed-up files would become encrypted as well. That could mean permanent file loss.

If you do not have a backup, you don’t have many options. Waiting for a free Eebn ransomware decryptor to be released may be your only option. However, as we’ve already said before, it’s not certain when or even if a free Eebn ransomware decryptor will be released. If it does, it would be posted on NoMoreRansom, so that’s the first decryptor site you should check.

Eebn ransomware is detected as:

  • PWSX-gen [Trj] by Avast/AVG
  • A Variant Of Win32/Kryptik.HQUG by ESET
  • UDS:Trojan.Win32.Scarsi.gen by Kaseprsky
  • Trojan.MalPack.GS by Malwarebytes
  • Packed-GEE!3C8E8F261A07 by McAfee
  • Trojan:Win32/Raccoon.RA!MTB by Microsoft
  • Ransom.Win32.STOP.SMYXBFX.hp by TrendMicro



Eebn ransomware detections


Quick Menu

Step 1. Delete Eebn (.eebn) ransomware using Safe Mode with Networking.

Remove Eebn (.eebn) ransomware from Windows 7/Windows Vista/Windows XP
  1. Click on Start and select Shutdown.
  2. Choose Restart and click OK. Windows 7 - restart
  3. Start tapping F8 when your PC starts loading.
  4. Under Advanced Boot Options, choose Safe Mode with Networking. Remove Eebn (.eebn) ransomware - boot options
  5. Open your browser and download the anti-malware utility.
  6. Use the utility to remove Eebn (.eebn) ransomware
Remove Eebn (.eebn) ransomware from Windows 8/Windows 10
  1. On the Windows login screen, press the Power button.
  2. Tap and hold Shift and select Restart. Windows 10 - restart
  3. Go to Troubleshoot → Advanced options → Start Settings.
  4. Choose Enable Safe Mode or Safe Mode with Networking under Startup Settings. Win 10 Boot Options
  5. Click Restart.
  6. Open your web browser and download the malware remover.
  7. Use the software to delete Eebn (.eebn) ransomware

Step 2. Restore Your Files using System Restore

Delete Eebn (.eebn) ransomware from Windows 7/Windows Vista/Windows XP
  1. Click Start and choose Shutdown.
  2. Select Restart and OK Windows 7 - restart
  3. When your PC starts loading, press F8 repeatedly to open Advanced Boot Options
  4. Choose Command Prompt from the list. Windows boot menu - command prompt
  5. Type in cd restore and tap Enter. Uninstall Eebn (.eebn) ransomware - command prompt restore
  6. Type in rstrui.exe and press Enter. Delete Eebn (.eebn) ransomware - command prompt restore execute
  7. Click Next in the new window and select the restore point prior to the infection. Eebn (.eebn) ransomware - restore point
  8. Click Next again and click Yes to begin the system restore. Eebn (.eebn) ransomware removal - restore message
Delete Eebn (.eebn) ransomware from Windows 8/Windows 10
  1. Click the Power button on the Windows login screen.
  2. Press and hold Shift and click Restart. Windows 10 - restart
  3. Choose Troubleshoot and go to Advanced options.
  4. Select Command Prompt and click Restart. Win 10 command prompt
  5. In Command Prompt, input cd restore and tap Enter. Uninstall Eebn (.eebn) ransomware - command prompt restore
  6. Type in rstrui.exe and tap Enter again. Delete Eebn (.eebn) ransomware - command prompt restore execute
  7. Click Next in the new System Restore window. Get rid of Eebn (.eebn) ransomware - restore init
  8. Choose the restore point prior to the infection. Eebn (.eebn) ransomware - restore point
  9. Click Next and then click Yes to restore your system. Eebn (.eebn) ransomware removal - restore message


More information about WiperSoft and Uninstall Instructions. Please review WiperSoft EULA and Privacy Policy. WiperSoft scanner is free. If it detects a malware, purchase its full version to remove it.

  • wipersoft

    WiperSoft Review Details WiperSoft ( is a security tool that provides real-time security from potential threats. Nowadays, many users tend to download free software from the Intern ...

  • mackeeper

    Is MacKeeper a virus? MacKeeper is not a virus, nor is it a scam. While there are various opinions about the program on the Internet, a lot of the people who so notoriously hate the program have neve ...

  • malwarebytes-logo2

    While the creators of MalwareBytes anti-malware have not been in this business for long time, they make up for it with their enthusiastic approach. Statistic from such websites like CNET shows that th ...


Site Disclaimer is not sponsored, owned, affiliated, or linked to malware developers or distributors that are referenced in this article. The article does not promote or endorse any type of malware. We aim at providing useful information that will help computer users to detect and eliminate the unwanted malicious programs from their computers. This can be done manually by following the instructions presented in the article or automatically by implementing the suggested anti-malware tools.

The article is only meant to be used for educational purposes. If you follow the instructions given in the article, you agree to be contracted by the disclaimer. We do not guarantee that the artcile will present you with a solution that removes the malign threats completely. Malware changes constantly, which is why, in some cases, it may be difficult to clean the computer fully by using only the manual removal instructions.

Leave a Reply