Chily ransomware is a recently-release malicious infection that targets users’ personal files to encrypt them. This ransomware can be recognized by the .[Chily@Dr.Com] extension added to encrypted files. Unfortunately, once files have been encrypted, they will remain unopenable until you decrypt them using a special decryption tool. The issue with acquiring the decryptor is that only the malicious actors operating the ransomware have it, and they will not just give it to you. Instead, they will demand that you pay for it.


Chily ransomware files


Like all infections of this type, Chily ransomware targets personal files because they are the most valuable. To be more specific, the ransomware will encrypt your photos, videos, images, documents, etc. Encrypted files will have an extension added to them, making it easy to identify which files have been affected. A text.txt file would become text.txt.[Chily@Dr.Com] if encrypted.

The ransomware also changes the desktop background to a ransom note image, as well as drops a Read Me.Hta file. Both ransom notes are pretty standard. They explain that files have been encrypted and that to get a decryptor, you’d need to pay a ransom. The notes do not mention how much you’d have to pay, it would likely be revealed if you contacted the cybercriminals using the provided email addresses. The note also mentions that you can decrypt 3 files for free, provided they do not contain any valuable information. This is meant to prove to you that they can indeed decryptor your files.

But even if the malware operators can help you, it does not mean that they will. Keep in mind that you are dealing with cyber criminals, and paying does not guarantee a decryptor. What could happen is they could take your money but not send you the decryptor, making you lose not only your files but also your money. It has, unfortunately, happened in the past to victims dealing with ransomware.

If you have a backup, you can begin recovering your files as soon as you remove Chily ransomware from your computer. We strongly recommend you use anti-virus software to delete Chily ransomware because otherwise, you may end up causing additional damage to your computer.

If you do not have a backup and have no intention of paying the ransom, back up the encrypted files and wait for a free Chily ransomware decryptor to be released. A free decryptor is not guaranteed but it is possible. NoMoreRansom is a good source for decryptors.

How did ransomware enter your computer?

Malware can enter your computer in a variety of ways. It typically happens when users have bad online habits. We strongly recommend taking the time to build better browsing habits because you are much more likely to infect your computer with malware if you open unsolicited email attachments or click on random links.

You have a significantly higher chance of infecting your computer with malware if you use torrents to pirate copyrighted content (or if you pirate in general). Many torrent sites are full of malicious torrents because they are not properly moderated. You will eventually download malware if you do not know how to spot a malicious torrent. Torrents for entertainment content are particularly likely to have malware in them. To be more specific, malware can often be found in torrents for TV series, movies, and video games.

Emails are regularly used to spread malware. When users open malicious attachments, they essentially initiate the infection. You should be able to identify fraudulent emails if you know what to look for because they are typically pretty obvious. The most glaring red flag in emails supposedly sent by legitimate companies is grammar and spelling mistakes. Malicious actors generally do not speak good English, so their emails have plenty of mistakes. Companies will try to avoid such mistakes as much as possible, especially in emails that are generated automatically, as mistakes appear quite unprofessional.

Another thing to watch out for is how an email addresses you. If an email appears to be from a company whose services you use yet refers to you as a “User”, “Customer”, “Member”, etc., it is highly likely a malicious email (or at least spam). Companies will always address their customers by name in official correspondence since it makes an email seem more personal.

You should also verify the email address of the sender before interacting with the email. Because malicious emails are often sent from email addresses that seem random, it is a dead giveaway. Even if an email looks legitimate, you still need to research it to check whether it actually belongs to whomever the sender claims to be.

Finally, it’s important to remember that malicious emails can occasionally be far more sophisticated. When a person is directly targeted and cyber criminals have access to specific personal data, the email can look very convincing. There would be a lot more work put into the malicious emails to make them seem more credible. They would be mistake-free, address the recipient by name, and even include some information that would lend the email greater credibility. It is important to always use VirusTotal or anti-virus software to scan unsolicited email attachments for infection before opening them.

How to remove Chily ransomware

When it comes to ransomware, always use anti-virus software. Do not try to remove Chily ransomware manually because you could end up causing additional damage to your computer. Unless you know exactly what you’re doing, use a good anti-virus program to delete Chily ransomware. As soon as the ransomware is gone, you can begin recovering your files.

If you don’t have a backup and don’t want to pay the ransom, your only option is to wait for a free Chily ransomware decryptor to be released by malware researchers. But as we’ve already noted, it’s unclear whether or when it will be released. Also keep in mind that if you can’t find the decryptor on a legitimate website like NoMoreRansom, you won’t find it on a random forum.

Chily ransomware is detected as:

  • Win64:RansomX-gen [Ransom] by Avast/AVG
  • A Variant Of Win64/Filecoder.GH by ESET
  • HEUR:Trojan-Ransom.Win32.Generic by Kaspersky
  • Ransom.FileCryptor by Malwarebytes
  • Ransom.Win64.PHOBOS.THKOJBB by TrendMicro
  • Ransom:Win32/Paradise.BC!MTB by Microsoft
  • Artemis!7328AF3A365D by McAfee
  • Generic.Ransom.DCRTR.569A0299 by BitDefender

Chily ransomware detections


Quick Menu

Step 1. Delete Chily ransomware using Safe Mode with Networking.

Remove Chily ransomware from Windows 7/Windows Vista/Windows XP
  1. Click on Start and select Shutdown.
  2. Choose Restart and click OK. Windows 7 - restart
  3. Start tapping F8 when your PC starts loading.
  4. Under Advanced Boot Options, choose Safe Mode with Networking. Remove Chily ransomware - boot options
  5. Open your browser and download the anti-malware utility.
  6. Use the utility to remove Chily ransomware
Remove Chily ransomware from Windows 8/Windows 10
  1. On the Windows login screen, press the Power button.
  2. Tap and hold Shift and select Restart. Windows 10 - restart
  3. Go to Troubleshoot → Advanced options → Start Settings.
  4. Choose Enable Safe Mode or Safe Mode with Networking under Startup Settings. Win 10 Boot Options
  5. Click Restart.
  6. Open your web browser and download the malware remover.
  7. Use the software to delete Chily ransomware

Step 2. Restore Your Files using System Restore

Delete Chily ransomware from Windows 7/Windows Vista/Windows XP
  1. Click Start and choose Shutdown.
  2. Select Restart and OK Windows 7 - restart
  3. When your PC starts loading, press F8 repeatedly to open Advanced Boot Options
  4. Choose Command Prompt from the list. Windows boot menu - command prompt
  5. Type in cd restore and tap Enter. Uninstall Chily ransomware - command prompt restore
  6. Type in rstrui.exe and press Enter. Delete Chily ransomware - command prompt restore execute
  7. Click Next in the new window and select the restore point prior to the infection. Chily ransomware - restore point
  8. Click Next again and click Yes to begin the system restore. Chily ransomware removal - restore message
Delete Chily ransomware from Windows 8/Windows 10
  1. Click the Power button on the Windows login screen.
  2. Press and hold Shift and click Restart. Windows 10 - restart
  3. Choose Troubleshoot and go to Advanced options.
  4. Select Command Prompt and click Restart. Win 10 command prompt
  5. In Command Prompt, input cd restore and tap Enter. Uninstall Chily ransomware - command prompt restore
  6. Type in rstrui.exe and tap Enter again. Delete Chily ransomware - command prompt restore execute
  7. Click Next in the new System Restore window. Get rid of Chily ransomware - restore init
  8. Choose the restore point prior to the infection. Chily ransomware - restore point
  9. Click Next and then click Yes to restore your system. Chily ransomware removal - restore message


More information about SpyWarrior and Uninstall Instructions. Please review SpyWarrior EULA and Privacy Policy. SpyWarrior scanner is free. If it detects a malware, purchase its full version to remove it.

  • WiperSoft Review Details WiperSoft ( is a security tool that provides real-time security from potential threats. Nowadays, many users tend to download free software from the Intern ...

  • Is MacKeeper a virus? MacKeeper is not a virus, nor is it a scam. While there are various opinions about the program on the Internet, a lot of the people who so notoriously hate the program have neve ...

  • While the creators of MalwareBytes anti-malware have not been in this business for long time, they make up for it with their enthusiastic approach. Statistic from such websites like CNET shows that th ...


Site Disclaimer is not sponsored, owned, affiliated, or linked to malware developers or distributors that are referenced in this article. The article does not promote or endorse any type of malware. We aim at providing useful information that will help computer users to detect and eliminate the unwanted malicious programs from their computers. This can be done manually by following the instructions presented in the article or automatically by implementing the suggested anti-malware tools.

The article is only meant to be used for educational purposes. If you follow the instructions given in the article, you agree to be contracted by the disclaimer. We do not guarantee that the artcile will present you with a solution that removes the malign threats completely. Malware changes constantly, which is why, in some cases, it may be difficult to clean the computer fully by using only the manual removal instructions.

Leave a Reply