Oflg ransomware is a version of the Djvu/STOP ransomware. It’s one of the more recent releases and can be differentiated from the other versions by the .oflg file extension. It’s a very dangerous piece of malware that takes files hostage by encrypting them. This particular ransomware demands $980 for the decryptor, though paying the ransom comes with risks. At the moment, only those who have a backup can recover files for free.


Oflg ransmware note

The ransomware starts encrypting files as soon as it’s initiated. The ransomware targets personal files, including photos, videos, images, and documents. All of these files will have the .oflg extension added to them. For example, an encrypted text.txt file would become text.txt.oflg. A _readme.txt ransom note will also be dropped in every folder that contains encrypted files after the encryption process is finished. The note explains how to acquire the decryptor. Unfortunately, a $980 ransom is demanded from you. The note offers a 50% discount for victims who contact the cybercriminals within the first 72 hours, though you should be skeptical. It’s not a good idea to trust the cybercriminals to send you the Oflg ransomware decryptor even if you pay because there’s nothing stopping them from simply taking the money.

Oflg ransomware files

Without a backup, there is currently no free way to retrieve files. Although malware researchers frequently provide free decryptors to assist ransomware victims, at the moment there isn’t one for the Oflg ransomware. The Djvu/STOP ransomware variants use online keys to encrypt data, which means the keys are unique to each user. For a decryptor to work on your files, the specific key used to encrypt your files would be needed. But the only people who have it are the cybercriminals operating this ransomware. It’s not impossible that the keys will eventually be released, but until that happens, a free Oflg ransomware decryptor is not likely. You can try using Emsisoft’s free Djvu/STOP decryptor, though it’s unlikely to work.

You can start restoring your files as soon as you remove Oflg ransomware from your computer. It’s strongly recommended to use a good anti-virus program to delete Oflg ransomware because manual removal would be very complex. Unless you know exactly what to do, you could end up causing additional damage to your device.

How did Oflg ransomware infect your computer?

Malware can infiltrate a computer in a number of different ways. Users’ bad browsing habits can have a significant impact on whether malware can enter a computer or not. If users open unsolicited email attachments, click on random links they come across, use torrents to pirate copyrighted content, etc., it’s no wonder they end up with malware.

Users opening infected email attachments is one of the most common ways malware infects computers. Even though the attempts are frequently rather poorly done, malicious emails are typically disguised to appear as though they were sent by legitimate companies. Generally, malicious emails are relatively easy to recognize. The most glaring red flag is when emails supposedly sent by reputable companies have spelling and grammar mistakes in them. For instance, if an email claiming to be a parcel notification contains numerous grammar and spelling errors, it’s most definitely malware. Grammar and spelling errors would make an email look highly unprofessional, thus legitimate companies will try their best to avoid them. The use of generic terms like “User”, “Member”, and “Customer” instead of your name when addressing you is another red flag. Companies whose services you use will always address you by name in emails because it makes the email feel more personal.

Checking the sender’s email address can also be helpful in determining whether an email is malicious. If you receive an email asking you to do something (e.g. open an attachment or click on a link), first check the sender’s email address. If the email address appears to be random, it is most likely malicious. Even when an email address appears to be authentic, you should still make sure the sender is who they claim to be.

It’s important to note that malware campaigns are not always obvious and can actually be very sophisticated. However, that usually happens when malicious actors target someone specific. To make a sophisticated malicious email campaign, cybercriminals would need to have the personal information of the victim. A sophisticated email would also not have any grammar/spelling mistakes, use the victim’s name to address them, and contain some specific details that would give the email more credibility. While it’s unlikely that regular users would ever be targeted with such sophisticated attacks, it’s still a good idea to scan all email attachments with anti-virus software or VirusTotal before opening them.

Lastly, you are likely already aware of this but torrents are also often used to spread malware. Torrent sites are notoriously badly regulated, which allows anyone to upload malware with torrents in them. Most often, torrents are found in torrents for entertainment content. For example, torrents for movies, TV series, and video games usually have malware in them. If you torrent on a regular basis, you’re putting your computer and data in jeopardy.

Oflg ransomware removal

Ransomware is a very sophisticated malware infection that requires a lot of steps to fully remove. We don’t recommend you try to remove Oflg ransomware manually because you could end up causing even more damage to your computer. You need to delete Oflg ransomware using a good anti-virus program because otherwise the ransomware may not be fully removed and allowed to recover later on. If it recovered while you were connected to your backup, your backed-up files would become encrypted as well. You should only connect to your backup when you’re sure the ransomware has been fully removed.

If you do not have a backup, file recovery will be more difficult if not currently impossible. There currently is no free Oflg ransomware decryptor available so the only file recovery option is through backup. If you don’t have it, you can wait for a free Oflg ransomware decryptor to be released, though when or even if that will happen is questionable. Nonetheless, we recommend you back up your encrypted files and occasionally check NoMoreRansom for a decryptor.

Oflg ransomware is detected as:

  • Win32:DropperX-gen [Drp] by Avast/AVG
  • Gen:Heur.Mint.Zard.52 by BitDefender
  • A Variant Of Win32/Kryptik.HQXD by ESET
  • HEUR:Trojan.Win32.Scarsi.gen by Kaspersky
  • Trojan.MalPack.GS by Malwarebytes
  • Trojan:Win32/Redline.MKWW!MTB by Microsoft
  • ML.Attribute.HighConfidence by Symantec

Oflg ransmware detections


Quick Menu

Step 1. Delete Oflg (.oflg) ransomware using Safe Mode with Networking.

Remove Oflg (.oflg) ransomware from Windows 7/Windows Vista/Windows XP
  1. Click on Start and select Shutdown.
  2. Choose Restart and click OK. Windows 7 - restart
  3. Start tapping F8 when your PC starts loading.
  4. Under Advanced Boot Options, choose Safe Mode with Networking. Remove Oflg (.oflg) ransomware - boot options
  5. Open your browser and download the anti-malware utility.
  6. Use the utility to remove Oflg (.oflg) ransomware
Remove Oflg (.oflg) ransomware from Windows 8/Windows 10
  1. On the Windows login screen, press the Power button.
  2. Tap and hold Shift and select Restart. Windows 10 - restart
  3. Go to Troubleshoot → Advanced options → Start Settings.
  4. Choose Enable Safe Mode or Safe Mode with Networking under Startup Settings. Win 10 Boot Options
  5. Click Restart.
  6. Open your web browser and download the malware remover.
  7. Use the software to delete Oflg (.oflg) ransomware

Step 2. Restore Your Files using System Restore

Delete Oflg (.oflg) ransomware from Windows 7/Windows Vista/Windows XP
  1. Click Start and choose Shutdown.
  2. Select Restart and OK Windows 7 - restart
  3. When your PC starts loading, press F8 repeatedly to open Advanced Boot Options
  4. Choose Command Prompt from the list. Windows boot menu - command prompt
  5. Type in cd restore and tap Enter. Uninstall Oflg (.oflg) ransomware - command prompt restore
  6. Type in rstrui.exe and press Enter. Delete Oflg (.oflg) ransomware - command prompt restore execute
  7. Click Next in the new window and select the restore point prior to the infection. Oflg (.oflg) ransomware - restore point
  8. Click Next again and click Yes to begin the system restore. Oflg (.oflg) ransomware removal - restore message
Delete Oflg (.oflg) ransomware from Windows 8/Windows 10
  1. Click the Power button on the Windows login screen.
  2. Press and hold Shift and click Restart. Windows 10 - restart
  3. Choose Troubleshoot and go to Advanced options.
  4. Select Command Prompt and click Restart. Win 10 command prompt
  5. In Command Prompt, input cd restore and tap Enter. Uninstall Oflg (.oflg) ransomware - command prompt restore
  6. Type in rstrui.exe and tap Enter again. Delete Oflg (.oflg) ransomware - command prompt restore execute
  7. Click Next in the new System Restore window. Get rid of Oflg (.oflg) ransomware - restore init
  8. Choose the restore point prior to the infection. Oflg (.oflg) ransomware - restore point
  9. Click Next and then click Yes to restore your system. Oflg (.oflg) ransomware removal - restore message


More information about SpyWarrior and Uninstall Instructions. Please review SpyWarrior EULA and Privacy Policy. SpyWarrior scanner is free. If it detects a malware, purchase its full version to remove it.

  • WiperSoft Review Details WiperSoft (www.wipersoft.com) is a security tool that provides real-time security from potential threats. Nowadays, many users tend to download free software from the Intern ...

  • Is MacKeeper a virus? MacKeeper is not a virus, nor is it a scam. While there are various opinions about the program on the Internet, a lot of the people who so notoriously hate the program have neve ...

  • While the creators of MalwareBytes anti-malware have not been in this business for long time, they make up for it with their enthusiastic approach. Statistic from such websites like CNET shows that th ...


Site Disclaimer

2-remove-virus.com is not sponsored, owned, affiliated, or linked to malware developers or distributors that are referenced in this article. The article does not promote or endorse any type of malware. We aim at providing useful information that will help computer users to detect and eliminate the unwanted malicious programs from their computers. This can be done manually by following the instructions presented in the article or automatically by implementing the suggested anti-malware tools.

The article is only meant to be used for educational purposes. If you follow the instructions given in the article, you agree to be contracted by the disclaimer. We do not guarantee that the artcile will present you with a solution that removes the malign threats completely. Malware changes constantly, which is why, in some cases, it may be difficult to clean the computer fully by using only the manual removal instructions.

Leave a Reply