Remove Better_call_saul Files Extension

How to Remove Better_call_saul Ransomware?

The Web is infested with ransomware. And, unfortunately, you’re one of the many PC users who fell victim to its trickery. Do you know what ransomware is? It’s safe to say that this is the most harmful, aggressive and problematic viruses you could have possibly caught. Ransomware is also a very efficient way for cyber criminals to gain illegal revenue online. Therefore, it’s no wonder why hackers constantly keep developing more and more ransomware infections. You’re now stuck with a relatively new one. This parasite has been recently harassing people in Australia and Russia but you could get infected with it everywhere on the globe. As we mentioned, ransomware’s main purpose is to blackmail you. That is exactly what you shouldn’t allow it to do. Once the virus successfully gets installed (obviously, behind your back), it performs a thorough scan on your machine. This way it locates all your personal files including pictures, Microsoft Office documents, videos, music, etc. You already know what happens next, don’t you? Your personal information gets encrypted. Using the highly complicated RSA-3072 algorithm, this parasite modifies all your files by adding a better_call_saul extension. Quite an original name for an extension, don’t you think? It originates from the Breaking Bad spin-off prequel but trust us when we say, if you get infected with this pest, its name will be your last concern. After it finds your personal data, the virus locks it. That means you can no longer access/view/use/work with your very own files as your computer cannot recognize this random better_call_saul extension. As you could imagine, there might be some incredibly important information that gets locked as well. Unfortunately, the parasite infects a huge variety of file formats such as .mp3, .mp4, .txt, .docx, .jpg, .jpeg, png, .xls, .wmv, .gif, .xml, .bin, ppt, etc. Practically anything of value you might have stored on your machine is now inaccessible and useless. Once the encryption is complete, you will notice detailed payment instructions in every folder that contains infected files as well as on your PC desktop. Yes, hackers want you to be seeing their instructions all the time. During the encryption process itself, the virus dropped these .txt files because the more often you come across this ransom note, the more likely it would be that you pay the ransom. Did we also mention how large sum of money crooks demand? According to these ransom instructions (accompanied by the cute logo of Los Pollos Hermanos), you have to pay a fee of up to $1000 AUD. Unless you pay the money, you can’t restore your data. You see, ransomware is an extremely effective monetizing mechanism because most people would give into their anxiety and panic seeing their files modified out of the blue. It goes without saying that you should not follow the malicious instructions hackers attempt to force on you. This whole thing is nothing but an aggravating attempt for a cyber scam. Don’t let cyber criminals deceive you; instead, get rid of their parasite as soon as possible.

How did I get infected with?

A rule of thumb for the future – stay away from spam emails. This is probably how the ransomware got to you in the first place and this is how many more infections could invade the PC as well. At some point in the recent past you clicked open a spam email-attachment which contained a malicious executable. Another possibility is that you trusted some email message from an unknown sender. Keep an eye out for potential threats every single time you browse the Web and don’t overlook the numerous viruses out there. Protecting your safety is a much easier thing to do than uninstalling a parasite later on. In addition, stay away from third-party commercials and the questionable websites you might stumble across. Also, never install unverified software from illegitimate pages, especially if it comes bundled. It takes about as much as a single moment of haste online to compromise your machine. Don’t take unwarranted risks and make sure you’re cautious when it comes to your own security. Remember, it’s always a good idea to take your time in advance. It’s your responsibility and yours only to take care of your computer; you won’t regret doing so.

Why is Better_call_saul dangerous?

As mentioned already, ransomware is rightfully considered to be among the most dreaded types of malware out there. This particular pest that you’re now struggling with is no exception. Apart from locking all your personal files, the virus tries to play mind games with you as well. That is why it’s extremely important to ignore hackers’ empty promises about a decryption key. You’re supposed to receive a unique combination of symbols in exchange for your money; however, you’re most likely to receive nothing. In the worst possible scenario your PC remains infected with the ransomware virus, your files keep the better_call_saul extension and your money is gone. Don’t become a sponsor of greedy cyber criminals. There is simply no reason to make a deal with crooks as they were never really famous for playing by the rules. That includes the rules they invented themselves. What you have to do right now is delete the virus and make a backup copy of all your important data in the future. To get rid if the ransomware manually, please follow the comprehensive removal guide that you will find down below.

Better_call_saul Removal Instructions

STEP 1: Kill the Malicious Process

STEP 2: Reveal Hidden Files

STEP 3: Locate Startup Location

STEP 4: Recover better_call_saul Encrypted Files

STEP 1: Stop the malicious process using Windows Task Manager

• Open your task Manager by pressing CTRL+SHIFT+ESC keys simultaneously
• Locate the process of the ransomware. Have in mind that this is usually a random generated file.
• Before you kill the process, type the name on a text document for later reference.

• Locate any suspicious processes associated with better_call_saul encryption Virus.
• Right click on the process
• Open File Location
• End Process
• Delete the directories with the suspicious files.
• Have in mind that the process can be hiding and very difficult to detect

STEP 2: Reveal Hidden Files

• Open any folder
• Click on “Organize” button
  
• Choose “Folder and Search Options”
• Select the “View” tab
• Select “Show hidden files and folders” option
• Uncheck “Hide protected operating system files”
• Click “Apply” and “OK” button

STEP 3: Locate better_call_saul encryption Virus startup location

• Once the operating system loads press simultaneously the Windows Logo Button and the R key.

• A dialog box should open. Type “Regedit”
• WARNING! be very careful when editing the Microsoft Windows Registry as this may render the system broken.

Depending on your OS (x86 or x64) navigate to:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

• and delete the display Name: [RANDOM]

• Then open your explorer and navigate to:

Navigate to your %appdata% folder and delete the executable.

You can alternatively use your msconfig windows program to double check the execution point of the virus. Please, have in mind that the names in your machine might be different as they might be generated randomly, that’s why you should run any professional scanner to identify malicious files.

STEP 4: How to recover encrypted files?

• Method 1: The first and best method is to restore your data from a recent backup, in case that you have one.

• Method 2: File Recovery Software – Usually when the ransomware encrypts a file it first makes a copy of it, encrypts the copy, and then deletes the original. Due to this you may try to use file recovery software to recover some of your original files.
• Method 3: Shadow Volume Copies – As a last resort, you can try to restore your files via Shadow Volume Copies. Open the Shadow Explorer part of the package and choose the Drive you want to recover. Right click on any file you want to restore and click Export on it.