Pack14 (or Avest) is a ransomware infection that locks your files, making them inaccessible. The file sare marked with the Pack14 extension, but even getting rid of that doesn’t work — the files are broken on the inside.
Pack14 Ransomware quicklinks
- What is Pack14
- How to deal with ransomware
- How to decrypt the files and remove the Pack14 virus
- Automatic Malware removal tools
(Win)
Note: Spyhunter trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions,
(Mac)
Note: Combo Cleaner trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions, Refund Policy ,
Ransomware is a very dangerous type of virus — it often causes people to lose many of their valuable files. Security programs can recognize Pack14 as malware but they can’t always stop it from encrypting the files.
Cryptography is used on the files because it can corrupt them, but has a mechanism to reverse this process with the correct decryption key. Usually, it’s a very effective and impenetrable method. Viruses like Pack14 are used to break people’s files and then get money in exchange for the decryption key. It’s only when the ransomware wasn’t programmed well enough that the files can be decrypted without you having to pay any money to the extortionists.
Features and removal of Pack14:
| Symptoms |
|
|---|---|
| Distribution |
|
| Remove the malware |
|
| Restore the files |
|
What is Pack14
Pack14 actually locks the screen during the encryption, only lets it go once the encryption process is over. This is unusual because most modern ransomware works in the background. Screenlockers are actually a different type of ransomware, one that doesn’t corrupt the data like file encryption does — examples include Your Windos Has Been Banned and Your Windows Hasbeen Banned.
Pack14 is different, harder to fix. File-encrypting ransomware has been lucrative enough that many families now exist, extorting people out of their money regularly. The developers of Pack14 leave behind a ransom note called “!!!Readme!!!Help!!!.txt” in which they include the email address that the victims are supposed to contact and get the instructions on where to send the money:
Problems with your data? Contact us: [email protected]
And each file is renamed by adding the long “.ckey([random]).email([email protected]).pack14” string. The ckey part contains your key, the email address is for reaching the extortionists.
Pack14 was discovered by a malware analyst a few weeks ago. But today, a decrypter was announced. It’s not affiliated with the criminals, it’s a free decrypter for all the victims of Pack14. That doesn’t happen often.
You still need to remove the Pack14 ransomware, but after that, you can restore your files even if you didn’t have a backup:
How to deal with ransomware
Ransomware is the one threat that doesn’t seem to be going away. It’s especially painful for businesses that lose not only files, but also time, which costs them a lot of money. Pack14 seems to be targeted at individuals users instead — people who might keep their photos, projects, work files, and other important data on the same computer. A lot of people still don’t have file backups which would be very helpful against any file-locking ransomware.
During the encryption, Pack14 locks your screen. That shouldn’t be a problem — you can reboot your computer into safe mode, or you can try to open Task Manager and end the process that’s keeping you locked out of your computer. Then you could shut down the computer so that Pack14 can’t continue encrypting new files.
Most times, you wouldn’t be able to stop Pack14 before it locks your files. So, always have backups of your data. Once you delete Pack14 from your computer, you can go ahead and restore your files. The important issue is to have backups prepared beforehand.
To avoid infections altogether might be impossible, but knowing how ransomware spreads could be helpful:
- Infected files and links could be sent to thousands of recipients in email.
- Websites could be infected to distribute Pack14.
- Files infected with Pack14 but disguised as some totally unrelated program could be uploaded online and made available for everyone to download.
- Weakly protected remote desktop connection could be exploited to get access to the computer.
It can help you avoid ransomware if you always use strong passwords, do not open new files or links without scanning them first, and have a good-quality anti-malware program on your computer.
How to decrypt the files and remove the Pack14 virus
First, it’s important to remove Pack14, otherwise it’ll continue encrypting any new or decrypted files, which would be very inconvenient. You can use SpyHunter or another trusted anti-malware tool.
{block:automatic_removal_tools}}
Just make sure that your computer is clean of malware, but leave the encrypted files untouched — don’t delete them and don’t rename them because editing them in any way might make decryption impossible.
Like I said earlier, there’s a decrypter available. This company sometimes develops and releases free decrypters for everyone, they’re not affiliated with the extortionists who released Pack14. If you follow the instructions provided in the link, you should be able to decrypt your files.
Automatic Malware removal tools
(Win)
Note: Spyhunter trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions,
(Mac)
Note: Combo Cleaner trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions, Refund Policy ,