Menu Hide

What Is Meds Ransomware?

It’s a virus, which is a variant of STOP ransomware. It encrypts your files and asks you to pay a ransom in lieu of decrypting those files.

Types of Vulnerabilities

There are various ways by which the meds virus can attack your computer. It lures you to download it and infect your PC.

Email Attachments

The nefarious elements send you spam emails that contain malicious attachment and seem to be legitimate. Once you download this attachment, your machine falls prey to the meds virus infection.

Software Download

The meds virus could be hidden in the form of a free software download. When you click on the link to download the tempting software, the virus gets its way to host on your computer and encrypt the files.

Malicious Websites

Some websites get attacked by malicious codes. When you click on any link on these websites, they redirect your browser to download the meds virus. Once downloaded and executed, the meds virus lock your files.

Meds Ransomware Attack Signs

Meds Ransomware Attack Signs

There are two major symptoms which tell you that you’re attacked by meds ransomware. It adds the extension .meds to all the encrypted files. For instance, if the original file name was file.jpg, the infected file’s name would be file.jpg.meds.It drops a ransom message file named as _readme.txt.

Location of Meds Ransomware

Location of Meds Ransomware

The inadvertently downloaded virus generally resides in any of the following locations on your computer: %Local%, %Roaming%, %Common%, %App Data%, %Startup%

Types of Data Loss

The Meds can encrypt different types of files making them inaccessible.


This virus can encrypt the document files like MS Word, PowerPoint, Excel and so on. With this, you lose access to your important data.

Image/Video/Audio Files

The Meds virus attack renders your Images, Videos, and files inaccessible. The infected multimedia files couldn’t be opened.


This virus is dangerous to businesses as well because it can lock the database files stored on servers, incurring huge financial and reputational losses to them.

Backup files

Since this is a variant of STOP ransomware, it may delete the automatic backup (if configured) of the data stored on the infected computer. It runs a set of commands to do that.

How to Remove Meds Ransomware?

Although there are manual methods, it’s not easy to remove the meds ransomware. It follows a series of steps—boot to safe mode, show hidden files, end malicious task, and delete malicious registry keys at last. The steps, especially end malicious task, and delete malicious registry keys, are not easy to perform as you might not know the name of the task to be ended and registry key that needs to be removed. Doing it wrong might be disastrous and may lead to permanent data loss.

Since the removal of Meds ransomware is risky and difficult, you must consider to contact a Professional Data Recovery Service Provider in the first hand to maximize the rate of encrypted files recovery. The professionals make sure that they recover up to 100% of the data encrypted by Meds virus.


  • Keep your antivirus up to date.
  • Install the OS updates on a regular basis.
  • Follow the best practices while dealing with emails.
  • Be cautious while performing internet activities.
  • If you run a business, educate the employees about email and online threats, and restrict access to unsafe websites.


If you observe the symptoms of Meds ransomware attack, take the following steps immediately:

Turn off devices

1. Switch off your system directly (Do not use the shutdown mode)

Lan Cable

2. Disconnect the LAN cable.


3. Reboot the computer & Install the official patch from Microsoft that closes the vulnerability used in the attack.

Antivirus patch

4. Scan the latest antivirus patch.

Data backup

5. Take a backup of your data.

Next, observe the following Do's and Don'ts :

suspicious links

Do not click any suspicious link or attachment in email messages.

suspicious images

Do not open any suspicious image attached to the e-mail.


Do not respond to spam e-mail messages.

suspicious mails

Notify the System Support Department immediately in case you receive a suspicious email.

Security solution

Do not keep the security solutions turned off on the systems and servers connected to the network.

Update Software

Keep your operating system, antivirus, browsers & other software updated with their latest versions.

Infected by meds virus - Want to Recover Data ?

1800-102-3232 Get FREE Quote