It’s a virus, which is a variant of STOP ransomware. It encrypts your files and asks you to pay a ransom in lieu of decrypting those files.
There are various ways by which the meds virus can attack your computer. It lures you to download it and infect your PC.
The nefarious elements send you spam emails that contain malicious attachment and seem to be legitimate. Once you download this attachment, your machine falls prey to the meds virus infection.
The meds virus could be hidden in the form of a free software download. When you click on the link to download the tempting software, the virus gets its way to host on your computer and encrypt the files.
Some websites get attacked by malicious codes. When you click on any link on these websites, they redirect your browser to download the meds virus. Once downloaded and executed, the meds virus lock your files.
There are two major symptoms which tell you that you’re attacked by meds ransomware. It adds the extension .meds to all the encrypted files. For instance, if the original file name was file.jpg, the infected file’s name would be file.jpg.meds.It drops a ransom message file named as _readme.txt.
The inadvertently downloaded virus generally resides in any of the following locations on your computer: %Local%, %Roaming%, %Common%, %App Data%, %Startup%
The Meds can encrypt different types of files making them inaccessible.
This virus can encrypt the document files like MS Word, PowerPoint, Excel and so on. With this, you lose access to your important data.
The Meds virus attack renders your Images, Videos, and files inaccessible. The infected multimedia files couldn’t be opened.
This virus is dangerous to businesses as well because it can lock the database files stored on servers, incurring huge financial and reputational losses to them.
Since this is a variant of STOP ransomware, it may delete the automatic backup (if configured) of the data stored on the infected computer. It runs a set of commands to do that.
Although there are manual methods, it’s not easy to remove the meds ransomware. It follows a series of steps—boot to safe mode, show hidden files, end malicious task, and delete malicious registry keys at last. The steps, especially end malicious task, and delete malicious registry keys, are not easy to perform as you might not know the name of the task to be ended and registry key that needs to be removed. Doing it wrong might be disastrous and may lead to permanent data loss.
Since the removal of Meds ransomware is risky and difficult, you must consider to contact a Professional Data Recovery Service Provider in the first hand to maximize the rate of encrypted files recovery. The professionals make sure that they recover up to 100% of the data encrypted by Meds virus.
If you observe the symptoms of Meds ransomware attack, take the following steps immediately:
1. Switch off your system directly (Do not use the shutdown mode)
2. Disconnect the LAN cable.
3. Reboot the computer & Install the official patch from Microsoft that closes the vulnerability used in the attack.
4. Scan the latest antivirus patch.
5. Take a backup of your data.
Next, observe the following Do's and Don'ts :
Do not click any suspicious link or attachment in email messages.
Do not open any suspicious image attached to the e-mail.
Do not respond to spam e-mail messages.
Notify the System Support Department immediately in case you receive a suspicious email.
Do not keep the security solutions turned off on the systems and servers connected to the network.
Keep your operating system, antivirus, browsers & other software updated with their latest versions.