2122 Ransomware — How to remove 2021@onionmail.org virus?

Written by Brendan Smith
The 2122 virus was originally discovered by virus analyst Jakub Kroustek, and belongs to the DHARMA ransomware family. This ransomware encrypts all user’s data on the PC (photos, documents, excel tables, music, videos, etc), adds its specific extension to every file.
GridinSoft Anti-Malware Review

It is better to prevent, than repair and repent!

When we talk about the intrusion of unfamiliar programs into your computer’s work, the proverb “Forewarned is forearmed” describes the situation as accurately as possible. Gridinsoft Anti-Malware is exactly the tool that is always useful to have in your armory: fast, efficient, up-to-date. It is appropriate to use it as an emergency help at the slightest suspicion of infection.
GridinSoft Anti-Malware 6-day trial available.
EULA | Privacy Policy | GridinSoft

@topcybersecuritySubscribe to our Telegram channel to be the first to know about news and our exclusive materials on information security.

2122 Virus

☝️ 2122 can be correctly identify as a DHARMA ransomware infection.

After the encryption process files will be renamed according to the pattern [2021@onionmail.org].2122, which is laid in ransomware. Your photo, named an example “me.jpg” will be altered to “me.jpg.id-C279F237.[2021@onionmail.org].2122” after the encryption.

Inside of the ransom note, there is usually an instruction saying about purchasing the decryption tool. This decryption tool is created by ransomware developers, and can be obtained through the email, contacting 2021@onionmail.org, 2022@onionmail.org.

2021@onionmail.org

Here is a summary for the 2122:
Name 2122 Virus
Ransomware family1 DHARMA ransomware
Extension .[2021@onionmail.org].2122
Contact 2021@onionmail.org, 2022@onionmail.org
Detection2 NSIS/Injector.OY, Trojan-Ransom.Win32.GandCrypt.cbo, MSIL/Hoax.FakeFilecoder.CJ
Symptoms Your files (photos, videos, documents) have a .[2021@onionmail.org].2122 extension and you can’t open it.
Fix Tool See If Your System Has Been Affected by 2122 virus

The information by the 2122 ransomware states the following frustrating information:

All your files have been encrypted!
All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail 2021@onionmail.org
Write this ID in the title of your message -
In case of no answer in 24 hours write us to these e-mails:2022@onionmail.org
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment, we will send you the decryption tool that will decrypt all your files.
Free decryption as a guarantee
Before paying, you can send us up to 1 file for free decryption. The total size of files must be less than 1Mb (non-archived), and files should not contain valuable information. (databases, backups, large excel sheets, etc.)
How to obtain Bitcoins
The easiest way to buy bitcoins is the LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.
hxxps://localbitcoins.com/buy_bitcoins
Also, you can find other places to buy Bitcoins and beginners guide here:
hxxp://www.coindesk.com/information/how-can-i-buy-bitcoins/
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third-party software. It may cause permanent data loss.
The decryption of your files with the help of third parties may cause increased prices (they add their fee to our), or you can become a victim of a scam.

The image below gives a clear vision of how the files with “.[2021@onionmail.org].2122” extension look like:

2122 Virus - encrypted .[2021@onionmail.org].2122 files

Example of encrypted .[2021@onionmail.org].2122 files

How did I get 2122 ransomware on my computer?

That was a huge number of different ways of ransomware injection.

However, nowadays, there are only two ways of 2122 injection – email spam and trojans. You may see many messages on your email stating that you need to pay different bills or get your parcel from the local FedEx department. But all such messages are sent from unknown email addresses, not from familiar official emails of these companies. All such letters contain the attached file, which is used as a ransomware carrier. If you open this file – your system will get infected by 2122.

In case of trojans presence, you will be offered to download and install ransomware on your PC under the guise of something legit, like a Chrome update or update for the software you are storing on your computer. Sometimes, trojan viruses can be masked as legit programs, and ransomware will be offered for download as an important update or a big pack of extensions essential for proper program functioning.

There is also the third way of ransomware injection. However, it becomes less and less popular day-to-day. I am talking about peering networks, such as torrents or eMule. No one can control which files are packed in the seeding, so you can discover a huge pack of different malware after downloading. If circumstances force you to download something from peering networks – scan every downloaded folder or archive with antivirus software.

How to remove 2122 virus?

In addition to encode a victim’s files, the 2122 infection has also started to install the Azorult Spyware on system to steal account credentials, cryptocurrency wallets, desktop files, and more.

To ensure the user that ransomware distributors really have the decryption tool, they may offer to decrypt several encrypted files. And they are the single owners of this decryption program: 2122 ransomware is a completely new type, so there is no legit program from anti-malware vendors, which can decrypt your files. But such a situation is in momentum: decryption tools are updating every month.

However, paying the ransom is a bad decision, too. There is no guarantee that 2122 ransomware developers will send you the decryption tool and a proper decryption key. There are many cases when ransomware distributors deceived their victims, sending the wrong key or even nothing. In the majority of cases, there is a way to recover your files for free. Search for available backups, and restore your system using it. Of course, there is a chance that the backup you found is too old and does not contain a lot of files you need. But, at least you will be sure that there is no malware in your system. However, to ensure that there are no malicious programs in your system after the backup, you need to scan your PC with anti-malware software.

2122 ransomware is not unique. There are more ransomware of this type: Itlock, Frlock, Czlock. These examples of ransomware act in a similar way: encrypting your files, adding a specific extension, and leaving a great number of ransom money notes in every folder. But two things make a difference between these ransomware – cryptography algorithm, which is used for file encryption, and ransom amount. In some cases, victims can decrypt their files without any payments, just using free solutions produced by several anti-malware vendors, or even with the decryption tool that ransomware creators offer. The last scenario is possible when ransomware distributors have typed your decryption key inside a ransom money note. However, as you can already guess, such luck is a scarce thing. Ransomware is created for money gaining, not for jokes or scaring.

Reasons why I would recommend GridinSoft3

The is an excellent way to deal with recognizing and removing threats – using Gridinsoft Anti-Malware. This program will scan your PC, find and neutralize all suspicious processes4.

Download Removal Tool.

You can download GridinSoft Anti-Malware by clicking the button below:

Run the setup file.

When setup file has finished downloading, double-click on the setup-antimalware-fix.exe file to install GridinSoft Anti-Malware on your computer.

Run Setup.exe

An User Account Control asking you about to allow GridinSoft Anti-Malware to make changes to your device. So, you should click “Yes” to continue with the installation.

GridinSoft Anti-Malware Setup

Press “Install” button.

GridinSoft Anti-Malware Install

Once installed, Anti-Malware will automatically run.

GridinSoft Anti-Malware Splash-Screen

Wait for the Anti-Malware scan to complete.

GridinSoft Anti-Malware will automatically start scanning your computer for 2122 infections and other malicious programs. This process can take a 20-30 minutes, so I suggest you periodically check on the status of the scan process.

GridinSoft Anti-Malware Scanning

Click on “Clean Now”.

When the scan has finished, you will see the list of infections that GridinSoft Anti-Malware has detected. To remove them click on the “Clean Now” button in right corner.

GridinSoft Anti-Malware Scan Result

Frequently Asked Questions

🤔 How can I open “.[2021@onionmail.org].2122” files?


No way. These files are encrypted by 2122 ransomware. The contents of .[2021@onionmail.org].2122 files are not available until they are decrypted.

🤔 2122 files contain important information. How can I decrypt 2122 files urgently?


If your data remained in the .[2021@onionmail.org].2122 files are precious, then most likely you made a backup copy.
If not, then you can try to restore them through the system function – Restore Point. All other methods will require patience.

🤔 You have advised using GridinSoft Anti-Malware to remove 2122. Does this mean that the program will delete my encrypted files?


Of course not. Your encrypted files do not pose a threat to the computer. What happened has already happened.

You need GridinSoft Anti-Malware to remove active system infections. The virus that encrypted your files is most likely still active and periodically runs a test for the ability to encrypt even more files. Also, these viruses install keyloggers and backdoors for further malicious actions (for example, theft of passwords, credit cards) often.

🤔 2122 virus has blocked infected PC: I can’t get the activation code.


In this situation, you need to prepare the memory stick with a pre-installed Trojan Killer.

🤔 What can I do right now?


You can try to find a copy of an original file that was encrypted:

  • Files you downloaded from the Internet that were encrypted, and you can download again to get the original.
  • Pictures that you shared with family and friends that they can send back to you.
  • Photos that you uploaded on social media or cloud services like Carbonite, OneDrive, iDrive, Google Drive, etc.)
  • Attachments in emails you sent or received and saved.
  • Files on an older computer, flash drive, external drive, camera memory card, or iPhone where you transferred data to the infected computer.

Also, you can contact the following government fraud and scam sites to report this attack:

To report the attack, you can contact local executive boards. For instance, if you live in USA, you can have a talk with FBI Local field office, IC3 or Secret Service.

How сan I avoid ransomware attack?

2122 ransomware doesn’t have a superpower.

You can easily protect yourself from its injection in several easy steps :

  • Ignore all emails from unknown mailboxes with a strange unknown address or with content that has likely no connection to something you are waiting for (can you win in a lottery without taking part in it?). If the email subject is likely something you are waiting for, check all elements of the suspicious letter carefully. A fake email will surely contain a mistake.
  • Do not use cracked or untrusted programs. Trojans are often distributed as a part of cracked software, possibly under the guise of “patch,” which prevents the license check. But untrusted programs are very hard to distinguish from trustworthy software because trojans may also have the functionality you need. You can try to find information about this program on the anti-malware forums, but the best solution is not to use such programs.
  • And to be sure about the safety of the files you downloaded, use GridinSoft Anti-Malware. This program will surely be a perfect shield for your personal computer.

I need your help to share this article.

It is your turn to help other people. I have written this guide to help people like you. You can use the buttons below to share this on your favorite social media Facebook, Twitter, or Reddit.
Brendan Smith
How to Remove 2122 Ransomware & Recover PC

Name: 2122 Virus

Description: 2122 Virus is a ransomware-type infections. This virus encrypts important personal files (video, photos, documents). The encrypted files can be tracked by a specific .[2021@onionmail.org].2122 extension. So, you can't use them at all.

Operating System: Windows

Application Category: Virus

Sending
User Review
4.18 (17 votes)
Comments Rating 0 (0 reviews)

References

  1. My files are encrypted by ransomware, what should I do now?
  2. Encyclopedia of threats.
  3. GridinSoft Anti-Malware Review from HowToFix site: https://howtofix.guide/gridinsoft-anti-malware/
  4. More information about GridinSoft products: https://gridinsoft.com/products/

About the author

Brendan Smith

Journalist, researcher, web content developer, grant proposal editor. Efficient and proficient on multiple platforms and in diverse media. Computer technology and security are my specialties.

Leave a Reply

Sending

This site uses Akismet to reduce spam. Learn how your comment data is processed.