RELOAD Virus 🔐 (.RELOAD Files) — How to Remove?

by Brendan Smith
March 5, 2024

The Reload virus belongs under the Makop ransomware family. Malware of this type encrypts all the data on your computer (images, text files, excel tables, music, videos, etc) and adds its extra extension to every file, leaving the +README-WARNING+.txt files in every folder which contains the encrypted files.

Reload virus: what is known so far?

☝️ Reload is a Makop family ransomware infection.

The scheme of renaming is the following: [xxxxxx].[contact-email].reload. After the encryption, a file named, for instance, “report.docx” will be changed to “report.docx.[2AF20FA3].[[email protected]].reload”.

In every folder that contains the encrypted files, a +README-WARNING+.txt text file will be created. It is a ransom money note. It contains information on the ways of contacting the racketeers and some other remarks. The ransom note usually contains a description of how to purchase the decryption tool from the Reload developers. You can obtain this decryptor after contacting [email protected] by email. That is pretty much the scheme of the malefaction.

Reload Overview:

Name Reload Virus
Ransomware family1 Makop ransomware
Extension .reload
Ransomware note +README-WARNING+.txt
Contact [email protected]
Detection Backdoor:Win32/Yonsole.B Virus Removal, MSIL/Kryptik.AIYK Virus Removal, Trojan:Win32/Azorult.RFA!MTB Virus Removal
Symptoms Your files (photos, videos, documents) get a .reload extension and you can’t open them.
Fix Tool See If Your System Has Been Affected by Reload virus

The +README-WARNING+.txt document coming in package with the Reload malware states the following:

Your files are encrypted and stolen, all encrypted files have the extension .reload

To restore your files so that they are not published on the Internet, you need to contact us as soon as possible!

Our contact email address:  [email protected]

Your files may be published on the Internet if you ignore this message.

- You will lose your files if you do not write to us to recover your files!

- You will lose your files forever if you use intermediary companies and programs from the Internet to recover your files!

In the picture below, you can see what a directory with files encrypted by the Reload looks like. Each filename has the “.reload” extension added to it.

Reload Virus - encrypted .reload files

An example of encrypted .reload files.

How did Reload ransomware end up on my PC?

There are many possible ways of ransomware infiltration.

Nowadays, there are three most exploited methods for evil-doers to have ransomware settled in your system. These are email spam, Trojan introduction and peer-to-peer file transfer.

  • If you access your inbox and see emails that look just like notifications from utility services providers, postal agencies like FedEx, Internet providers, and whatnot, but whose “from” field is unknown to you, beware of opening those emails. They are most likely to have a malicious item enclosed in them. Thus it is even riskier to open any attachments that come with letters like these.
  • Another option for ransom hunters is a Trojan file model. A Trojan is an object that infiltrates into your PC disguised as something different. For instance, you download an installer of some program you need or an update for some program. But what is unpacked turns out to be a harmful agent that compromises your data. Since the update package can have any name and any icon, you’d better be sure that you can trust the resource of the stuff you’re downloading. The best thing is to trust the software developers’ official websites.
  • As for the peer-to-peer networks like torrents or eMule, the threat is that they are even more trust-based than the rest of the Web. You can never know what you download until you get it. Our suggestion is that you use trustworthy resources. Also, it is a good idea to scan the directory containing the downloaded objects with the anti-malware utility as soon as the downloading is done.

How to remove ransomware?

It is crucial to note that besides encrypting your files, the Reload virus will most likely install Vidar Stealer on your computer to seize your credentials to different accounts (including cryptocurrency wallets). That spyware can extract your logins and passwords from your browser’s auto-filling cardfile.

How сan I avoid ransomware attack?

Reload ransomware has no endless power, neither does any similar malware.

You can protect yourself from its infiltration taking three easy steps:

  • Never open any letters from unknown mailers with strange addresses, or with content that has nothing to do with something you are expecting (can you win in a money prize draw without participating in it?). In case the email subject is likely something you are expecting, check all elements of the suspicious email with caution. A fake letter will always have a mistake.
  • Do not use cracked or untrusted programs. Trojan viruses are often distributed as an element of cracked software, most likely as a “patch” preventing the license check. Understandably, dubious programs are very hard to tell from reliable software, as trojans may also have the functionality you seek. You can try to find information on this software product on the anti-malware message boards, but the best way is not to use such software.

FAQ

🤔 Can I somehow access “.reload” files?

Unfortunately, no. You need to decipher the “.reload” files first. Then you will be able to open them.

🤔 What should I do to make my files accessible as fast as possible?

Hopefully, you have made a copy of those important files. Otherwise, you might try to employ System Restore. The only question is whether you have saved any Restore Points that would be helpful now. There are other ways to beat ransomware, but they take time.

🤔 What to do if the Reload ransomware has blocked my PC and I can’t get the activation key.

🤔 What can I do right now?

Many of the encrypted files might still be within your reach

  • If you sent or received your important files through email, you could still download them from your online mail server.
  • You may have shared images or videos with your friends or relatives. Simply ask them to give those images back to you.
  • If you have initially downloaded any of your files from the Internet, you can try to do it again.
  • Your messengers, social networks pages, and cloud disks might have all those files too.
  • It might be that you still have the needed files on your old PC, a portable device, mobile, flash memory, etc.

HINT: You can employ file recovery programs2 to get your lost data back since ransomware encodes the copies of your files, removing the authentic ones. In the video below, you can see how to use PhotoRec for such a recovery, but be advised: you won’t be able to do it before you eradicate the virus with an anti-malware program.

I need your help to share this article.

It is your turn to help other people. I have written this article to help users like you. You can use the buttons below to share this on your favorite social media Facebook, Twitter, or Reddit.
Brendan Smith

References

  1. My files are encrypted by ransomware, what should I do now?
  2. Here’s the list of Best Data Recovery Software Of 2024.

About the author

Brendan Smith

Cybersecurity analyst covering malware families, suspicious files, and detection alerts. Brendan focuses on clear explanations of what a warning means, when it may be a false positive, and which cleanup steps are appropriate.

View all posts

Leave a Comment