What is Theva ransomware?
Theva is a malicious program that is categorized as ransomware. It encrypts all files on the victim’s computer and demands money to decrypt them. To ask for ransom, Theva uses a ransom note, called “#_README_#.inf”. You can read the full text of the note on the image above, or the summary below.
The note doesn’t specify any specific amount of money as payment, only saying that “[it] depends on how fast you write to us”. This is obviously a scare tactic to make the victims reply straight away; it is also possible that the hackers don’t want to mention the price in the note because it is very high. The note does, however, mention that the hackers expect to be paid in Bitcoin.
Contacting these criminals involves a certain risk; for example, it might cause more attacks in the future. They’re not trustworthy, either. Although some hackers really do decrypt the files upon payment, many others simply stop replying to the victim or try to get even more money from them.
For this reason, you are advised to educate yourself on alternative ways to remove Theva ransomware and decrypt .theva files. The guide below will teach you a few.