![Theva ransom note:
All your files have been encrypted due to a security problem with your PC.
If you want to restore them, write us to the e-mail: sql772@aol.com
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us.
After payment we will send you the decryption tool that will decrypt all your files.
FREE DECRYPTION AS GUARANTEE
Before paying you can send to us up to 3 files for free decryption.
Please note that files must NOT contain valuable information
and their total size must be less than 10Mb
How to obtain Bitcoins
The easiest way to buy bitcoin is LocalBitcoins site.
You have to register, click Buy bitcoins and select the seller
by payment method and price
https://localbitcoins.com/buy_bitcoins
Attention!
Do not rename encrypted files
Do not try to decrypt your data using third party software, it may cause permanent data loss
If you not write on e-mail in 3 days - your key has been deleted and you cant decrypt your files
Your ID:
[REDACTED]
This is the end of the note. Below, you will find a guide explaining how to remove Theva ransomware.](https://www.computips.org/wp-content/uploads/2022/12/how-to-remove-theva-ransomware.png)
What is Theva ransomware?
Theva is a malicious program that is categorized as ransomware. It encrypts all files on the victim’s computer and demands money to decrypt them. To ask for ransom, Theva uses a ransom note, called “#_README_#.inf”. You can read the full text of the note on the image above, or the summary below.
The note doesn’t specify any specific amount of money as payment, only saying that “[it] depends on how fast you write to us”. This is obviously a scare tactic to make the victims reply straight away; it is also possible that the hackers don’t want to mention the price in the note because it is very high. The note does, however, mention that the hackers expect to be paid in Bitcoin.
Contacting these criminals involves a certain risk; for example, it might cause more attacks in the future. They’re not trustworthy, either. Although some hackers really do decrypt the files upon payment, many others simply stop replying to the victim or try to get even more money from them.
For this reason, you are advised to educate yourself on alternative ways to remove Theva ransomware and decrypt .theva files. The guide below will teach you a few.