How to remove AB89 Ransomware (Recovery Process)

Effective guide to delete AB89 Ransomware

AB89 Ransomware is huge risk ransomware virus that main aims to encrypt certain computer files. It belongs to Matrix ransomware family and was discovered by Michael Gillespie. This ransomware uses AES-256 and RSA-2048 cryptography algorithms and replace their filenames with cyber criminals email address, string of random characters and by adding “.AB89” extensions to the end of their infected filenames. Following after that, it creates a text file named “AB89_INFO.RTF” and drops it on victims desktop.

Details about AB89 Ransomware

The created file states that users need to purchase a decryption tool by (paying ransom) that helps in the file decryption. The cyber criminals behind this put pressure on them and provide 24 hours only, if on the given period the payment is not transferred the extortionists threatens to completely deleting the files. The price of decryption tool depends on the file size of the encrypted files. However, it typically in between 3-4 digit sum in USD which is to paid in Bitcoin or other form of cryptocurrency.

Additionally, before paying money cyber criminals offer free test decryption of not more than 3 encrypted files. Even though, submitting the request of ransom fee and even contacting the people behind the threat are highly not recommended. The ransomware is designed for the only motive to extort ransom payment from novice users and by tricking them into installing AB89 Ransomware on their computers. The paying money to them will not provide any positive result. Unfortunately, there is no any decryption tool available for this variant.

Text presented in AB89 Ransomware’s text file:


All yоur filеs wеrе еnсrуptеd with strоng crуptо аlgоrithm АЕS-256 + RSА-2048.
Plеаsе bе surе thаt yоur filеs аrе nоt brоkеn аnd уоu cаn rеstоrе thеm tоdаy.


If yоu rеаllу wаnt tо rеstоrе yоur filеs plеаsе writе us tо thе е-mаils:
[email protected]
[email protected]
[email protected]
In subjеct linе writе уоur ID: –


Impоrtаnt! Plеаsе sеnd yоur mеssаgе tо аll оf оur 3 е-mаil аddrеssеs. This is rеаllу impоrtаnt bеcаusе оf dеlivеrу prоblеms оf sоmе mаil sеrviсеs!
Important! If you haven’t received a response from us within 24 hours, please try to use a different email service (Gmail, Yahoo, AOL, etc).
Important! Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.
Important! We are always in touch and ready to help you as soon as possible!


Аttаch up tо 3 smаll еncrуptеd filеs fоr frее tеst dесryption. Plеаsе nоte thаt thе filеs yоu sеnd us shоuld nоt cоntаin аnу vаluаblе infоrmаtiоn. Wе will sеnd yоu tеst dеcrуptеd files in оur rеspоnsе fоr yоur cоnfidеnсе.
Of course you will receive all the necessary instructions hоw tо dеcrуpt yоur filеs!


Plеаsе nоte that we are professionals and just doing our job!
Please dо nоt wаstе thе timе аnd dо nоt trу to dесеive us – it will rеsult оnly priсе incrеаsе!
Wе аrе alwауs оpеnеd fоr diаlоg аnd rеаdy tо hеlp уоu.

How to recover encrypted files?

In order to restore files, the safest way is to remove AB89 Ransomware completely from the system and then use existing backups, if there has one been created to recover the encrypted files. If you don’t have any backup in that case you can use third party data recovery tool to restore all your encrypted files as well as data as soon as possible. Before going through removal process, you must know that removal of this dubious ransomware infection may not restore already compromised files but prevent it from further encryptions.

How did ransomware infect my system?

Ransomware infection and other dubious viruses mainly spread through fake software updater, cracking tools, Trojans, unreliable software downloading sources and spam campaigns. Among all these infiltration sources spam campaigns are the most popular and effective one. In these techniques, lots of deceptive emails containing malicious attachments are send to the users in order to trick them into believing that the emails received by them are important and official. Opening such files ask users to enable macros commands. One more click leads them into downloading and installing malware. Thus, you can avoid ransomware intrusion if you:

  • Carefully analyze well before opening any attachments on emails you receive
  • Use official software developers provided tools and functions for software updates
  • Download software only from official websites and direct links.

Remove AB89 Ransomware

Both manual and automatic guides are provided for you. Follow the one as your choice and complete all steps so that you will not find any trouble when performing the removal process. Researchers say that automatic guide requires lesser time as well as less effort for the entire process to complete. Install some reputable antivirus tool and remove AB89 Ransomware from the computer easily and effectively.

Quick Glance

Name: AB89 Ransomware

Type: Ransomware, Files-locker

Extension used: .AB89

Ransom demanding message: AB89_INFO.rtf

Symptoms: You will not be able to access any files available on your desktop. You will find ransom note in each and every folder demanding ransom money.

Distribution: Spam email attachments, unsafe hyperlinks and pop-ups, unsafe download and many other deceptive methods.

Damage: All files are encrypted and cannot be accessed without paying ransom. Other additional password-stealing Trojans and malware infections can be get together with a ransomware infection.

Removal: In order to remove AB89 Ransomware, it is advised to scan the system with a powerful anti-malware such as Spyhunter.

Data Recovery: Use the backup files if you have created it prior to the malware attack. Using a data recovery tool is another option.

Do You Suspect Your Computer May Be Infected with ‘AB89 Ransomware’ & Other Threats? Scan Your Computer for Threats with SpyHunter

Spyhunter is a powerful malware remediation and protection tool designed to help provide users with in-depth system security analysis, detection and removal of a wide range of threats like AB89 Ransomware as well as a one-on-one tech support service.

For more information, read SpyHunter’s EULA, Threat Assessment Criteria, and Privacy Policy. The scanner you download here is free version and is able to scan your system for possible threat’s presence. however, it requires a 48 hour period to remove detected threats without any charge. if you want not to wait for that period, you will have to purchase its licensed version.

(Data Recovery Solution)

The first recommendation is to recover your encrypted data with backup files you have created. In case there is no backup available, try to restore your encrypted data with data recovery tool suggested here.

Recommended methods for AB89 Ransomware removal and restore encrypted files

AB89 Ransomware is very harmful crypto-malware designed to encrypt all types of files including photos, audios, videos, documents and other files, and make them inaccessible. After encryption process, it spreads the ransom note in each folder of your computer that claims the decryption is possible only when you use its data recovery service. We recommended you to please avoid paying demanded ransom money to them.

In that case, you need to remove AB89 Ransomware and all the related components from PCs immediately and then perform data recovery process. Here, we are discussing about both malware removal and data recovery method that could help you to solve your problem. Ransomware removal method will help to find the location of this nasty crypto-malware in your computer and remove them completely while data recovery method will help you to get back your damaged or locked files in your machine. Let’s go for the solution.

Remove AB89 Ransomware using “Safe Mode with Networking”

  • Restart your PCs and press “F8” function key multiple times you see the “Advance Boot Options” window
  • Select “Safe Mode with Networking” in the list
  • Now, log in to account with AB89 Ransomware infection
  • Open your internet browser and download the legitimate anti-malware software. You can download “SpyHunter” anti-malware software that has the ability to delete all types of malware or spyware from machine.
  • Update the anti-malware software and starts the “Full Scan” operation to remove all programs related to AB89 Ransomware from machine.

Remove AB89 Ransomware using “Safe Mode with Command Prompt” and “System Restore”

  • Restart your computer and press “F8” function key multiple times until “Windows Advance Options” menu appears

  • Select “Safe Mode with Command Prompt” option in the list

  • Now, type “cd restore” command in command Prompt and hit “Enter” key to execute it

  • After that, type “rstrui.exe” command in command line and hit “Enter” key
  • Once “rstrui.exe” command executed, “System Restore” window will appear
  • Click on “Next” button

  • Choose one of available “Restore Points” and click on “Next”

  • In the confirmation dialog box, click on “Yes” to start “System Restore” process

  • After restoring your computer to previous date, download/install and scan your computer with powerful anti-malware software to eliminate any remaining malicious programs related of AB89 Ransomware. You can download the powerful antivirus software via “download link” below

Download Spyhunter Anti-Malware Tool

Restore files encrypted by AB89 Ransomware using “Windows Previous Versions” feature

To restore individual files encrypted by AB89 Ransomware, follow the steps below:

  • To restore a file, right-click on it and go to “Properties”
  • Select the “Previous Versions” tab
  • If the relevant files has a “Restore Point”, select it and click on “Restore” button

Note: This method is only effective if “System Restore” function was enabled on your Windows operating System. On other hand, some ransomware variants like AB89 Ransomware are known to remove “Shadow Volume Copies” of the files. So, we can say that this method may not work for data recovery.

Restore files locked by AB89 Ransomware using “Shadow Explorer”

To restore files, you can use “Shadow Explorer” application. This application allows you to browse the “Shadow Copies” created by Windows OS Shadow Copy Service. “Shadow Explorer” helps if you are unable of access the “Shadow Copies” by default especially in “Windows Home Editions”. Note that “Shadow Copies” can directly be accessed only in Business Ultimate and Enterprise versions.

“Shadow Explorer” provides Volume Shadow copy service and other features including retrieve all the variants of files and folders available, allow to access through shadow copies and show available current copies.

Important Note: This data recovery application is designed to decrypt or recover your files from Shadow copies which is created by “Windows Volume Shadow Copies Service”. But when we talk about AB89 Ransomware or other harmful ransomware variants, it usually deletes “Shadow volume copies” and any other backup files using malicious tricks. So if System has already been infected with this type of ransomware virus, then you can’t access “Shadow Copies” using this software. Anyway, you can use “Shadow Explorer” if you want and please check if it works.

How to download/install and use “Shadow Explorer” on Windows PCs?

  • Click on “Download” button below to download the “Shadow Explorer” application

Download Shadow Explorer

  • Double-click on “Installer file” or “Downloaded ZIP file” to install this software
  • Once installed, open “Shadow Explorer” as Administrator

  • Now, from the drop down list you can select from one of the available point-in-time Shadow copies

  • You can right-click on any file or folder and export it
  • After that, choose a folder where the files from “Shadow Copies” are saved to

  • In case if a file or folder in the destination folder already exists, “Shadow Explorer” asks for the confirmation before overwriting. Check the box “Do not show this dialog again”, if you don’t want to show this again.
  • There is a button in the settings (File, Settings) to reset this decision

Recovery of files encrypted by AB89 Ransomware or similar ransomware

If you are unable to recover your lost files by using “System Restore”, “Windows Previous versions features” and “Shadow Explorer”, then you can go for another data recovery solution. As said earlier in most of the cases, ransomware variants like AB89 Ransomware are capable of deleting “Shadow volume copies” created by Windows OS by default. In this case, you can use “Stellar Data Recovery Software”. This powerful data recovery software is designed to recover all files encrypted by AB89 Ransomware.

“Stellar Data Recovery Software” is user-friendly software for Windows and Mac OS X based devices that features include RAID and Virtual drive recovery and repairing all types of corrupted files. It works with both non-bootable and encrypted drives. In simple word, we can say that this powerful data recover software does great job.

This powerful recovery software takes less time to recover files locked by AB89 Ransomware and support all known files type and custom types can be added with advanced options menu. “Stellar Data Recovery Software” recovers emails, photos, audios, videos, documents and etc from any storage media devices like hard drives, SSD, DVD, USB drives, and others

On other hand, it recovers crucial data from missing or deleted partitions of hard drive volume in just few steps. It generates a preview of search results during scan so you get to see all the recoverable files before recovery. This preview result appears on screen in “Tree-View” and deleted list formats.

How to download/install and use “Stellar Data Recovery Software” on Windows PCs?

  • Click on “Download” button below to download “Stellar Data Recovery Software” in your computer

Download Stellar Data Recovery Software

  • Double-click on “Installer file” to install the application
  • Once installed, open “Stellar Data Recovery Software”
  • Select type of data you want to recover. Option: All Data, Office Documents, Folders, Emails, Audios and Videos. And then click on “Next”

  • Now, select he folder location, drive or volume you want to scan for data and click on “Scan”

  • Wait for the completion. Once done, select the files and click on “Recover” button to save your recover files

Related posts

Leave a Comment