What is ‘.Meds’ Ransomware? Is it Safe?

RECOMMENDED: Click here to fix Windows errors and optimize system performance

Meds is a malicious software that belongs to the Djvu-Ransomware family. Generally, ransom software programs are used to encrypt files and force victims to buy decryption tools and/or keys (actually a ransom). This ransom software adds the extension”.meds” to all encrypted files.

The.meds extension is associated with a ransom software infection called STOP. STOP Meds Virus is a data locker ransom software that infects computer systems in order to encrypt personal files and request a ransom for their recovery. Since it uses a powerful encryption algorithm to damage target files, it leaves all.meds files inaccessible. When the attack ends, the Meds-Ransomware virus drops a ransom message file called _readme.txt and loads it onto the screen to extract a ransom. The file is located both on the desktop and in folders containing encrypted.meds files.

Details of the ‘.Meds’ Ransomware:

Ransomware Family: STOP (DJVU) Ransomware
Extensions: Drugs
Ransomware Note : _readme.txt
A ransom: From $490 to $980 (in Bitcoins)
Contact: [email protected], [email protected], or @datarestore on Telegram

Changes Performed by ‘.Meds’ Ransomware:

  • Encrypts personal files
  • Connects to a remote server
  • Modifies the Windows registry
  • Module for theft of injected data, etc.
  • Deletes shadow volume copies
  • Executes shell commands
  • Starts the VaultSvc service.
  • Modifies the Windows host file.

How to Remove ‘.Meds’ Ransomware

Reboot Windows in Safe Mode With Networking.


  1. Remove all media such as memory cards, CDs, DVDs and USB devices. Then restart your computer.
  2. Start the Windows computer in SafeMode with a network connection.
  3. Before Windows starts loading, press Shift and F8 on your keyboard.
  4. In the restore interface, click Show Advanced Repair Options.
  5. Then click on the Troubleshooting option.
  6. Then select Advanced Options from the list.
  7. Select Windows Startup Settings and click Restart. When Windows restarts, you will be redirected to a familiar screen with advanced boot options.
  8. From the drop-down menu, select Safe Mode with Network.

April 2021 Update:

We now recommend using this tool for your error. Additionally, this tool fixes common computer errors, protects you against file loss, malware, hardware failures and optimizes your PC for maximum performance. You can fix your PC problems quickly and prevent others from happening with this software:

  • Step 1 : Download PC Repair & Optimizer Tool (Windows 10, 8, 7, XP, Vista – Microsoft Gold Certified).
  • Step 2 : Click “Start Scan” to find Windows registry issues that could be causing PC problems.
  • Step 3 : Click “Repair All” to fix all issues.


Stop Malicious Processes in the Windows Task Manager

  • Press the following key combination: CTRL+SHIFT+ESC
  • Go to processes
  • If you find a suspicious process, right-click it and select Open file location.
  • Return to the Task Manager and stop the malicious process. Right-click again and select Finish the process.
  • Then select the folder containing the malicious file and delete it.

Repair Windows Registry

  1. Enter the WIN Key + R key combination at the same time.
  2. Type regedit in the field and press Enter.
  3. Type CTRL+ F, then type the malicious name in the Search Type field to find the malicious executable.
  4. If you have discovered registry keys and name-related values, you should delete them, but be careful not to delete legitimate keys.

How to Protect Against ‘.Meds’ Ransomware

Setup Anti-virus

It is important to have antivirus software installed on your computer that is fully updated and that all current virus definitions are installed. Make sure that all Windows Defender components are installed and that updates are automatic. Because new viruses and malware are released by hackers, they are patched and fixed quickly by Microsoft.

Data Backup

If you have a hard disk or other data storage device nearby, it is recommended to back up all your important files and disconnect them from your computer. Back up your data from time to time because this type of virus attack can happen at any time and you could lose valuable data.


RECOMMENDED: Click here to troubleshoot Windows errors and optimize system performance