Dharma virus, unlike similar types of ransomware, does not change desktop background, but creates README.txt or Document.txt.[firstname.lastname@example.org].zzzzz files and places them in each folder with compromised files. Text files contain message stating that users have to pay the ransom using Bitcoins and amount is approximately $300-$500 depending on ransomware version. The private decryption key is stored on a remote server, and there currently impossible to break the encryption of the latest version.
STOP Ransomware (DJVU Ransomware) is high-risk widespread encryption virus, that first appeared near 1 year ago. It experienced several visual and technical changes throughout the time. In this tutorial we will analyse recent versions of this dangerous malware. In April of 2019, STOP Ransomware started to add following extensions to encrypted files: .browec, .guvara, .etols, .grovat or .grovas. They are sometimes called “Browec Ransomware”, “Guvara Ransomware”, “Etols Ransomware”, “Grovas Ransomware” and “Grovat Ransomware” respectively. Virus also modifies the hosts file to block Windows updates, antivirus programs, and sites related to security news or offering security solutions. The process of infection also looks like installing of Windows updates, malware shows fake window, that imitates update process.
MacAppExtensions (Adware.MAC.Linkury.C) is malware related to Search.tapufind.com hijacker, that we described in some of our earlier articles. It works in MacOS and targets Safari, Google Chrome and Mozilla Firefox browsers. The main symptom is, that your browsers search and homepage settings change to search.tapufind.com, and this setting cannot be modified until MacAppExtensions is removed. However, this virus not only hijacks the browser, but also gathers private information about its user (collects data related to browsing activity: geolocations, entered search queries, URLs of visited websites, IP addresses etc.).
Robotcaptcha.info is adverse domain, that may show unwanted pop-ups and ads in Google Chrome, Mozilla Firefox, Internet Explorer Safari or Edge browsers on Windows, Mac or Android operating systems. Landing pages from Robotcaptcha.info appear from nowhere and offer users to subscribe to notifications. This is feature in modern browsers, that help users get actual news in faster and convenient way. However, on the other side of this, when website is of advertising nature, users start receiving ads, pop-ups, tech support scam messages on their desktops. This is an element of social engineering, and clicking “Allow” button, actually, subscribes users to notifications. At the same time, Robotcaptcha.info initiates standard dialog box window with option to allow or block notifications from site you are visiting. If person clicks on the “Allow” button, users will start receiving unwanted pop-up ads from Robotcaptcha.info directly on the desktop even when browser is closed.
STOP Ransomware is large family of encryption viruses with over than a year history. It has undergone multiple visual and technical modifications during the time. This article will describe peculiar properties of latest versions of this malware. Since the end of March, STOP Ransomware started to add following extensions to encrypted files: .raldug, .refols, .roland, .tronas or .trosak. The cost of decryption of files encrypted by STOP Ransomware is $980 (or for $490, if ransom is paid within 72 hours). Hackers should send special decryption tool, that will decode affected files. However, we must warn the victims, that malefactors often don’t keep promises, and don’t send the decoder. We recommend you to remove active infection of STOP Ransomware and use decryption tools available. STOPDecrypter is capable of decryption of .raldug, .refols, .roland, .tronas or .trosak files. You can also try manual guide in this article to attempt restoring files.