February 11, 2019 James Kramer 0

How to remove Pluto Ransomware and decrypt .pluto files

Standard

Pluto Ransomware is harmful file-encrypting virus, that blocks access to user’s files by encoding them and adding .pluto extension. After encryption malware developers extort ransom to be paid in bitcoins. Pluto Ransomware creates ransom note called !!!READ_IT!!!.txt, where decryption routine and contact information are described. As our experience shows, ransom varies between $500 and $1500. Malefactors send cryptocurrency wallets to receive payment in Bitcoins or Ethereum. There are no way to track the payments, as such wallets are anonymous. Of course, we never advise to pay the ransom, as there are many cases when hackers don’t send master keys or decryptors. There is still a chance decryption tool will be released by antivirus companies or security enthusiasts.

February 7, 2019 James Kramer 0

How to remove Dharma-Frend Ransomware and decrypt .frend files

Standard

Dharma-Frend Ransomware is typical embranchment of Crysis-Dharma-Cezar ransomware virus family. This particular variation appends .frend extension to encrypted files and makes them unusable. Dharma-Frend Ransomware doesn’t have effective decryptor, however, we recommend you to try instructions below to attempt restoring your files. Dharma-Frend Ransomware adds suffix, that consists of multiple parts, such as: unique user’s id, developer’s e-mail address and .frend suffix. The pattern of filename after encryption looks like this: file called 1.doc will be converted to 1.doc.id-{8-digit-id}.[{email-address}].frend. Authors of Dharma-Frend Ransomware extort $10000 ransom from the victims. Using cryptocurrency and TOR-hosted payment websites makes it impossible to track malefactors. Besides, victims of such viruses often get scammed, and malefactors don’t send any keys even after paying the ransom. Unfortunately, manual or automatic decryption is impossible unless ransomware was developed with mistakes or had certain execution errors, flaws or vulnerabilities. We do not recommend to pay any money to malefactors. Often, after some period of time security specialists from antivirus companies or individual researchers decode the algorithms and release decryption keys.

February 7, 2019 James Kramer 0

How to remove Dharma-Amber Ransomware and decrypt .amber files

Standard

Dharma-Amber Ransomware is nearly identical to previous versions of Crysis-Dharma-Cezar ransomware family, except that now it adds .amber extension to encrypted files. Dharma-Amber Ransomware constructs file extension from several parts: e-mail address, unique 8-digit identification number (randomly generated) and .amber extension. ID number is also used for victim identification, when hackers send decryption key (although they do it rarely). Dharma-Amber Ransomware authors demand from $500 to $15000 ransom, that can be paid in Monero, Dash or BTC (BitCoins), and in return they promise to send decryption key. This type of ransomware is coded and distributed as RaaS (Ransomware as service), and people your are trying to contact can be just resellers. That is why, amount of money they want for decryption can be very big. Using cryptocurrency makes it impossible to track the payee. We do not recommend to pay any money to malefactors. Usually, after some period of time security specialists from antivirus companies or individual researchers break the algorithms and release decryption keys.

February 5, 2019 James Kramer 0

How to remove STOP Ransomware and decrypt .djvu, .udjvu or .blower files

Standard

STOP Ransomware is file-encrypting ransomware-type virus, that encrypts user files using AES (режим CFB) encryption algorithm. DJVU Ransomware is identified as variation of STOP Ransomware. Virus appends .djvu, .udjvu or .djvuu extension to encrypted files, what can embarrass some users, as this is popular file format for e-books and storing scanned documents. When encryption is finished DJVU Ransomware places _openme.txt text file with following content in the folders with affected files and on the desktop.

February 5, 2019 James Kramer 0

How to remove Dharma Ransomware and decrypt .adobe, .888, .qwex or .btc files

Standard

Dharma virus, unlike similar types of ransomware, does not change desktop background, but creates README.txt or Document.txt.[amagnus@india.com].zzzzz files and places them in each folder with compromised files. Text files contain message stating that users have to pay the ransom using Bitcoins and amount is approximately $300-$500 depending on ransomware version. The private decryption key is stored on a remote server, and there currently impossible to break the encryption of the latest version.

1 2 3 4 5 16

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close