DJVU Ransomware is file-encrypting ransomware-type virus, that encrypts user files using yet unidentified encryption algorithm. Ransomware has some similarities with STOP Ransomware, but belonging to one or another family cannot yet be determined unambiguously. Virus appends .djvu extension to encrypted files, what can embarrass some users, as this is popular file format for e-books and storing scanned documents. When encryption is finished DJVU Ransomware places _openme.txt text file with following content in the folders with affected files and on the desktop. Hackers offer 2 e-mails for contact: email@example.com and firstname.lastname@example.org. Malefactors demand ransom in exchange for the decoder. To somehow “encourage” users to pay the ransom, they offer decryption of 1 file for free and 50% discount if ransom is paid within 72 hours. We do not recommend you to pay any money to the authors of the ransomware. You can put your credentials at risk, and there are absolutely no guarantee, that you will receive decryption tool. Antivirus company and individual security experts are already working on breaking the encryption of DJVU Ransomware, and there is always a possibility, that free decryptor will be released.
RYUK Ransomware is virulent ransomware threat, based on the code of Hermes 2.1 and BitPaymer viruses. Researchers believe, that famous Lazarus Group is responsible for the development and implementation of the virus. Latest variations of this virus append .RYK or .rcrypted extension to encrypted files. Hackers demand 15-50 BTC for decryption, which is great amount. RYUK Ransomware does not bypass UAC, requires permission to run, which means user granted access to the computer for virus executable file. Ransomware encrypts all files except ones in following folders: “Windows”, “Mozilla”, “Chrome”, “RecycleBin”, “Ahnlab”. Before the onset of destructive activity, malware stops more than 180 services and 40 processes, by using taskkill and net stop commands. Stopped services and processes mainly belong to antivirus software, running databases, software for backup and editing documents that can prevent file encryption.
Santa Ransomware is nearly identical to previous versions of Crysis-Dharma-Cezar ransomware family, except that now it adds .santa extension to encrypted files. Dharma-Santa Ransomware constructs file extension from several parts: e-mail address, unique 8-digit identification number (randomly generated) and .santa extension. ID number is also used for victim identification, when hackers send decryption key (although they do it rarely). Dharma-Santa Ransomware authors demand from $500 to $15000 ransom, that can be paid in Monero, Dash or BTC (BitCoins), and in return they promise to send decryption key. This type of ransomware is coded and distributed as RaaS (Ransomware as service), and people your are trying to contact can be just resellers. That is why, amount of money they want for decryption can be very big. Using cryptocurrency makes it impossible to track the payee. We do not recommend to pay any money to malefactors. Usually, after some period of time security specialists from antivirus companies or individual researchers break the algorithms and release decryption keys.
Bkpx Ransomware is one of the subspecies of Crysis-Dharma-Cezar ransomware family, that appends .bkpx extension to the files it encrypts. Virus utilizes extension, that consists of several parts: e-mail adress, unique 8-digit ID (randomly generated) and .bkpx suffix. As a rule, Dharma-Bkpx Ransomware virus asks for $500 to $1500 ransom, that have to be paid in Monero, Dash or BTC (BitCoins), and in return they promise to send decryption key. However, malefactors often do not hold back promises and do not send any decryption keys, or just ignore e-mails from victims, who paid the ransom. It is not advised to send any funds to the hackers. Usually, after some period of time security specialists from antivirus companies and individual researchers break the algorithms and release decoding key. Its noteworthy, that some files can be restored by using backups, shadow copies, previous versions of files or file-recovery software and instructions given on this page.
This is fourth iteration of notorious STOP Ransomware, that was launched in November, 2018. Now it adds .DATAWAIT, .INFOWAIT or .shadow extensions to encrypted files. Virus uses new name for ransom note: !readme.txt. It pretends to be a Windows update and uses the TeamViewer resource. Ransomware still uses RSA-1024 encryption algorithm. Current version of STOP Ransomware was developed in Visual Studio 2017. This variation of STOP Ransomware demands $290 ransom for decryption. Malefactors offer 50% discount, if users pay in 72 hours. At the moment, there are no decryption tools availabe for STOP Ransomware.