How to remove GandCrab v5.3 Ransomware and decrypt your files


GandCrab v5.3 Ransomware is probably imposter of original GandCrab Ransomware family. However, it still encrypts files in similar fashion to GandCrab v5.2 Ransomware. Encrypted files get .[5-6-7-8-random-letters] extension and ransom note file has different name: [5-6-7-8-random-letters]-MANUAL.txt, however, still looks identical to previous generation. After debugging executable files security specialists find ironical comments “Jokeroo, new ransom”, “We rulez!!”. Jokeroo is a new Ransomware-as-a-Service, that is promoted on underground hacking sites and via Twitter that allows affiliates to allegedly gain access to a fully functional ransomware and payment server. GandCrab Ransomware grows into separate industry, where people with bad intentions and basic computer knowledge can earn money with this criminal schemes. Some of the previous versions of GandCrab Ransomware could be decrypted with speciql decryptor from BitDefender, we will provide download link for this tool below.

How to remove STOP (DJVU) Ransomware and decrypt .norvas or .moresa files


New generation of STOP Ransomware (DJVU Ransomware) started to add .norvas and .moresa extensions to encrypted files since April, 17th. We remind you, that STOP Ransomware belongs to family of crypto-viruses, that extort money in exchange for data decryption. Last examples of STOP Ransomware are sometimes categorised as DJVU Ransomware, as they use identical template of ransom notes since the beginning of 2019, when .djvu extensions were appended. Norvas Ransomware uses new email addresses, that were never used before: and In this version, victims can also contact extortionists via Telegram account: @datarestore. The decryption of files encrypted by STOP Ransomware still costs $980 (or $490 if ransom is paid within 72 hours). Our team does not recommend you paying the ransom. There are frequent cases when, hackers don’t reply after receiving the payment. Most of recent versions of STOP (DJVU) Ransomware were successfully decrypted by security specialists and enthusiasts. Below in the article, you can find download button for STOPDecrypter, decryption utility, that is constantly updated by developers. It is able to decrypt .norvas files for free or will be able to recover them in a few days or weeks.

How to remove Obfuscated (BigBobRoss) Ransomware and decrypt .obfuscated, .encryptedALL or .djvu files


Obfuscated Ransomware (BigBobRoss Ransomware) is dangerous encryption virus, that uses AES-128 encryption algorithm to cipher user’s files. After successful encryption it appends .obfuscated, .encryptedALL or .djvu extensions (latest versions also add prefix [id={8-digit-code}]). Obfuscated Ransomware creates ransom note called Read me.txt, and puts it on the desktop and in the folders with encoded data. It also modifies desktop wallpaper, placing text on white background. Malefactors allow to decrypt 1 files under 1 Mb of size for free, as a proof of operability. Obfuscated Ransomware attacks sensible files, such as photos, videos, documents, databases, etc. Virus focuses on English-speaking users, which does not prevent spread throughout the world. The first victims are from Moldova. It is currently unknown, how much they want for decryption. Of course, we do not to pay the ransom, as there are many cases when hackers don’t send master keys or decryptors. There is still a chance decryption tool will be released by antivirus companies or security enthusiasts.

How to remove Planetary Ransomware and decrypt .mira, .yum, .neptune or .pluto files


Planetary Ransomware is harmful file-encrypting virus, that blocks access to user’s files by encoding them and adding .mira, .yum, .neptune or .pluto extensions. After encryption malware developers extort ransom to be paid in bitcoins. Planetary Ransomware creates ransom note called !!!READ_IT!!!.txt, where decryption routine and contact information are described. As our experience shows, ransom varies between $500 and $1500. Malefactors send cryptocurrency wallets to receive payment in Bitcoins or Ethereum. There are no way to track the payments, as such wallets are anonymous. Of course, we never advise to pay the ransom, as there are many cases when hackers don’t send master keys or decryptors. There is still a chance decryption tool will be released by antivirus companies or security enthusiasts.

How to remove Dharma Ransomware and decrypt .adobe, .com, .gate or .btc files


Dharma virus, unlike similar types of ransomware, does not change desktop background, but creates README.txt or Document.txt.[].zzzzz files and places them in each folder with compromised files. Text files contain message stating that users have to pay the ransom using Bitcoins and amount is approximately $300-$500 depending on ransomware version. The private decryption key is stored on a remote server, and there currently impossible to break the encryption of the latest version.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.