Aurora Ransomware (sometimes called OneKeyLocker Ransomware) is new crypto-virus, that started circulating the web since the end of May, 2018. It uses DES algorithm to encode files and adds .Aurora extension, after which it got its name. After encryption ransomware creates several text files HOW_TO_DECRYPT_YOUR_FILES.txt, newest version creates single #RECOVERY-PC#.txt file, containing ransom note with contact information and instructions. Usually, viruses of this type ask for $100 – $500 in BitCoins. At the moment, there are no public decryption tool available. Full recovery is only possible with help of backups. You can preserve your files till actual decryptor will be created. Some data can possibly be restored using instructions on this page.
CryptON Ransomware or Nemesis Ransomware or X3M Ransomware is one of the most dangerous and wide-spread ransomware families. Currently, there are multiple successors of initial virus and several deviations built on another platforms. Cry9, Cry36 and Cry128 Ransomware came from this series. Virus uses mix of AES-256, RSA-2048 and SHA-256 encryption algorithms Latest discovered version is actually called CryptON Ransomware and uses .firstname.lastname@example.org extension for affected files. Ransom demand from 0.2 to 1 BitCoin for decryption. It is not recommended to pay the ransom as there are no guarantee malefactors will send decryption key. Use instructions on this page to remove CryptON Ransomware and decrypt .email@example.com, _x3m or _locked files from Windows 10, Windows 8 or Windows 7.
Bip Ransomware is another successor of Dharma/Crysis Ransomware family. New variation adds complex suffix, that ends with .bip extension, to all affected files. Bip Ransomware encrypts almost all types of files, that can be valuable to users, such as documents, images, videos, databases, archives, project files, etc. It is currently unknown, what type of encryption algorithm Bip Ransomware uses, but probably it is AES. Bip Ransomware usually demands from $1000 to $2000 in BitCoins for the decryption key. However, often hackers don’t send any keys and it is not recommended to pay the ransom. As for today, the 5-th of May 2018, decryption is not possible, however, you can attempt to decrypt your files from backups or trying file recovery software.
GandCrab V3 Ransomware is another generation of high-risk GandCrab virus, that uses AES-256 (CBC-mode) + RSA-2048 encryption algorithms. This version also appends .CRAB extensions to all encrypted files. GandCrab V3 creates similar CRAB-DECRYPT.txt file with changed ransom note. Unlike previous versions GandCrab V3 Ransomware uses carder.bit as a server and Psi-Plus Jabber for communication. It also modifies desktop background with unpleasant inscription. Ransomware restarts the computer after encryption is finished, and creates autorun key in the registry to run on Windows startup and attack newly created files. Ransom amount is ~$1000 and can be paid in Dash or BitCoin. Virus creates counter and deadline after which ransom amount can double.
Velso Ransomware is maleficent crypto-virus, that uses AES encryption algorithm to encode user files. Ransomware mostly targets English-speaking countries, but may infect computers in any country. Affected files get .velso or .david extension and become inaccessible. After encryption Velso Ransomware creates text file get_my_files.txt with instructions to pay the ransom. The ID of the key and victim is generated by CryptGenRandom (), using AES-256 OpenSSL in ECB mode. Currently, there is almost impossible to decrypt files encrypted by Velso without master key.