malwarebytes banner

Viruses

How to remove DeepInDeep Ransomware and decrypt .deepindeep files

0
DeepInDeep Ransomware is a malicious program that belongs to the Phobos Ransomware family. It is designed to encrypt files and demand ransoms for their decryption. The ransomware alters the names of the locked files by appending them with a unique ID assigned to the victim, the cybercriminals' email address, and a .deepindeep extension. For example, a file originally named 1.jpg would appear as 1.jpg.id[T5H6N9-7834].[Deep_in_Deep@tutanota.com].deepindeep after encryption. Once the encryption process is complete, DeepInDeep creates two ransom notes: one displayed in a pop-up window (info.hta) and the other dropped as a text file (info.txt). The ransom notes warn victims against actions that may render their data undecryptable, such as manipulating the files, using third-party recovery software, and restarting or shutting down the system.

How to remove GoTiS Ransomware and decrypt .GoTiS files

0
GoTiS Ransomware is a malicious program that is part of the Xorist Ransomware family. It was discovered during a routine investigation of new submissions to the VirusTotal website. This malware encrypts data on the infected system and demands a ransom for its decryption. GoTiS ransomware appends the .GoTiS extension to the filenames of the encrypted files. After the encryption process is completed, GoTiS creates identical ransom notes on the desktop wallpaper, in a pop-up window, and a text file named HOW TO DECRYPT FILES.txt. The ransom note informs the victim that their files have been encrypted and that the decryption key and software will cost 0.04 BTC (Bitcoin cryptocurrency), which is approximately 1400 USD. The specific encryption algorithm used by GoTiS ransomware is not yet known. However, ransomware typically uses either symmetric or asymmetric encryption algorithms.

How to remove Jzeq Ransomware and decrypt .jzeq files

0
Jzeq is a ransomware variant belonging to the Djvu family. It is a type of malicious software that encrypts files on a victim's computer, rendering them inaccessible. The ransomware appends a .jzeq extension to the filenames of the encrypted files, effectively blocking access to them. Once Jzeq ransomware infects a device, it conducts a scan of the files and proceeds to encrypt any documents, photos, archives, databases, PDFs, and other types of files that it finds. This renders the victim's files inaccessible and makes it difficult to recover them without the help of the attackers. The ransomware creates a text file named _readme.txt on the infected device, which contains instructions from the operators of the Jzeq Ransomware. The note emphasizes the urgency of reaching out to them within 72 hours to avoid an increased ransom fee. If the victim refuses to contact the attackers within this timeframe, the ransom amount for the decryption software and key will rise from $490 to $980.

How to remove C3RB3R Ransomware and decrypt .LOCK3D files

0
C3RB3R is a variant of the Cerber Ransomware, a type of malware designed to encrypt data and demand ransoms for its decryption. Ransomware typically renames encrypted files, and C3RB3R is no exception. It adds the .LOCK3D extension (with the capital letter "O") or .L0CK3D (with a zero "0") to filenames. For example, a file initially named 1.jpg would appear as either 1.jpg.LOCK3D or 1.jpg.L0CK3D following encryption. The encryption method used by C3RB3R is not explicitly mentioned in the search results, but it's safe to assume that it uses a strong encryption algorithm, as is common with most ransomware. Once the encryption process is completed, C3RB3R drops a ransom-demanding message titled read-me3.txt; the number in the filename may vary. The ransom note warns the victim against deleting the text file and informs them that the inaccessible files have been encrypted. The only method of recovering the data is by purchasing the decryption software from the attackers. The ransom is 0.085000 BTC (Bitcoin cryptocurrency), but if it is not paid within five days, the sum will increase to 0.170000 BTC.

How to remove Jzie Ransomware and decrypt .jzie files

0
Jzie Ransomware is a variant of the Djvu ransomware family, which encrypts files on the victim's computer and appends the .jzie extension to the filenames. The ransomware generates a ransom note in a file named _readme.txt that demands payment for the decryption of the affected files. Jzie ransomware is typically distributed through malicious email attachments, fake software cracks, or by exploiting vulnerabilities in the operating system and installed programs. Jzie ransomware uses the Salsa20 encryption algorithm to encrypt files. After encrypting the files, it creates a ransom note in every folder containing encrypted files. The ransom note states that the victim can recover all files, including pictures, databases, documents, and other essential data, by paying a ransom amount ranging from $490 to $980.

How to remove Yzqe Ransomware and decrypt .yzqe files

0
Yzqe Ransomware is a file-encrypting virus infection that restricts access to data such as documents, images, and videos by encrypting files with the .yzqe extension. It is a variant of the notorious STOP/DJVU ransomware family. Once the files are encrypted, they are rendered inaccessible, and the ransomware drops a ransom note named _readme.txt on the desktop. The note contains instructions to visit a payment website and submit payment in Bitcoin cryptocurrency in exchange for the decryption key, which can allegedly restore access to encrypted files. The Yzqe Ransomware uses the Salsa20 encryption algorithm, which is almost impossible to "hack" due to the large key length and the vast amount of possible keys. The ransomware makes a copy of your file, removes the original one, encrypts the copy, and leaves it instead of the removed original.

How to remove Yzoo Ransomware and decrypt .yzoo files

0
Yzoo Ransomware is a file-encrypting malware that belongs to the STOP/DJVU ransomware family. It restricts access to data by encrypting files with the .yzoo extension and then demands a ransom in the form of Bitcoin cryptocurrency in exchange for a decryption key to restore access to the encrypted files. Yzoo Ransomware targets various file types, such as documents, images, videos, and more. It encrypts these files using the Salsa20 encryption algorithm, rendering them inaccessible. After encrypting the files, Yzoo ransomware drops a ransom note named _readme.txt on the desktop and in every folder containing encrypted files. The ransom note provides instructions on how to contact the attackers and pay the ransom, which ranges from $490 to $980 in Bitcoin. The attackers use the email addresses support@freshmail.top and datarestorehelp@airmail.cc for communication.

How to remove Yzaq Ransomware and decrypt .yzaq files

0
Yzaq Ransomware is a type of malicious software designed to extort money from users by encrypting files on their computers. It is a member of the STOP/Djvu ransomware family and uses the Salsa20 encryption mechanism. This cipher has an enormous amount of possible decryption keys, making it virtually impossible to brute force them. The ransomware encrypts only the first 150KB of each file, which means that larger files, such as videos or music, may still be partially accessible. This ransomware is known for appending a specific extension, .yzaq, to each encrypted file and creating a ransom note named _readme.txt in various folders on the infected computer. This note typically informs the victim that their files have been encrypted and that they must pay a ransom to recover them. The ransom demanded can range from $490 to $980, usually in Bitcoins.