GandCrab2 Ransomware is a virus, that uses AES (CBC-mode) algorithm to encrypt user files. During the process ransomware adds .CRAB extension to encrypted files. Following successful encryption, GandCrab2 creates CRAB-DECRYPT.txt file. Unfortunately, due to using TOR payment pages, NameCoin servers and cryptocurrency, there is no way to track the hackers, unless they make a mistake. Decryption key of previous version of GandCrab became public due to data leakage from their servers. GandCrab2 Ransomware asks 0.5 – 0.8 Dash (cryptocurrency) , which is less then before, however it still can estimate from several hundreds to more than thousand dollars.
Arrow Ransomware is new file encryption virus from Dharma/Crysis Ransomware family. Malware uses AES encryption. Unlike previous versions, it appends .arrow extension to all encrypted files. Arrow Ransomware encodes almost all types of files that can be important to users, including documents, images, videos, databases, archives. Arrow Ransomware demands from $1000 to $2000 in BitCoins for the decryption key, that they actually rarely send out. Currently, decryption is not possible, however, you can decrypt your files from backups or trying file recovery software. There is also a slight possibility, that you will decrypt your files using tips and tricks described in this article.
Java Ransomware is extremely harmful file-encrypting virus, that belongs to the family of Dharma/Crysis ransomware. It adds .java extension to all encrypted files. Usually, this is complex suffix that contains unique id and e-mail. Java Ransomware uses spam mailing with malicious .docx attachments. Such attachments have malicios macros, that runs when user opens the file. This macros downloads executable from the remote server, that, in its turn, starts encryption process.
GandCrab Ransomware is file encrypting virus, that uses AES-256 (CBC-mode) encryption algorithm to encode user files. It affects documents, media files, databases – the most important data for users. During encryption process ransomware appends .GDCB extension to encrypted files. After it finishes GDCB-DECRYPT.txt is created. GandCrab Ransomware targets 64-bit systems in Western Europe and South Korea. Its developers demand 1.5 – 2 Dash (cryptocurrency) which estimates in more than $1100. GandCrab checks the system for the presence of .exe files of antiviruses from the popular vendors, and won’t run on the computers with such security software or will attempt to disable it.
Arena Ransomware belongs to CrySis family, previous wide-spread ransomware of this type was Dharma Ransomware, that we described on this blog. Arena Ransomware was detected by security researches first time in August 2017. Since then, it had numerous updates. Different versions of Arena Ransomware demand different ransom amounts. It varies from 0,20 to 0,73 BitCoins, which is near $5000. Security experts do not recommend to pay developers of ransomware, as this encourages them to create new variations and does not guarantee decryption of your files. Actually, most times malefactors don’t send decryption keys. Latest versions of Arena Ransomware are not decryptable, however there is a chance to restore files affected by older versions.