Cloudnet (Cloudnet.exe) is malicious application from EpicNet Inc. Security specialist categorize this program as adware or potentially unwanted application (PUA). It implements scripts in browser pages to display pop-ups, banners and other type of advertising in Google Chrome, Mozilla Firefox and Internet Explorer.
Ykcol Ransomware is newest version of previously described Locky ransomware. New variant uses RSA-2048 and AES-128 cryptographic algorithms and appends .ykcol to he end of all encrypted files. Virus also modifies filenames using the following template: [8_random_hexadecimal_characters]-[4_random_hexadecimal_characters]-[4_random_hexadecimal_characters]-[4_hexadecimal_chars]-[12_random_hexadecimal_characters].ykcol. In order to decrypt your files malware demands 0.25 BTC, which is on the date of writing this article is equivalent to $950. Ykcol Ransomware creates two files named ykcol.htm and ykcol.bmp, both contain instructions to pay the ransom and ID.
Matrix Ransomware is ransomware virus that encrypts user files with either symmetric or asymmetric cryptography. It adds .matrix extension to encrypted files. After finishing encryption process, Matrix creates a text file matrix-readme.rtf or Readme-Matrix.rtf. Virus places this files in every folder with affected files. This text file contains instruction to pay the ransom, where malefactors encourage users to contact them via e-mails: email@example.com, firstname.lastname@example.org or email@example.com.
Dharma virus, unlike similar types of ransomware, does not change desktop background, but creates README.txt or Document.txt.[firstname.lastname@example.org].zzzzz files and places them in each folder with compromised files. Text files contain message stating that users have to pay the ransom using Bitcoins and amount is approximately $300-$500 depending on ransomware version. The private decryption key is stored on a remote server, and there currently impossible to break the encryption of the latest version.
Hakunamatata Ransomware is new version of NMoreira Ransomware (NMoreira 2.0). Virus encrypts user files with RSA-2048 and AES-256 encryption algorithms and adds .hakunamatata suffix to affected files. After finishing infection process Hakunamatata creates file “Recovers files yako.html” on the desktop. Hackers offer users to contact them using Bitmessage system and pay the ransom. Amount of ransom is currently unknown, but likely it is somewhere between $300 and $1500. Decryption key is generated during encryption, and currently unknown. Therefore, there is no way to decrypt or restore files unless users has backup.