malwarebytes banner

How to remove Black Basta Ransomware and decrypt .basta files

0
Black Basta is the name of a ransomware infection aimed more at corporate rather than ordinary users (financial firms, private companies, etc.). It, therefore, uses high-tier encryption standards to encipher data stored on a network making it no longer accessible. Victims infected with this virus will see their data change in the following way - 1.pdf to 1.pdf.basta, 1.xlsx to 1.xlsx.basta, and so forth with other encrypted data. After this, Black Basta creates a text note called readme.txt, which provides instructions on how to recover the data. Default desktop wallpapers will be replaced by the virus as well. As said in the note, victims can start the decryption process by visiting the attached Tor link and logging into the chat with their company ID. Going further, cybercriminals will give the necessary information and instructions on how to develop the process. Some victims reporting their case infection with Black Basta Ransomware showed that cybercriminals require 2 million dollars to pay for decryption. Note that this sum is likely to be variable depending on how big the infected company is and how much value the collected information comprises. In addition to everything mentioned, the extortionists threaten that if victims do not negotiate towards a successful deal or decline the offer intentionally, all gathered data will be subject to ending up published online. Sometimes the bigger danger of being infected is not losing data but rather risking to lose your business reputation.

How to remove Selena Ransomware and decrypt .selena files

0
Selena is a disruptive ransomware infection targeting primarily business networks. It encrypts network-stored data and demands victims to pay a monetary ransom for its return. During encryption, Selena alters the way original files appear - no longer accessible files acquire a uniquely generated victim's ID, the e-mail address of cybercriminals, and the .selena extension. To illustrate, a file initially titled as 1.xlsx will change to id[q2TQAj3U].[Selena@onionmail.org].1.xlsx.selena and reset its icon to blank. After this process comes to a close, the ransomware creates a file named selena.txt, which is a text note explaining how to recover the files. It is said there is no way to decrypt the restricted data other than directly negotiating with cybercriminals. To get further information, victims are guided to write to one of the following e-mail addresses (selena@onionmail.org or selena@cyberfear.com) and state their personal ID in the title. In order to get the necessary decoder and private keys, which will unlock access to data, victims are required to pay money (in bitcoins) for it. The price remains unknown and is likely to be calculated individually only after contacting the swindlers. In addition, cybercriminals offer victims to send 2 files containing no valuable information (under 5MB) and get the decrypted for free. This offer works as a guarantee measure proving they are actually able to decrypt your data. Unfortunately, options to decrypt files without the help of cybercriminals are less likely existent.

How to remove Hhjk Ransomware and decrypt .hhjk files

0
Hhjk has been classified as a ransomware-type virus, which encrypts personal data using cryptographic algorithms. Being yet another version of the Djvu/STOP family, Hhjk can target both individuals and organizations to demand high amounts of ransom. Ransom is a so-called payment required by cybercriminals in exchange for the blocked data. Extortionists provide detailed information on that inside of a text note (_readme.txt) which is created after Hhjk ends up file encryption. The encryption process can be easily spotted by new extensions that are assigned to each of the files. This virus appends the .hhjk extension so that an encrypted piece ends up looking like this 1.pdf.hhjk. It is said that users are able to decrypt their files only by opting for the paid decryption tool sold by extortionists. In order to get it, victims have to contact developers via manager@time2mail.ch or supportsys@airmail.cc e-mail addresses. After this, you will be given a payment address to commit the transfer of money. If you manage to contact developers within the first 72 hours, you will receive a 50% discount on the main price (490$ instead of 980$). Before doing so, you are also offered to test free decryption. For this, users are asked to send up to 1 encrypted file that does not contain valuable information. Such an offer helps cybercriminals appear more trusted in the eyes of inexperienced users. In fact, they can still play a trick on you not sending any decryption tools. This happens to a lot of victims that decide to pay the demanded ransom. Unfortunately, although trusting cyber criminals is highly unadvisable, there are only figures being able to provide full decryption of data. There are no free tools at the moment that could crack open the cipher assigned by Hhjk Ransomware.

How to remove Mr Beast Giveaway pop-up scam

0
In this context, Mr Beast Giveaway is a browser-based scam delivered to users via suspicious links and advertised content. Once visited, the dubious page claims every user subscribed to the Mr. Beast channel will get a reward of 1000$. Some users may be easily tricked into believing it is actually true as this Youtuber is particularly known for giving out a lot of money. Despite this, such a page has nothing related to the original 64+M channel held by Jimmy Donaldson a.k.a. Mr. Beast. Regardless, in order to claim your non-existing prize, developers ask you to click on the "CLAIM REWARD" button. This will open the page with sponsored software that has to be downloaded by users. In fact, this is a trick meant to force inexperienced people into downloading unwanted or even malicious software. Then, it is necessary to enter your PayPal e-mail address and wait for the upcoming reward within a couple of minutes. Apparently, there is no prize coming around, instead, the downloaded software is more likely to start tracking computer activity or install other malware like trojans, crypto miners, ransomware, and so forth. Meeting requests of scam pages is likely to end up dramatic for the health of your PC. Thus, in case you appear the victim or post-scam ramifications, we have a guide dedicated to removing any unwanted or malicious presence that could get on your PC right below.

How to remove Custom Search extension

0
Custom Search (customsearch.info) is an unwanted browser extension combining the traits of adware and browser hijackers. The reason for that lies in its post-installation behavior - it changes the default search engine and homepage address to find.customsearch.info and also starts generating additional ads using virtual layers. Many search engines promoted by browser hijackers are fake - they are unable to provide unique and authentic search results. This is why they use legitimate engines like Google, Yahoo, or Bing to display results and earn money on illegal traffic. Adware is a type of software designed to promote various pop-ups, ads, buttons, and coupons which redirect to suspicious or even dangerous websites. Custom Search may use such capabilities to earn extra commissions on visits from affiliated websites. Although the removal of such extensions should be quite primitive, it is not always like this. Developers behind unwanted software may install additional settings preventing users from easy removal. As evidence of this, you can see a message like "Managed by your organization" or "Custom Search is controlling this setting" in the browser menu. Thus, if you are struggling to get rid of this adware-hijacker, follow our tutorial below.

How to remove Ttii Ransomware and decrypt .ttii files

0
Ttii runs encryption of data (with RSA 2048 + Salsa20 algorithms), renames filenames with the .ttii extension, and demands money for its return. These traits make it categorized as a ransomware infection. It is also part of a very popular and dangerous ransomware family called STOP/Djvu which is responsible for hundreds of devastating infections. Once Ttii installs onto a system, users will lose access to files they used to open prior to the infection. This is how an infected file will look after successful encryption - from healthy 1.pdf to encrypted 1.pdf.ttii. As soon as the process is done, Ttii unveils ransom instructions inside of text note (_readme.txt). Developers use the same template they did with other ransomware variants originating from the STOP/Djvu family. It is stated that victims should spend their money on special decryption software held by cybercriminals. The price to be paid is 980$, though, it can be cut down to 490$ if victims decide to pay within the first 72 hours upon getting infected. To prove malware developers can be trusted, they offer the so-called guarantee which implies users are allowed to send 1 file (not important) and get it decrypted for free. All the communication related to paying and other details should be established by writing a message to one of the attached e-mail addresses (manager@time2mail.ch or supportsys@airmail.cc).