How to remove Your Maps Now (search.yourmapsnow.com)

Standard

Search.yourmapsnow.com or Your Maps Now is misleading browser hijacker, that replaces default search engine and homepage in Safari, Google Chrome or Mozilla Firefox on Windows or Mac. Often, it is accompanied with browser extension or application called “Your Maps Now”. This add-on sneaks in browsers and takes control over main browser settings. Of course, it installs without user permission using the deceptive tactic. After installation, user search queries are redirected to query.yourmapsnow.com and then to search.yahoo.com. This allows the hijacker to collect private browser data and share it with advertising companies. The homepage also changes to Search.yourmapsnow.com and, besides search, provides quick links to main map resources such as Google Maps and Bing Maps. Page looks similar to normal search engine page, and some users don’t even see the difference until they start searching for something.

How to remove Obfuscated (BigBobRoss) Ransomware and decrypt .obfuscated, .cheetah, .encryptedALL or .djvu files

Standard

Obfuscated Ransomware (BigBobRoss Ransomware) is dangerous encryption virus, that uses AES-128 encryption algorithm to cipher user’s files. After successful encryption it appends .obfuscated, .cheetah, .encryptedALL or .djvu extensions (latest versions also add prefix [id={8-digit-code}]). Obfuscated Ransomware creates ransom note called Read me.txt, and puts it on the desktop and in the folders with encoded data. It also modifies desktop wallpaper, placing text on white background. Malefactors allow to decrypt 1 files under 1 Mb of size for free, as a proof of operability. Obfuscated Ransomware attacks sensible files, such as photos, videos, documents, databases, etc. Virus focuses on English-speaking users, which does not prevent spread throughout the world. The first victims are from Moldova. It is currently unknown, how much they want for decryption. Of course, we do not to pay the ransom, as there are many cases when hackers don’t send master keys or decryptors. There is still a chance decryption tool will be released by antivirus companies or security enthusiasts.

How to remove MegaLocker Ransomware and decrypt .crypted or .NamPoHyu files

Standard

MegaLocker Ransomware (NamPoHyu Virus) is new ransomware virus, that encrypts data from sites, servers, using AES-128 (CBC mode), and then requires $250 ransom for individuals ($1000 for companies) in BTC to return files. Any Windows computers, Linux devices and Android devices connected to computers and network devices used to access the Internet are subject to attack. After encryption MegaLocker adds .crypted or .NamPoHyu extensions to affected files. MegaLocker Ransomware was first spotted in March, 2019, when multiple sources stated they were infected with MegaLocker Virus, that encrypted files on NAS devices with .crypted extension. In April, 2019 name was changed to NamPoHyu Virus and now .NamPoHyu extension is appended. Developers are from Russia (or Russian-speaking country). It is not recommended to pay the ransom to malefactors as there is no guarantee, they will send decryptor in return. Paying the ransom also stimulates the hackers to run malvertising campaign and infect new victims.

How to remove GandCrab v5.3 Ransomware and decrypt your files

Standard

GandCrab v5.3 Ransomware is probably imposter of original GandCrab Ransomware family. However, it still encrypts files in similar fashion to GandCrab v5.2 Ransomware. Encrypted files get .[5-6-7-8-random-letters] extension and ransom note file has different name: [5-6-7-8-random-letters]-MANUAL.txt, however, still looks identical to previous generation. After debugging executable files security specialists find ironical comments “Jokeroo, new ransom”, “We rulez!!”. Jokeroo is a new Ransomware-as-a-Service, that is promoted on underground hacking sites and via Twitter that allows affiliates to allegedly gain access to a fully functional ransomware and payment server. GandCrab Ransomware grows into separate industry, where people with bad intentions and basic computer knowledge can earn money with this criminal schemes. Some of the previous versions of GandCrab Ransomware could be decrypted with speciql decryptor from BitDefender, we will provide download link for this tool below.

How to remove Phobos Ransomware and decrypt .phobos, .phoenix or .Frendi files

Standard

Phobos Ransomware is a virus, that encrypts user files using AES encryption algorithm and demands ~$3000 for decryption. Ransomware adds .phobos, .phoenix or .Frendi extensions to encoded files and makes them inaccessible. In order to confuse users and researchers Phobos Ransomware uses file-modification patterns and ransom notes similar to very wide-spread Dharma Ransomware. Especially after design change in January, 2019, when they started to look like identically. However, there are certain differences in file-markers and appearance. After contacting the developers via one of the provided e-mails, they demand $3000 in BitCoins for decryption to be paid in 6 hours. Otherwise the cost of decryption will increase up to $5000. At the moment automated decryptors for Phobos Ransomware do not exist. There is no proof, that malefactors send decryptors to the victims, that is why we do not recommend paying the ransom. Instead, try using instructions on this page to recover encrypted files. File-recovery software can restore some files from your hard-drive.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close