Santa Ransomware is nearly identical to previous versions of Crysis-Dharma-Cezar ransomware family, except that now it adds .santa extension to encrypted files. Dharma-Santa Ransomware constructs file extension from several parts: e-mail address, unique 8-digit identification number (randomly generated) and .santa extension. ID number is also used for victim identification, when hackers send decryption key (although they do it rarely). Dharma-Santa Ransomware authors demand from $500 to $15000 ransom, that can be paid in Monero, Dash or BTC (BitCoins), and in return they promise to send decryption key. This type of ransomware is coded and distributed as RaaS (Ransomware as service), and people your are trying to contact can be just resellers. That is why, amount of money they want for decryption can be very big. Using cryptocurrency makes it impossible to track the payee. We do not recommend to pay any money to malefactors. Usually, after some period of time security specialists from antivirus companies or individual researchers break the algorithms and release decryption keys.
Bkpx Ransomware is one of the subspecies of Crysis-Dharma-Cezar ransomware family, that appends .bkpx extension to the files it encrypts. Virus utilizes extension, that consists of several parts: e-mail adress, unique 8-digit ID (randomly generated) and .bkpx suffix. As a rule, Dharma-Bkpx Ransomware virus asks for $500 to $1500 ransom, that have to be paid in Monero, Dash or BTC (BitCoins), and in return they promise to send decryption key. However, malefactors often do not hold back promises and do not send any decryption keys, or just ignore e-mails from victims, who paid the ransom. It is not advised to send any funds to the hackers. Usually, after some period of time security specialists from antivirus companies and individual researchers break the algorithms and release decoding key. Its noteworthy, that some files can be restored by using backups, shadow copies, previous versions of files or file-recovery software and instructions given on this page.
This is fourth iteration of notorious STOP Ransomware, that was launched in November, 2018. Now it adds .DATAWAIT, .INFOWAIT or .shadow extensions to encrypted files. Virus uses new name for ransom note: !readme.txt. It pretends to be a Windows update and uses the TeamViewer resource. Ransomware still uses RSA-1024 encryption algorithm. Current version of STOP Ransomware was developed in Visual Studio 2017. This variation of STOP Ransomware demands $290 ransom for decryption. Malefactors offer 50% discount, if users pay in 72 hours. At the moment, there are no decryption tools availabe for STOP Ransomware.
QIP.ru is potentially unwanted third-party russian search engine and news website, powered by Yandex.ru. It infects user’s computers along with QIP Surf browser, built on Chromium platform. It installs without user’s permission and replaces default browser. QIP.ru is also spread separately in Google Chrome, Mozilla Firefox or Internet Explorer and replaces default search and homepage in this browsers.
Puma Ransomware, that started to hit thousands of computers in November, 2018, is, actually, nothing but another variation of STOP Ransomware. Current version appends .puma, .pumax or .pumas extensions to encrypted files, and that is why it has such nickname. Virus uses the same name for ransom note file: !readme.txt. Developers tried to confuse ransomware identification services and users by adding new extensions, but using the same templates, code and other signs unequivocally indicate belonging to a certain family. As we see from the name of the executable: updatewin.exe, it pretends to be a Windows update. Puma (STOP) Ransomware still uses RSA-1024 encryption algorithm. Current version of Puma Ransomware was developed in Visual Studio 2017.