Ransomware

Being part of the Dharma family, Dharma-Harma is a ransomware program based on AES-256 + RSA algorithms that are meant to encrypt user's data. After the virus gets settled on the system, it blocks multiple files by putting unbreakable ciphers. Once encrypted, files undergo a couple of significant changes. Firstly, the affected files are altered according to such pattern: original_filename.{random-8-digit-alphanumerical-sequence}.[e-mail-address].harma. Note that cybercriminal's e-mail may vary from person to person. Once the encryption is finished, Dharma-Harma generates a text file or image that contains ransom information. It says that your computer is unprotected and needs to be fixed. To restore the lost files, you have to contact them through the attached e-mail. After that, they will supposedly give further instructions and demand a payment in BTC. Unfortunately, those victims who decided to pay a ransom, often get fooled and do not get any decryption keys.

Ouroboros Ransomware (a.k.a. Zeropadypt Ransomware) is an extremely dangerous virus, that forcibly encrypts and blocks off the access to personal data. By doing so, Ransomware developers prompt users to pay a ransom (around 1000$) for getting a unique decrypting key. When infiltrating the device, it immediately starts rushing through files like images, videos, music, text documents and other valuable data that can be stored on your computer and encrypts it by using the AES-256 encryption algorithm. After that, ransomware assigns a unique .odveta extension to each file, therefore, making it impossible to open. For example, if sample.mp4 gets encrypted it will change the file name to sample.mp4.odveta. There are many other versions and variation of Ouroboros Ransomware, that change file extensions to .bitdefender, .harma, .rx99, .Lazarus, .Lazarus+, .James, .lol, .hiddenhelp, .angus, .limbo, or .KRONOS. Some of the recent extensions like .bitdefender, were created as mockery, because BitDefender released decryption tool, that, unfortunately, cannot decode latest Ouroboros Ransomware species.

Rezm Ransomware is called so, because of .rezm extensions, added to affected files, modifying original extensions of various types of sensitive data. In fact, technically it is STOP Ransomware, that uses AES encryption algorithms to encrypt user's files. This suffix is one of the hundreds of different extensions used by this malware. Does it mean you lost your valuable data? Not necessarily. There are certain methods, that allow you to recover your files fully or partially. Also, there is free decryption utility called STOP Djvu Decryptor from EmsiSoft, that is constantly updated and is able to decrypt hundreds of types of this virus. The authors of the virus report that the victim’s files are encrypted and the only way to decrypt them is to buy a key and a decryptor, that is, to pay a ransom. Attackers demand $980, if the victim agrees to pay the ransom within 72 hours, then the ransom is reduced to $490. Criminals offer to decrypt one file for free and thus confirm that it is possible that the victim can return all his files. Of course, successful decryption of one file does not guarantee that after the ransom is paid in full, the victim will receive a key and a decryptor. We strongly recommend removing STOP virus, using special anti-malware programs.

Oled-Makop Ransomware is a type of virus that aims at encrypting multiple files and demanding a payment to get decryption software. All of these symptoms are part of ransomware operation. Once installed, it is configured to cipher various kinds of data ranging from videos, images, text files, PDFs to others. Then, the isolated files are suffering a couple of changes: firstly, they change their extensions to .[e-mail@mail.cc].oled or .[e-mail@mail.cc].makop (.[somalie555@tutanota.com].makop)and reset their icons to clean sheets. For example, normal 1.mp4 will be transformed into 1.mp4.[makop@airmail.cc].makop immediately after the penetration. After that, the program creates a ransom note, called readme-warning.txt, where developers explain why your data was locked and how to recover it. To incept their trust, they are offering to decrypt one simple file with .jpg, .xls and .doc extensions (not over 1 MB) by sending it via a given e-mail as well as proceeding a payment to get a "scanner-decoder" program. Very often, decryption with third-parties tools is impossible without the involvement of malware developers. However, it does not mean that you have to gift them money since there is a risk that they will not keep their promises. Instead, you should delete Oled-Makop Ransomware from your computer to ensure further safety and recover the lost data from an external backup if possible.

Ech0raix a.k.a. QNAPCrypt is a type of malware classified as ransomware that uses uncommon methods of penetrating and encrypting user's data. Besides typical system infection, it also spreads across physical network appliances like NAS Synology or QNAP that are meant to ensure high-quality internet connections. After sneaking into the system, intruders get access to your "admin" account by matching the password (if set) and start encrypting vulnerable files as a result. Unlike other ransomware, it infiltrates network devices by violating their settings which therefore leads to its malfunction. Consecutively, users are compelled to update their software or ask for professional help. Of course, likewise Medusalocker or Ouroboros, it involves AES-256 algorithms to lock down the data like images, videos, office documents, and others by assigning .encrypt extension to each file so that it looks like this 1.mp4.encrypt. Once done, users are no longer allowed to access their data and forced to proceed with the ransom note that is created after the encryption.

Zeoticus is file-encrypting ransomware that restricts access to your personal data (images, videos, textfiles, audio files, etc.) by encrypting files with .zeoticus@tutanota.com.zeoticus extension. It covers all versions of Windows involving Windows 7, Windows 8.1 and Windows 10. And once it is initiated on your computer it will rapidly go through your computer folders scanning a certain group of files to encrypt. It primarily focuses on scouting files solely with extensions like .doc, .docx, .pdf, and others. When these files get detected they instantly change their extension name to .zeoticus@tutanota.com.zeoticus concurrently shattering all of the Shadow Volume Copies that were generated on your PC so that you can no longer open them. The only possible way seems to be making a ransom that often varies from 500-1000 dollars and that is just more than a lot. So do not fall into this trap! Even if you pay this amount of money, there is no guarantee that fraud will give you access back. It is just a matter of guessing.