malwarebytes banner

Ransomware

Articles about removing Windows lockers, Browser lockers, Crypto-viruses and other types of blackmailing threats.

How to remove Ziggy Ransomware and decrypt .ziggy or .optimus files

0
Ziggy is a new ransomware-infection recorded in December 2020. The virus sneaks into your system disabling all protectionary layers on your PC. Then, it gets the job done by running data encryption with AES256-GCM and RSA-4096 algorithms. These ensure strong encryption, which is hard to decipher. Before going deeper into details, it is important to say that there are two versions of Ziggy Ransomware. The first uses the .ziggy extension along with victims' ID and cybercriminals' e-mail to configure the data. The later version of Ziggy Ransomware detected recently started involving the same string of information but changed the extension at the end to .optimus. For example, a file like 1.docx would change to 1.docx.id=[88F54427].email=[khomeyni@yahooweb.co].ziggy or 1.docx.id[B68A285D].[sikbeker@tuta.io].optimus depending on which version affected your PC. Following successful encryption, the malicious program creates a text file containing decryption instructions. The name of the files can vary from version to version, so there is no commonly-used, but initially, it was called ## HOW TO DECRYPT ##.exe.

How to remove Enfp Ransomware and decrypt .enfp files

0
Being part of the DJVU/STOP family, Enfp is a new ransomware infection targeting data encryption. Just like other malware of this type, Enfp appends its own .enfp extension to encrypted files. To illustrate, an innocent file like 1.mp4 will change to 1.mp4.enfp, and similarly with other files. Developers of ransomware infections pursue monetary benefit - this is why there are providing paid instructions to decrypt your data. This information can be found in a text note (_readme.txt) created in each folder with the encrypted files. Inside of it, developers give a condensed summary of what happened to your PC. It is said that all of your pictures, databases, documents, and other valuable data were encrypted with strong algorithms, but can be returned. To do this, victims should purchase the decryption tool along with a unique key held by cybercriminals. The original price equals 980$, however, it can be decreased by 50% if you contact swindlers during the first 72 hours. Before doing so, you can also get a video overview of the decryption tool and send 1 random file (that does not contain valuable intel) to test whether developers can decrypt your files for free. Unfortunately, there is no guaranteed way to decrypt files without the involvement of cybercriminals themselves.

How to remove Ekvf Ransomware and decrypt .ekvf files

0
One of the main computer threats today is ransomware. Those are devastating computer viruses, that encrypt user's files using various cryptographic algorithms and extort ransom money for the decryption key. It is especially sensitive for users, as it attacks either personal files such as videos, photos, music, or business data such as MS Office file formats, e-mails, databases. Such files can be crucial for business operation or extremely important personally as part of family memory. Malefactors can demand from several hundred to several thousand dollars as a ransom. STOP Ransomware is officially the most wide-spread and therefore most dangerous ransomware threat. There've been more, than 230 versions of this virus in 3 years. Each variation infects thousands of computers, and there are millions of victims of this nasty malware. In this article, we will explain typical methods to fight Ekvf Ransomware and decrypt affected files. In today's focus, versions of STOP (DJVU), that add .ekvf extensions. Recent samples use a very similar pattern to infiltrate PCs and encrypt files. After encryption ransomware creates file (ransom note), called _readme.txt.

How to remove Matroska Ransomware and decrypt .happyness or .siliconegun@tutanota.com files

0
Matroska Ransomware is a malicious piece aimed at data encryption. Matroska used to show its activity a couple of years ago until it went dormant. Within some time, it started a series of new infections on users' PCs. Whilst older examples of Matroska applied the .HUSTONWEHAVEAPROBLEM@KEEMAIL.ME, .happyness, .encrypted[Payfordecrypt@protonmail.com], .nefartanulo@protonmail.com extensions to encrypted files, recent attacks of this ransomware showed the new .siliconegun@tutanota.com extension being involved. Depending on which version impacted your system, a file like 1.mp4 will change to 1.mp4.happyness or 1.mp4.siliconegun@tutanota.com at the end of encryption. Once this process is finished, the virus goes further and creates a text file (HOW_TO_RECOVER_ENCRYPTED_FILES) with decryption instructions. Alike other ransomware infections, Matroska asks victims to pay a fee. The amount may vary from person to person, however, we do not recommend buying their software. Luckily, experts found that Dr.Web (leading antimalware software) is able to decrypt your data legitimately and risk-free. Before doing so, you've got to make sure you deleted Matroska Ransomware from your computer. Only then you can use third-party tools to recover the data. For more information on both removal and data decryption, follow the article down below.

How to remove DearCry Ransomware and decrypt .crypt files

0
DearCry Ransomware is a dangerous virus, which targets the encryption of personal data. Such malware makes everything sure that there is no way to decrypt the locked files. Knowing that, cybercriminals offer their own solution - to buy the decryption key stored on their servers. Because most users can find no way out of the trap, they agree on paying the ransom to recover the data. Unfortunately, this is a serious risk proven by multiple victims who did not receive the promised decryption. This is why it is better to delete DearCry Ransomware and reclaim your files via backup or data-recovery tools. If you are the one having files changed with the .crypt extension, which was then accompanied by the ransom note creation (readme.txt), chances are you are infected with DearCry Ransomware.

How to remove JoJoCrypter Ransomware and decrypt .jojocrypt files

0
Developed on Node.js, JoJoCrypter is a malicious program that functions as a data-encryptor. A thorough investigation conducted recently shows there is a .jojocrypt extension assigned to each of the files. To illustrate, a non-encrypted 1.mp4 will turn into 1.mp4.jojocrypt as a result of infection. Along with this, it is also known that JojoCrypter uses RSA-2048 and AES-192 algorithms to cipher innocent files. It also creates a short ransom note how to recover your files.txt with following content. Unfortunately, the decryption with third-party tools appears to be an impossible task. The encryption chains are too strong and flawless to crack. This is why the only option (apart from paying the ransom) is to recover your files using backup or data-recovery tools. Otherwise, you will be forced to pay for the keys proposed by cybercriminals, which is mentioned in the ransom note dropped on your PC after encryption. Swindlers are not using too many words for describing what happened, instead, they attach their e-mail address to be contacted for further instructions.