Ransomware

Just like many previous versions of this virus, Cceo Ransomware is a malicious program recently developed by the STOP (Djvu) ransomware family, which runs data encryption. Once it gets on your computer, the virus covers all personal data with strong encryption algorithms, so that you could no longer be able to get access to them. Unfortunately, preventing ransomware from blocking your data is impossible unless you have special anti-malware software installed on your PC. In case of its absence, the files stored on your disks will be restricted and no longer accessible. After the encryption process is done, you will see all the files change to 1.pdf.cceo and similarly with other file names. This version of STOP ransomware uses .cceo extension to highlight the encrypted data. Then, as soon as ransomware has stormed through your system and put all the sensitive data under a lock, it goes further creating a ransom note (_readme.txt).

Payt is the name of a ransomware infection that encrypts system-stored data and blackmails victims into paying money for its return. It does so by adding new filenames (consisting of unique victim's ID, cybercriminals' e-mail, and .Payt or .payt extension). For instance, this is how an image file infected by Payt Ransomware will likely appear - 1.png.[MJ-YK7364058912](wesleypeyt@tutanota.com).Payt. After this, a money-demanding note called ReadthisforDecode.txt gets generated onto the desktop. As stated within this message, victims should write an e-mail to wesleypeyt@tutanota.com or wesleypeyt@gmail.com addresses and express their interest in decrypting data. It is also possible to send a test file and get it decrypted for free - this way cybercriminals seek to illustrate that their decryption actually works and can be relied on.

World2022decoding is a recent ransomware infection that was spotted encrypting device-stored data and blackmailing victims to pay money for it. During encryption, all affected files get appended with the victim's personal ID, and the .world2022decoding extension as well. As a result, it acquires a new look similar to this - from previously uninfected 1.png to now restricted 1.png.[9222911A].world2022decoding. This is only an example and it can happen to any piece of data, especially documents and databases. Cybercriminals also create a text note called WE CAN RECOVER YOUR DATA.MHT that entails instructions on how to return the files.

Ccwq Ransomware is one of the newest versions developed by the STOP (Djvu) family. This ransomware targets various types of personal data (e.g. images, videos, documents, etc.) using online keys randomly generated for each victim. Once they are applied and data becomes encrypted, users are no longer able to access and interact with it. During the encryption process, all the files get assigned with .ccwq extension. This means that files will change their name and reset their icons. For example, a file like 1.pdf will be changed to 1.pdf.ccwq and lose its initial icon at the end of encryption. Then, just like other recent versions of the STOP (Djvu) family, Ccwq creates a text note called _readme.txt that contains decryption instructions. No matter which one was dropped on your PC, all of them display the same information.

Ccza Ransomware is called so, because of .ccza extension, added to affected files, modifying original extensions of various types of sensitive data. In fact, technically it is STOP Ransomware, that uses AES encryption algorithms to encrypt user's files. This suffix is one of the hundreds of different extensions used by this malware. Does it mean you lost your valuable data? Not necessarily. There are certain methods, that allow you to recover your files fully or partially. Also, there is a free decryption utility called STOP Djvu Decryptor from EmsiSoft, that is constantly updated and is able to decrypt hundreds of types of this virus. After finishing its disastrous activity, Ccza Ransomware creates _readme.txt file (ransom note), where it informs users about the fact of encryption, amount of ransom, and payment conditions.

New generation of Ccyu Ransomware (Djvu Ransomware) started to add .ccyu extensions to encrypted files since August, 4th, 2022. We remind you, that Ccyu Ransomware belongs to a family of crypto-viruses, that extort money in exchange for data decryption. The last examples of STOP Ransomware are sometimes categorized as Djvu Ransomware, as they use identical templates of ransom notes since the beginning of 2019, when .djvu extensions were appended. Ccyu Ransomware uses same email addresses, used in last dozens of versions: support@bestyourmail.ch and supportsys@airmail.cc. The full decryption is only possible in 1-2% of cases when offline encryption key was used (by means of STOP Djvu Decryptor). In other cases, use instructions and tools offered in this article.