Ransomware

Odin Ransomware is the latest version of the infamous Locky ransomware. As we know, previously it added .locky and .zepto extensions. Now it uses .odin extension. Technically, it is the same Locky virus, that uses same asymmetric cryptography. However, now key is changed and currently AutoLocky Decryptor that was able to decrypt .locky files can do nothing with .odin files.

Cerber3 ransomware is new version of notorious Cerber virus that infected hundreds of thousands computers. It uses the same algorithms to infect computer and encrypt user files. Now it appends .Cerber3 to those files. Names of the files are changed to random 10 character sequence. Among other differences between Cerber3 and it predecessor are new ransomware note files (@__README__@.html, @__README__@.txt and @__README__@.url instead of #DECRYPT MY FILES#.txt, #DECRYPT MY FILES#.html, #DECRYPT MY FILES#.vbs). Text and html files contain identical instructions to pay the ransom, .url file opens Cerber3 website.

Cry Ransomware is crypto-virus, that infects Windows-based computers and encrypts data of different types. Usually, those are documents, music, photos, e-mails and other files, that can be very important for the user. Ransomware adds .cry extension to affected files and demands $150 ransom for decryption. If ransom is not paid within 100 hours, amount doubles to $300. Among peculiarities, that differentiates Cry virus from other threats of this kind - it creates old_shortcuts on the desktop and moves encrypted files to this folder.

Cerber is ransomware virus that uses AES encryption to encrypt user files. Usually it affects documents, photos, images, music, games and other types of personal data. Cerber adds .cerber extension to all encrypted files. Targeting personal information helps them to demand ransom ($500) for decryption. As there are no 100% working free decryption tools available many users pay the ransom to restore their files.

TeslaCrypt is very dangerous encrypting virus and ransomware. It uses AES encryption to encrypt sensitive user files (documents, photos, music, video). After this it asks for a ransom to decrypt those files. One of the features of TeslaCrypt ransomware is that it also affects gaming files of most popular games

Zepto Ransomware is new file-encrypting ransomware from Locky family. It uses RSA-2048 encryption algorithm and appends .zepto extensions to encrypted files and modifies file names with set of numbers and letters. First part of this set is your actually personal ID that is needed to pay the ransom and get decryptor. Ransom amount is 0.6 BitCoins (~$365). Zepto creates _HELP_instructions.html file with instructions to make the payment.

Crypt0L0cker is newer version of TorrentLocker ransomware, that appeared earlier. It encrypts all files except .html, .inf, .manifest, .chm, .ini, .tmp, .log, .url, .lnk, .cmd, .bat, .scr, .msi, .sys, .dll, .exe, .avi, .wav, .mp3, .gif, .ico, .png, .bmp and .txt that are necessary for proper Windows operation. All files get .encrypted extension and become inaccessible. The ransom amount is 2.2 Bitcoin. Crypt0l0cker creates DECRYPT_INSTRUCTIONS.html and DECRYPT_INSTRUCTIONS.txt files with instructions to pay the ransom and receive decryptor.

UltraCrypter is new version of ransomware that belong to the family of CryptXXX. It distributes via Angler Exploit Kit. It uses the same RSA-4096 encryption algorithm, but another type of decryption keys, that is why there are NO available 100% working decryptors yet. UltraCrypter adds .cryp1 extensions to all affected files. The ransom is 1.2 Bitcoins ($567.6). Malefactors give 96 hours to pay this amount, otherwise it will double to 2.4 Bitcoins.