How to remove GandCrab V3 Ransomware and decrypt .CRAB files
GandCrab V3 Ransomware is another generation of high-risk GandCrab virus, that uses AES-256 (CBC-mode) + RSA-2048 encryption algorithms. This version also appends .CRAB extensions to all encrypted files. GandCrab V3 creates similar CRAB-DECRYPT.txt file with changed ransom note. Unlike previous versions GandCrab V3 Ransomware uses carder.bit as a server and Psi-Plus Jabber for communication. It also modifies desktop background with unpleasant inscription. Ransomware restarts the computer after encryption is finished, and creates autorun key in the registry to run on Windows startup and attack newly created files. Ransom amount is ~$1000 and can be paid in Dash or BitCoin. Virus creates counter and deadline after which ransom amount can double.
How to remove Scarab Ransomware and decrypt .oblivion, .xtbl or .amnesia files
Scarab Ransomware is a large family of international file-encrypting virus-extortionist. It has multiple versions and languages and attacks computers all over the world. Scarab Ransomware has typical malicious activity: it encrypts user files using AES encryption and demans ransom for decryption. Latest versions of this malware add .oblivion, .xtbl, .decrypts@airmail.cc or .amnesia extensions and modify filenames using randomly-generated alphanumeric sequence.
How to remove Velso Ransomware and decrypt .velso or .david files
Velso Ransomware is maleficent crypto-virus, that uses AES encryption algorithm to encode user files. Ransomware mostly targets English-speaking countries, but may infect computers in any country. Affected files get .velso or .david extension and become inaccessible. After encryption Velso Ransomware creates text file get_my_files.txt with instructions to pay the ransom. The ID of the key and victim is generated by CryptGenRandom (), using AES-256 OpenSSL in ECB mode. Currently, there is almost impossible to decrypt files encrypted by Velso without master key.
How to remove STOP Ransomware and decrypt .STOP, .SUSPENDED or .WAITING files
STOP Ransomware is dangerous file-encrypting virus. It uses AES/RSA-1024 encryption algorithm. Depending on version, ransomware adds .STOP, .SUSPENDED or .WAITING extensions to encrypted files. First variant of STOP Ransomware creates !!!YourDataRestore!!!.txt files, second !!!RestoreProcess!!!.txt, third !!!INFO_RESTORE!!!.txt. In this files, malware demands $600 ransom, that has to be paid in 72 hours, in BitCoins. It also contains user personal id and e-mail addresses for contacting.
How to remove Hermes (2.0 – 2.1) Ransomware and decrypt .hrm files
Hermes Ransomware wide-spread family of crypto-viruses. There have been 2 major updates of initial ransomware - Hermes 2.0 Ransomware and Hermes 2.1 Ransomware. All variants use AES-256 encryption algorithm combined with RSA-2048. First version did not add any extensions and modified only content of the files by adding HERMES file-marker. Last version started to append .hrm suffix, but then just encrypted files without filename modification. After encryption, ransomware creates text files DECRYPT_INFO.txt and DECRYPT_INFORMATION.html, that contains message with instructions to pay the ransom and contact details. You can see the contents of this files below in the next paragraph.
How to remove WhiteRose Ransomware and decrypt .WHITEROSE files
WhiteRose Ransomware is dangerous encryption virus from InfiniteTear family. It uses AES algorithm to encode user files. After this it appends complex suffix _ENCRYPTED_BY.WHITEROSE, and modifies the filename to random set of letter and numbers. Then, ransomware creates text file HOW-TO-RECOVERY-FILES.TXT, containing ransom-demanding message with contact information and instructions. Usually, viruses of this type ask for $500 - $1000 in BitCoins. To reŃover data, users must contact WhiteRose's developers via Tox chat.
How to remove Rapid (2.0) Ransomware and decrypt .rapid or .paymeme files
Rapid Ransomware is nasty virus, that encrypts user files using AES encryption algorithm and demands ransom for decryption. All affected files get .rapid extension, in some versions .paymeme suffix is added. Rapid 2.0 Ransomware appends extensions, that contains 5 random letters in uppercase. Extension is unique for every PC. Unlike other similar ransomware threats, it does not do one time encryption, but continues to encode every new file on victims computer, whether it was just created or copied. Amount of ransom varies from $500 to $1500 and have to be paid in BitCoins. Using BitCoin payments and TOR websites, makes it difficult to find location of malefactors.
How to remove CryptXXX Ransomware and decrypt .crypt, .cryp1 or .crypz files
CryptXXX is ransomware crypto-virus. It encrypts user personal data with AES CBC 256-bit algorithm and asks for RSA-4096 key. Actually, CryptXXX Ransomware also steals bitcoins stored on the computer if there are any. Virus modifies names and extension of all encrypted files to .crypt, .cryp1 or .crypz, changes desktop wallpaper using de_crypt_readme.bmp (image with black background and white text), creates text file with instructions to pay the ransom (de_crypt_readme.txt), and html file with the same instructions (de_crypt_readme.html). Ransom is about 1.2 BitCoins or $400. CryptXXX Ransomware attacks data on local drives and attached storage devices.