JobCrypter Ransomware is crypto-virus ransomware based on Hidden Tear code. Virus adds .locked or .css extension sto encrypted files. This crypto-extortioner encrypts user data using 3DES, and then requires a redemption to return the files back. Judging by the text of the demand for the ransom, JobCrypter is focused only on French users. However, it is noteworthy that many infected JobCrypter PCs were in Lithuania. To remove the blocking of files, the affected party needs to pay a ransom of 300 euros from the PaySafeCard.
Updated version of STOP Ransomware ransomware appends .PAUSA, .CONTACTUS, .DATASTOP or .STOPDATA suffixes to encrypted files. Virus still uses RSA-1024 encryption algorithm. All versions, except .STOPDATA, demand $600 ransom in BTC (BitCoin cryptocurrency), last one offers decryption for $200. Still malefactors offer to decrypt from 1 to 3 files for free to prove, that decryption is possible. This can be used to attempt decoding in future. At the moment, unfortunately, the only way to restore your files is from backups.
Dharma-Arena Ransomware belongs to CrySis family, previous wide-spread ransomware of this type was Dharma Ransomware, that we described on this blog. Dharma-Arena Ransomware was detected by security researches first time in August 2017. Since then, it had numerous updates. Different versions of Dharma-Arena Ransomware demand different ransom amounts. It varies from 0,20 to 0,73 BitCoins, which is near $5000. Security experts do not recommend to pay developers of ransomware, as this encourages them to create new variations and does not guarantee decryption of your files. Actually, most times malefactors don’t send decryption keys. Latest versions of Dharma-Arena Ransomware are not decryptable, however there is a chance to restore files affected by older versions.
Aurora Ransomware (sometimes called OneKeyLocker Ransomware) is new crypto-virus, that started circulating the web since the end of May, 2018. It uses DES algorithm to encode files and adds .Aurora extension, after which it got its name. After encryption ransomware creates several text files HOW_TO_DECRYPT_YOUR_FILES.txt, newest version creates single #RECOVERY-PC#.txt file, containing ransom note with contact information and instructions. Usually, viruses of this type ask for $100 – $500 in BitCoins. At the moment, there are no public decryption tool available. Full recovery is only possible with help of backups. You can preserve your files till actual decryptor will be created. Some data can possibly be restored using instructions on this page.
CryptON Ransomware or Nemesis Ransomware or X3M Ransomware is one of the most dangerous and wide-spread ransomware families. Currently, there are multiple successors of initial virus and several deviations built on another platforms. Cry9, Cry36 and Cry128 Ransomware came from this series. Virus uses mix of AES-256, RSA-2048 and SHA-256 encryption algorithms Latest discovered version is actually called CryptON Ransomware and uses .firstname.lastname@example.org extension for affected files. Ransom demand from 0.2 to 1 BitCoin for decryption. It is not recommended to pay the ransom as there are no guarantee malefactors will send decryption key. Use instructions on this page to remove CryptON Ransomware and decrypt .email@example.com, _x3m or _locked files from Windows 10, Windows 8 or Windows 7.