Ransomware

Articles about removing Windows lockers, Browser lockers, Crypto-viruses and other types of blackmailing threats.

How to remove Arrow Ransomware and decrypt .arrow files

Arrow Ransomware is new file encryption virus from Dharma/Crysis Ransomware family. Malware uses AES encryption. Unlike previous versions, it appends .arrow extension to all encrypted files. Arrow Ransomware encodes almost all types of files that can be important to users, including documents, images, videos, databases, archives. Arrow Ransomware demands from $1000 to $2000 in BitCoins for the decryption key, that they actually rarely send out. Currently, decryption is not possible, however, you can decrypt your files from backups or trying file recovery software. There is also a slight possibility, that you will decrypt your files using tips and tricks described in this article.

How to remove GandCrab Ransomware and decrypt .GDCB files

GandCrab Ransomware is file encrypting virus, that uses AES-256 (CBC-mode) encryption algorithm to encode user files. It affects documents, media files, databases - the most important data for users. During encryption process ransomware appends .GDCB extension to encrypted files. After it finishes GDCB-DECRYPT.txt is created. GandCrab Ransomware targets 64-bit systems in Western Europe and South Korea. Its developers demand 1.5 - 2 Dash (cryptocurrency) which estimates in more than $1100. GandCrab checks the system for the presence of .exe files of antiviruses from the popular vendors, and won't run on the computers with such security software or will attempt to disable it.

How to remove Ykcol ransomware and decrypt .ykcol files

Ykcol Ransomware is newest version of previously described Locky ransomware. New variant uses RSA-2048 and AES-128 cryptographic algorithms and appends .ykcol to he end of all encrypted files. Virus also modifies filenames using the following template: [8_random_hexadecimal_characters]-[4_random_hexadecimal_characters]-[4_random_hexadecimal_characters]-[4_hexadecimal_chars]-[12_random_hexadecimal_characters].ykcol. In order to decrypt your files malware demands 0.25 BTC, which is on the date of writing this article is equivalent to $950. Ykcol Ransomware creates two files named ykcol.htm and ykcol.bmp, both contain instructions to pay the ransom and ID.

How to remove Hakunamatata Ransomware and decrypt .hakunamatata files

Hakunamatata Ransomware is new version of NMoreira Ransomware (NMoreira 2.0). Virus encrypts user files with RSA-2048 and AES-256 encryption algorithms and adds .hakunamatata suffix to affected files. After finishing infection process Hakunamatata creates file "Recovers files yako.html" on the desktop. Hackers offer users to contact them using Bitmessage system and pay the ransom. Amount of ransom is currently unknown, but likely it is somewhere between $300 and $1500. Decryption key is generated during encryption, and currently unknown. Therefore, there is no way to decrypt or restore files unless users has backup.

How to remove Spora Ransomware and decrypt your files

Spora Ransomware is advanced virus, that encrypts different types of files on Windows machines with RSA cryptography. Possibly, originates in Russia. Spora disables Windows Startup Repair, removes Shadow Volume copies, and modifies BootStatusPolicy, which makes it difficult to restore files using standard methods. In addition, private decryption key is also encrypted with AES cryptography, and currently the only way to return your files is restoring from backup (if you have it). Some of the features of Spora Ransomware are: it can work without internet connection, it doesn't modify file names or file extensions. Ransom must be paid in BitCoins and estimates between $79 and $280, depending on the options user chooses.