malwarebytes banner

Ransomware

Articles about removing Windows lockers, Browser lockers, Crypto-viruses and other types of blackmailing threats.

How to remove LuciferCrypt Ransomware and decrypt .LuciferCrypt files

0
A new cryptovirus known as LuciferCrypt stepped into the game a couple of days ago to encrypt personal data. As long as the study goes, it is already evident that this ransomware restricts access to data by assigning a long-string extension (.id=[].email=[].LuciferCrypt). A quick illustration of an infected sample would look like this 1.id=0ED53ADA.email=cracker.irnencrypt@aol.com.LuciferCrypt.mp4. After the encryption process is done, the virus continues its presence creating a text file called HowToRecoverFiles.txt. Within this document, extortionists are notifying victims about successful encryption. To revert it, victims should contact cyber criminals via e-mail and pay a fee to recover the files. Once done, your data will be decrypted automatically, without involving any manipulations. It is also said that the price directly depends on how fast you reply to the swindlers. Before doing that, you are also allowed to take advantage of free decryption. Developers offer to send up to 3 files (less than 4MB and non-archived), which should not contain valuable information.

How to remove Igdm Ransomware and decrypt .igdm files

0
Igdm Ransomware (also know as STOP Ransomware) is a cynical virus that knocks out the soil and leaves users at a loss because it affects the most intimate type of information - personal photos, videos, e-mails, as well as documents, archives, and other valuable data. Ransomware is a type of threat that not only encrypts those files but demands a buyout. STOP Ransomware is officially the most wide-spread and dangerous virus among the file-encrypting type of malware. There have been more than 260 versions of it and latest struck with .igdm extensions. Such suffixes are added by Igdm Ransomware to files it encodes with its powerful AES-256 encryption algorithm. In 99% of cases, its algorithms are unbreakable, however, with instructions and utilities covered in this article you get this 1% chance of recovery. First of all look at the ransom note, that Igdm Ransomware copies to the desktop and affected folders. The file _readme.txt serves as a marker to distinguish one version from another.

How to remove Pump Ransomware and decrypt .pump files

0
After Pump Ransomware attacks your system, all data become chained by strong algorithms restricting access to it. The malware appends .pump extension to the files it encodes. For example, a file like 1.mp4 will acquire a new look of 1.mp4.pump and reset its original icon. The extension applied in the end means that your files are under encryption. Such modifications are usually accompanied by the creation of ransom instructions. In our case, the virus drops a text file called README.txt that will help you recover the files. The content presented inside is short, cybercriminals only attached their e-mail address to call victims into contacting them. Then, they will supposedly give further instructions on how to purchase the decryption software. No matter how far the price goes, complying with the requests of swindlers is risky - they may become foolish in their promises and leave you no tools even after making a payment.

How to remove MARS Ransomware and decrypt .mars or .vyb files

0
MARS Ransomware is a malicious program discovered by Michael Gillespie. The way it encrypts files is very similar to other infections of such type - by appending the new .mars or .vyb extension to highlight the affected data. Victims will see their files transform into something like this 1.mp4.mars or 1.mp4.vyb. As a result of these actions, files cannot be opened or manipulated by users in any way. To fix it and recover your data, cybercriminals offer to read instructions in a text note (!!!MARS_DECRYPT.TXT) created after encryption. It informs you that various data types stored on your PC have been encrypted with the virus. To revert it, people have to pay 500$ in BTC for the decryption key. Before doing so, extortionists strongly insist on sending up to 3 files for free decryption to make sure of their trustworthiness. After this, the cybercriminals team will reply back with the payment link towards purchasing their software. You can also contact developers via Telegram and buy the key right away without testing free decryption. Although such features provided by swindlers may instill trust in their intentions, it is recommended against agreeing on what they say, because there is no actual guarantee that they will return your data safe and undamaged.

How to remove Nobu Ransomware and decrypt .nobu files

0
Nobu Ransomware (belongs to STOP Ransomware or Djvu Ransomware family) is high-risk file-encrypting virus, that affects Windows systems. In May, 2019, new generation of this malware started encoding files using .berost, .fordan, .codnat or .codnat1 extensions. Virus targets important and valuable file types such as photos, documents, videos, archives, encrypted files become unusable. Ransomware puts _readme.txt file, that is called "ransom note" or "ransom-demanding note" on the desktop and in the folders with encrypted files. Developers use following e-mails for contact: helpmanager@mail.ch and restoremanager@airmail.cc. Hackers demand $980 for the decryption of your files (the message states, that victims will get a 50% discount if they'll contact cyber criminals within 72 hours after the encryption). According to many reports, malefactors often don't reply to victims, when they receive ransom payment. We strongly do not recommend paying any money. Files encrypted by some versions of Nobu Ransomware can be decrypted with help of STOP Djvu Decryptor. Nobu Ransomware was programmed to send decryption keys to a remote server. However, if your system has no Internet connection or the server was not responding, then ransomware is using the so-called "offline key". That is where STOP Djvu Decryptor will help.

How to remove Weui Ransomware and decrypt .weui files

0
Weui Ransomware (subtype of STOP Ransomware) continues its malicious activity in December, 2020, and now adding .weui extensions to encrypted files. The malware aims most important and valuable files: photos, documents, databases, videos, archives and encrypts them using AES-256 algorithms. Encrypted files become unusable and cybercriminals start extorting ransom. If the hacker server is unavailable (the PC is not connected to the Internet, the server itself does not work), then the encrypter uses the key and identifier that is hard-coded in it and performs offline encryption. In this case, it will be possible to decrypt the files without paying the ransom. Weui Ransomware creates _readme.txt file, that is called "ransom note", on the desktop and in the folders with encrypted files. Developers use following e-mails for contact: helpmanager@mail.ch and restoremanager@airmail.cc. Hackers demand $980 for the decryption of your files (the message states, that victims will get a 50% discount if they'll contact cyber criminals within 72 hours after the encryption). According to many reports, malefactors often don't reply to victims, when they receive ransom payment. We strongly do not recommend paying any money. Files encrypted by some versions of Weui Ransomware can be decrypted with help of STOP Djvu Decryptor. Dr.Web specialists decrypted files encrypted with some variants of Weui Ransomware in private.