malwarebytes banner

Ransomware

Articles about removing Windows lockers, Browser lockers, Crypto-viruses and other types of blackmailing threats.

How to remove Mzqw Ransomware and decrypt .mzqw files

0
Mzqw Ransomware (aliases: Djvu Ransomware, STOP Ransomware) is an extremely dangerous file-encrypting virus, that extorts money in exchange for decrypter. Ransomware utilizes a strong AES-256 encryption algorithm and makes files unusable without decryption master key. Particular malware in this review appeared in the end of January 2023 and appends .mzqw extensions to files. As a result, file example.jpg converts to example.jpg.mzqw. Mzqw Ransomware creates a special text file, that is called _readme.txt, where hackers give contact details, overall information about encryption, and options for decryption. Threat places it on the desktop and in the folders with encrypted files. Cyber-criminals can be contacted via e-mail: support@freshmail.top and datarestorehelp@airmail.cc.

How to remove Pouu Ransomware and decrypt .pouu files

0
Pouu Ransomware (subtype of STOP Ransomware) continues its malicious activity in the end of January 2023, and now adding .pouu extensions to encrypted files. The malware aims most important and valuable files: photos, documents, databases, videos, archives and encrypts them using AES-256 algorithms. Encrypted files become unusable and cybercriminals start extorting ransom. If the hacker server is unavailable (the PC is not connected to the Internet, the server itself does not work), then the encrypter uses the key and identifier that is hard-coded in it and performs offline encryption. In this case, it will be possible to decrypt the files without paying the ransom. Pouu Ransomware creates _readme.txt file, that is called "ransom note", on the desktop and in the folders with encrypted files. Developers use the following e-mails for contact: support@freshmail.top and datarestorehelp@airmail.cc.

How to remove SecureAgent Ransomware and decrypt .secured files

0
SecureAgent is a ransomware virus that encrypts system-stored data and blackmails victims into paying money for its decryption. Along with encrypting access to data, the ransomware also assigns the .secured extension to highlight the blocked files. For instance, a file originally named 1.pdf will change to 1.pdf.secured and reset its icon as well. After encryption is done, the virus changes the desktop wallpapers and displays a pop-up window containing decryption guidelines. Overall, the window features a deadline timer for transferring $120 (in Bitcoin) to the cybercriminals' crypto address. After the given time expires, the decryption key for unlocking the data will supposedly be deleted making files permanently inaccessible. Developers behind SecureAgent do not provide any contact information, which makes it unclear how they will send a decryption key after the payment.

How to remove Poqw Ransomware and decrypt .poqw files

0
Poqw Ransomware (also known as STOP Ransomware) is a cynical virus that knocks out the soil and leaves users at a loss because it affects the most intimate type of information - personal photos, videos, e-mails, as well as documents, archives, and other valuable data. Ransomware is a type of threat that not only encrypts those files, but demands a buyout. STOP Ransomware is officially the most widespread and dangerous virus among the file-encrypting type of malware. There have been more than 500 versions of it and latest struck with .poqw extensions. Such suffixes are added by Poqw Ransomware to files it encodes with its powerful AES-256 encryption algorithm. In 99% of cases, its algorithms are unbreakable, however, with instructions and utilities covered in this article you get this 1% chance of recovery. Firstly look at the ransom note, that Poqw Ransomware copies to the desktop and affected folders.

How to remove Zouu Ransomware and decrypt .zouu files

0
Being part of the Djvu and STOP virus family, Zouu Ransomware is a file-encrypting virus that has been strolling around the web since the middle of January 2023. In fact, developers distribute a plethora of versions that vary from each other by extensions, cybercriminals' e-mail, and other details. There are over 600 extensions that STOP Ransomware has used to attack the user's data. In our case, STOP Ransomware appends .zouu extension to files so that they become encrypted. For instance, something like 1.mp4 will be retitled to 1.mp4.zouu and reset its default icon after infection. Sequentially, the program creates a note called _readme.txt that contains ransom information. Usually, the generated content looks very similar in all ransomware types.

How to remove Zoqw Ransomware and decrypt .zoqw files

0
Zoqw Ransomware, being a part of STOP Ransomware is a critical virus, endangering user's personal files. It belongs to the family of file-encrypting malware, that uses the AES (Salsa20) algorithm and unbreakable key. This virus is, sometimes, called Djvu Ransomware, after the word used as an extension in the first versions (.djvu). The variant of the threat, that we describe today, modifies files with .zoqw extension appeared in first half of January 2023 and acts exactly the same in comparison with dozens of previous versions. Files are encrypted with a secure key and there are quite small chances to decrypt them completely, especially if an online key was used. However, certain manual methods and automatic tools, described in this article can assist you in successfully decrypting some data. In the text box below you can find the "ransom note" - a small text file with a brief virus introduction and instructions to pay the ransom.