malwarebytes banner


Articles about removing Windows lockers, Browser lockers, Crypto-viruses and other types of blackmailing threats.

How to remove Mded Ransomware and decrypt .mded files

Mded Ransomware (also know as STOP Ransomware) is a cynical virus that knocks out the soil and leaves users at a loss because it affects the most intimate type of information - personal photos, videos, e-mails, as well as documents, archives, and other valuable data. Ransomware is a type of threat that not only encrypts those files but demands a buyout. STOP Ransomware is officially the most widespread and dangerous virus among the file-encrypting type of malware. There have been more than 260 versions of it and latest struck with .mded extensions. Such suffixes are added by Mded Ransomware to files it encodes with its powerful AES-256 encryption algorithm. In 99% of cases, its algorithms are unbreakable, however, with instructions and utilities covered in this article you get this 1% chance of recovery. First of all look at the ransom note, that Mded Ransomware copies to the desktop and affected folders. The file _readme.txt serves as a marker to distinguish one version from another.

How to remove CommonRansom Ransomware and decrypt .commonransom files

CommonRansom is classified as a ransomware virus that encrypts data stored on infected devices to demand payment for its return. This version was discovered by a malware researcher named Michael Gillepsie. Just like many ransomware infections, CommonRansom assigns its own extension to highlight the blocked data. All data that got encrypted by CommonRansom will change like this file here - 1.pdf > 1.pdf.[].CommonRansom. After this, one more thing left to initiate by the virus is ransom note creation. The name of the note is DECRYPTING.txt and it is put to each folder with infected files. This note says victims have 12 hours ahead to request data decryption, otherwise, there will be no chance to return it anymore. There is also a template that should be used when contacting cybercriminals by their e-mail address. The attached template is actually very suspicious since it requests victims to write their PC RDP port, a username along with password used to log into the system, and the time when you paid 0.1 BTC to the outlined crypto address.

How to remove Tisc Ransomware and decrypt .tisc files

Tisc is one of many ransomware versions issued by the STOP/Djvu family. Just like older versions, Tisc Ransomware encrypts PC-stored data and demands crypto ransom for unique decryption software that will unlock this data. Most often, malware like Tisc will scout through the available files and block access to the most valuable ones. The list of such usually consists of images, music, videos, and documents containing important information. After locating these files, the file-encryptor will write strong cryptographic algorithms over the targeted files to prevent users from manually approaching their decryption. Victims infected with this ransomware version will see their data changed with the .tisc extension. This means a compromised file like 1.pdf will change to something like 1.pdf.tisc. Then, Tisc developers set up their virus to create the _readme.txt file that features decryption guidelines.

How to remove Gyjeb Ransomware and decrypt .gyjeb files

Gyjeb is a ransomware virus that runs data encryption to extort money from victims. It looks very similar to Keq4p Ransomware, which means they are likely to come from the same malware family. Just like Keq4p, Gyjeb Ransomware assigns a random string of senseless symbols along with its own .gyjeb extension. To illustrate, a file like "1.pdf" will change its look to something like 1.pdf.wKkIx8yQ03RCwLLXT41R9CxyHdGsu_T02yFnRHcpcLj_xxr1h8pEl480.gyjeb and reset its original icon. After all files end up edited this way, the virus creates a text note called nTLA_HOW_TO_DECRYPT.txt which entails decryption instructions. You can familiarize yourself with this note in the screenshot below.

How to remove Keq4p Ransomware and decrypt .keq4p files

Keq4p is a ransomware infection that encrypts personal data using cryptographic algorithms. These algorithms ensure strong data protection from attempts to decrypt it. Files attacked by ransomware are usually photos, videos, music, documents, and other types of data that could entail some value. Most file-encryptors change all the affected files by assigning their own extension. Keq4p does exactly the same, but also attaches a random string of symbols. For instance, a file like 1.pdf will change to something like 1.pdfT112tM5obZYOoP4QFkev4kSFA1OPjfHsqNza12hxEMj_uCNVPRWni8s0.keq4p or similar. The assigned string is totally random and has no real purpose. Along with visual changes, Keq4p closes its encryption process with the creation of zB6F_HOW_TO_DECRYPT.txt, a text file containing ransom instructions. You can take a closer look at what it contains in the following screenshot.

How to remove Makop Ransomware and decrypt .baseus or .harmagedon files

If you wonder why you are unable to access your data, then this could be because Baseus Ransomware or Harmagedon Ransomware attacked your system. This file-encryptors belong to the Makop ransomware group, which has produced a number of similar infections including Mammon, Tomas, Oled, and more. Whilst encrypting all valuable data stored on a PC, this versions of Makop assigns victims' unique ID, cyber criminals' email address, and the new .baseus or .harmagedon extensions to highlight the blocked files. For instance, 1.pdf, which was previously safe, will change its name to something like 1.pdf.[7C94BE12].[].baseus or 1.pdf.[7C94BE12].[].harmagedon at the end of encryption. Soon after all files end up successfully renamed, the virus goes forward and creates a text file (readme-warning.txt) with ransom instructions.