Ransomware

Articles about removing Windows lockers, Browser lockers, Crypto-viruses and other types of blackmailing threats.

How to remove Jamper (Jumper) Ransomware and decrypt .jamper, .jumper or .SONIC files

Jamper Ransomware is a nasty file-encryption virus, that uses AES algorithm to encrypt your files and extorts a ransom of 1 to 3 BTC (Bitcoins). This malware is the successor of VegaLocker (Vega Ransomware) and predecessor of Buran Ransomware. Jamper Ransomware, depending on the version, may add .jamper, .jumper or .SONIC extensions to files it affects. After ransomware activity, your files become inaccessible and unreadable. Malware creates ransom note file called ---README---.TXT after it finishes. Jamper Ransomware removes shadow copies of files (VSS), disables recovery features of Windows, which makes it difficult to recover encrypted files.

How to remove Buran Ransomware and decrypt your files

Buran Ransomware is harmful crypto-virus, that uses AES encryption algorithm to encode your files and demands ransom in BTC (Bitcoins) afterwards. Technically, it is successor of VegaLocker (Vega Ransomware) and Jamper (Jumper) Ransomware. Buran Ransomware adds complex extension to affected files and uses special template: randomly generated 8-4-4-4-12 letters alphanumerical sequence. For example: .1C81A230-7B5F-4AE4-6F71-EB3958F83XXX, .62E93854-821C-3F0E-7556-D0F4F2E6E1C2. Files become inaccessible and unreadable. After successful encryption virus creates ransom note file: !!! YOUR FILES ARE ENCRYPTED !!!.TXT. Tips and tricks featured on this page will help you to recover at least some of the files encrypted by Buran Ransomware.

How to remove STOP Ransomware and decrypt .poret, .heroset, .pidom or .pidon files

If you were attacked by the virus, your files are encrypted, not accessible, and got .poret, .heroset, .pidom or .pidon extensions, that means your PC is infected with STOP Ransomware (sometimes called DJVU Ransomware, named after .djvu extension, that was initially added to encrypted files). This encryption virus was very active in 2018 and 2019 and caused great financial damage to thousands of users. Unfortunately, there is very difficult to track down the malefactors, because they use anonymous TOR servers and cryptocurrency. However, with instructions, given in this article you will be able to remove STOP Ransomware and return your files.

How to remove STOP (DJVU) Ransomware and decrypt .stone, .davda, .lanset or .redmat files

STOP Ransomware (a.k.a. DJVU Ransomware) is wide-spread file-encrypting virus-extortionist. This is one of the most dangerous ransomware with high damaging effect and prevalence rate. It uses AES-256 encryption algorithm in CFB mode with zero IV and a single 32-byte key for all files. A maximum of 0x500000 bytes (~5 Mb) of data at the beginning of each file is encrypted. Virus appends .stone, .davda, .lanset or .redmat extensions to encoded files. Infection affects important and valuable files. These are MS Office documents, OpenOffice, PDF, text files, databases, photos, music, video, image files, archives, application files, etc. DJVU Ransomware does not encrypt system files, to make sure Windows operates correctly and users are able to browse internet, visit payment page and pay the ransom. STOP Ransomware creates _readme.txt file, that is called "ransom note" and it contains instructions to make payment and contact details.

How to remove STOP (DJVU) Ransomware and decrypt .rectot, .rezuc, .mogera or .skymap files

STOP Ransomware (a.k.a. DJVU Ransomware) is extremely dangerous virus that encrypts files using AES-256 encryption algorithm and adds .rectot, .rezuc .mogera or .skymap extensions to affected files. Infection mostly involves important and valuable files, like photos, documents, databases, e-mails, videos etc. Rectot Ransomware does not touch system files to allow Windows operate, so users will be able to pay the ransom. If the malware server is unavailable (computer is not connected to the Internet, remote hackers's server does not work), then the encryption tool uses the key and identifier that is hard-coded in it and performs offline encryption. In this case, it will be possible to decrypt the files without paying the ransom. STOP Ransomware creates _readme.txt file, that contains ransom message and contact details, on the desktop and in the folders with encrypted files.