Ransomware

Rajah Ransomware is a malicious program that encrypts data and demands payment for its decryption. It is part of the Makop Ransomware family and appends the .rajah extension to encrypted files, along with the victim's unique ID and developers' email address. The ransom note warns that using anti-virus or third-party recovery software will render the files undecryptable, resulting in permanent data loss. The victim is informed that decryption will require paying a ransom in Bitcoin cryptocurrency. Rajah ransomware encrypts files using an unknown encryption algorithm and appends the .rajah extension to encrypted files, so affected file will look like this: sample.txt.[3B5J0RT4].[rajah@airmail.cc].rajah. The ransom note warns that only the attackers can restore the affected data and that using anti-virus or third-party recovery software will render the files undecryptable, resulting in permanent data loss. After encryption virus creates ransom note called +README-WARNING+.txt.

Gayn Ransomware is a file-encrypting virus that is part of the Djvu/STOP family of ransomware. It is a highly destructive computer virus that uses the strong RSA encryption algorithm to encrypt all of your personal documents, videos, pictures, databases, and other data, making them inaccessible and demanding payment in exchange for the decryption key. The virus is typically distributed through various means, including disguising itself as freeware, hacked software, or key generators. Once it infects a computer, the ransomware creates a folder in the Windows system directory and copies itself to it. Gayn Ransomware encrypts various file types, such as documents, pictures, and databases. Encrypted files have a new .gayn extension added to their original names, making them unreadable and unusable. The ransomware drops a file named _readme.txt in all directories where encrypted files are located. This note informs the victim that their files have been encrypted and that they will need to pay a ransom to obtain the decryption key. The ransom note also contains instructions on how to contact the hackers and make the payment.

Wazp Ransomware is a type of malware that encrypts files on a victim's computer, making them inaccessible until a ransom is paid. It is part of the Djvu family of ransomware, which is known for exploiting vulnerabilities in operating systems and applications, as well as being distributed through spam emails, phishing, and fake software updates. Wazp Ransomware encrypts a wide range of files, including photos, videos, and documents, and appends the distinct .wazp extension to them. Once the files are encrypted, the victim is presented with a ransom note, usually named _readme.txt, which demands payment in exchange for the decryption key. The ransom amount can range from $490 to $980 in Bitcoin cryptocurrency.

BIG HEAD is a type of ransomware that encrypts files on a victim's computer and demands a ransom payment in exchange for the decryption key. The ransomware was first discovered in May 2023 and has multiple variants. The ransomware encrypts files using AES encryption and changes filenames and encryption to random set of letters and numbers. During the encryption process, BIG HEAD displays a fake Windows update screen to deceive users and effectively lock them out of their machines. The ransomware also renames the encrypted files using Base64 encoding to provide an extra layer of obfuscation. BIG HEAD ransomware creates a text file named README_[random_number].txt, which serves as a ransom note.

Wayn Ransomware is a type of malware that encrypts files and adds the .wayn extension to filenames. It belongs to the Djvu family, which is known for its association with other malware, such as RedLine and Vidar, which are information stealers. Wayn ransomware encrypts files using a strong encryption algorithm and a key ("offline key" or "online key", as described above). The virus attempts to encrypt as many files as possible, encrypting only the first 154kb of the contents of each file to speed up the encryption process. Wayn has the ability to encrypt files on all drives connected to the computer, including internal hard drives, flash USB disks, network storage, and more. Wayn leaves a ransom note (a text file named _readme.txt) that demands a specific payment to obtain the decryption key and regain access to the data. The ransom note is placed on the victim’s desktop.

Agpo Ransomware is a type of virus that encrypts files on a victim's computer and demands payment in exchange for the decryption key. Agpo is part of the STOP/Djvu ransomware family and encrypts files using the Salsa20 encryption algorithm. Once the encryption process is complete, Agpo adds the .agpo extension to the filenames of all affected files. The ransomware then drops a ransom note named _readme.txt in each folder containing encrypted files. The ransom note provides instructions on how to pay the ransom and obtain the decryption key. Once the ransomware is executed on a victim's computer, it communicates with a remote server to generate a unique key for that specific computer. The ransomware then starts to decrypt target files using a complex method that is almost impossible to reverse. Removing Agpo ransomware from a computer and decrypting enciphered data is a complex process that requires specialized knowledge and tools.

Skynet Ransomware is a type of malware that encrypts personal documents on a victim's computer with a sophisticated encryption algorithm. It then demands a ransom in the form of Bitcoin cryptocurrency in exchange for access to the data. Skynet Ransomware has two versions, one is based on the Chaos Malware family and the other belongs to the MedusaLocker family. Other ransomware variants belonging to the MedusaLocker family include BlackToxic, Odaku, and Ritzer. The ransom note that Skynet Ransomware shows to its victims is usually contained in a text file named Instructions for decryption.txt (SkynetData.txt for Chaos variation) and is placed in every directory that contains the encrypted files. The note demands a ransom payment in exchange for the decryption of the victim's files. The ransom note also warns victims not to modify or rename encrypted files and not to attempt to restore them with third-party software, as it will permanently corrupt them. Skynet Ransomware encrypts all personal files on a victim's computer, making all photos, videos, documents, databases, and other important data unusable. Each of the files is appended with a suffix .Skynet. Skynet (Chaos) version adds random-string 4-digit extension. Skynet Ransomware uses RSA and AES encryption.

Aghz Ransomware is a type of malware (subtype of STOP/Djvu Ransomware) that encrypts files on a victim's computer and then demands payment in exchange for the decryption key. It is a member of the Djvu ransomware family and encrypts files by appending the .aghz extension to their filenames. Aghz Ransomware uses the Salsa20 encryption algorithm, which is not the strongest method but still provides an overwhelming amount of possible decryption. Aghz ransomware generates a _readme.txt file that includes payment and contact details. The ransom note is placed on the desktop and in compromised folders to demand ransom from users. If your computer is infected with Aghz Ransomware, we recommend running a full system scan with reputable antivirus software (featured in our article) and removing any threats detected. After this you can try using decryption or file-recovery tool like Stellar Data Recovery Professional.