malwarebytes banner

Ransomware

Articles about removing Windows lockers, Browser lockers, Crypto-viruses and other types of blackmailing threats.

How to remove Crypt0L0cker and decrypt .encrypted files

2
Crypt0L0cker is newer version of TorrentLocker ransomware, that appeared earlier. It encrypts all files except .html, .inf, .manifest, .chm, .ini, .tmp, .log, .url, .lnk, .cmd, .bat, .scr, .msi, .sys, .dll, .exe, .avi, .wav, .mp3, .gif, .ico, .png, .bmp and .txt that are necessary for proper Windows operation. All files get .encrypted extension and become inaccessible. The ransom amount is 2.2 Bitcoin. Crypt0l0cker creates DECRYPT_INSTRUCTIONS.html and DECRYPT_INSTRUCTIONS.txt files with instructions to pay the ransom and receive decryptor.

How to remove UltraCrypter and decrypt .cryp1 files

2
UltraCrypter is new version of ransomware that belong to the family of CryptXXX. It distributes via Angler Exploit Kit. It uses the same RSA-4096 encryption algorithm, but another type of decryption keys, that is why there are NO available 100% working decryptors yet. UltraCrypter adds .cryp1 extensions to all affected files. The ransom is 1.2 Bitcoins ($567.6). Malefactors give 96 hours to pay this amount, otherwise it will double to 2.4 Bitcoins.

How to remove CTB-Locker and decrypt .ctb files

1
CTB-Locker is very wide-spread and dangerous ransomware virus. It uses RSA-2048 encryption to encrypt various types of files stored on users computers (documents, images, photos, music, videos). Then CTB-Locker demands the ransom of $120 - $300 and shows message on your desktop: "Your personal files are encrypted by CTB-Locker". Ransomware also creates text file with instructions DecryptAllFiles.txt in every affected folder. The virus itself is rather simple to remove, however we recommend you to use removal tool.