malwarebytes banner

Ransomware

Articles about removing Windows lockers, Browser lockers, Crypto-viruses and other types of blackmailing threats.

How to remove Erqw Ransomware and decrypt .erqw files

0
Erqw Ransomware is a type of malware that encrypts the victim's files and demands a ransom payment in exchange for the decryption key. It belongs to the family of STOP Ransomware, that started its activity in 2017. This particular version appeared in the beginning of February 2023. The malware typically spreads through phishing emails, malicious software downloads, or exploiting vulnerabilities in the victim's computer or network. Once the malware infects a system, it will encrypt the victim's files and add the .erqw extension to the filenames. The attackers will then demand a ransom payment, often in the form of cryptocurrency, in exchange for the decryption key. Contact details and additional information is disclosed in ransom note file (_readme.txt). It is not recommended to pay the ransom as there is no guarantee that the attackers will actually provide the decryption key. Additionally, paying the ransom supports criminal activities and may make you a target for future attacks. Instead, victims of Erqw Ransomware should focus on removing the malware from their systems and restoring their files from a backup if possible. If you are unsure of how to do this, read this article from our team of trusted IT professionals and cybersecurity experts.

How to remove Assm Ransomware and decrypt .assm files

0
Notorious STOP Ransomware continues its distribution with minor modifications. Since the end of January 2023, new extension appeared: .assm. It encrypts victims' files the same way as hundreds of its predecessors. STOP Ransomware manages to infect tens of thousands of computers with each version, and new versions appear several times a week. At the same time, it distributes the AZORult trojan-stealer, which steals confidential information. It is capable of stealing various user data: information from files, browser history, passwords, cookies, online banking credentials, cryptocurrency wallets, and more. Virus modifies the hosts' file to block Windows updates, antivirus programs, and sites related to security news, selling antivirus software. This version of STOP Ransomware still uses the following e-mail addresses: support@freshmail.top and datarestorehelp@airmail.cc. Assm Ransomware creates _readme.txt ransom note file.

How to remove Sickfile Ransomware and decrypt .sickfile files

0
Sickfile Ransomware is a malicious infection that uses strong encryption to hold victims' data hostage and blackmail them into paying money for its decryption. If your files acquired the new .sickfile extension and lost their icons, then it is likely a sign indicating they have been encrypted successfully. The how_to_back_files.html file is where cybercriminals subsequently explain how to revert the effects of encryption – i.e., return access to data. Here is a full text presented within the note. Overall, threat actors say decryption is possible if victims contact the swindlers and pay for the special decryption software. The communication is to be established either through the attached link or one of the given e-mail addresses. In case victims fail to contact the cybercriminals within 72 hours, it is said the price for decryption will become higher. On top of that, extortionists threaten to leak the encrypted data to public resources or sell it to third-party figures in case no payment will be made eventually.

How to remove Bitenc Ransomware and decrypt .bitenc files

0
Bitenc is a new file encryptor originating from the Mallox ransomware family. Malware of this type is designed to encrypt victims' files and demand payment in exchange for the decryption key. Once Bitenc Ransomware infects a system, it will scan the system for potentially important file types (e.g., documents, images, videos, etc.) and write secure ciphers over the targeted data. In addition, the virus also appends its custom .bitenc extension. For instance, a file originally named 1.pdf will change to 1.pdf.bitenc and become no longer accessible. The appendance of new extensions is usually done to simply highlight the blocked data and make victims spot the effects of encryption. Following successful encryption, developers behind Bitenc Ransomware present their ransom demands within the FILE RECOVERY.txt text note which is created on the victim's desktop.

How to remove Buddyransome Ransomware and decrypt .buddyransome files

0
Buddyransome is a ransomware virus that functions by encrypting access to data. Cybercriminals use its capabilities to restrict potentially important files and blackmail victims into paying money for full decryption. Victims can see the malicious change once targeted files get altered with the new .buddyransome extension – for instance, a file like 1.pdf will change to 1.pdf.buddyransome and reset its original icon after successful encryption. After this, a text note containing decryption instructions (HOW_TO_RECOVERY_FILES.txt) will be created. Victims are said all the significant data has been encrypted and is now at risk of being published to online resources. To prevent this and decrypt the blocked data, cybercriminals instruct to write an e-mail message to buddyransome@aol.com and include their personal ID by copy-pasting it from the generated note. After this, threat actors should respond with the price for decryption/non-disclosure of data and provide instructions on how to perform the payment.

How to remove DeathOfShadow Ransomware and decrypt .Death_Of_Shadow files

0
DeathOfShadow is a ransomware virus that encodes access to system-stored files (using AES+RSA algorithms) and demands victims to pay money for decryption. During encryption, it also assigns its own .Death_Of_Shadow extension to highlight the blocked data. For instance, a file like 1.pdf will change to 1.pdf.Death_Of_Shadow and become inaccessible. After all targeted files end up restricted, the virus creates a text note called (Malakot@protonmail.com).txt or (malakot@tutanota.com).txt depending on what ransomware version attacked the system. The text note is where cybercriminals outline decryption instructions for their victims. Overall, it is said victims have to contact extortionists through their e-mail address. Following this, victims will supposedly be given further guidelines on how to pay money and return the files. As a rule, most cybercriminals make demands to pay ransoms in crypto as it is an untraceable and safe way to receive fraudulent earnings. In addition, threat actors offer to test their decryption abilities implying that victims can send a file (non-valuable and up to 10 MB) and get it decrypted for free. The text in the ransom note also warns that unless victims establish contact with cybercriminals within 48 hours, the decryption of files will no longer be possible.

How to remove Mztu Ransomware and decrypt .mztu files

0
If your files became unavailable, got weird icons, and got .mztu extension, that means your computer got hit by Mztu Ransomware (also known as STOP Ransomware or Djvu Ransomware). This is an extremely dangerous and harmful encryption virus, that encodes data on victims' computers and extorts ransom equivalent of $490/$960 in cryptocurrency to be paid on an anonymous electronic wallet. If you didn't have backups before the infection, there are only a few ways to return your files with a low probability of success. However, they are worth trying, and we describe them all in the following article. In the text box below, you can get acquainted with the contents of _readme.txt file, which is called "ransom note" among security specialists and serves as one of the symptoms of the infection. From this file, users get information about the technology behind the decryption, the price of the decryption, and the contact details of the authors of this piece of malware.

How to remove Mzqw Ransomware and decrypt .mzqw files

0
Mzqw Ransomware (aliases: Djvu Ransomware, STOP Ransomware) is an extremely dangerous file-encrypting virus, that extorts money in exchange for decrypter. Ransomware utilizes a strong AES-256 encryption algorithm and makes files unusable without decryption master key. Particular malware in this review appeared in the end of January 2023 and appends .mzqw extensions to files. As a result, file example.jpg converts to example.jpg.mzqw. Mzqw Ransomware creates a special text file, that is called _readme.txt, where hackers give contact details, overall information about encryption, and options for decryption. Threat places it on the desktop and in the folders with encrypted files. Cyber-criminals can be contacted via e-mail: support@freshmail.top and datarestorehelp@airmail.cc.