Ransomware

Sickfile Ransomware is a malicious infection that uses strong encryption to hold victims' data hostage and blackmail them into paying money for its decryption. If your files acquired the new .sickfile extension and lost their icons, then it is likely a sign indicating they have been encrypted successfully. The how_to_back_files.html file is where cybercriminals subsequently explain how to revert the effects of encryption – i.e., return access to data. Here is a full text presented within the note. Overall, threat actors say decryption is possible if victims contact the swindlers and pay for the special decryption software. The communication is to be established either through the attached link or one of the given e-mail addresses. In case victims fail to contact the cybercriminals within 72 hours, it is said the price for decryption will become higher. On top of that, extortionists threaten to leak the encrypted data to public resources or sell it to third-party figures in case no payment will be made eventually.

Bitenc is a new file encryptor originating from the Mallox ransomware family. Malware of this type is designed to encrypt victims' files and demand payment in exchange for the decryption key. Once Bitenc Ransomware infects a system, it will scan the system for potentially important file types (e.g., documents, images, videos, etc.) and write secure ciphers over the targeted data. In addition, the virus also appends its custom .bitenc extension. For instance, a file originally named 1.pdf will change to 1.pdf.bitenc and become no longer accessible. The appendance of new extensions is usually done to simply highlight the blocked data and make victims spot the effects of encryption. Following successful encryption, developers behind Bitenc Ransomware present their ransom demands within the FILE RECOVERY.txt text note which is created on the victim's desktop.

Buddyransome is a ransomware virus that functions by encrypting access to data. Cybercriminals use its capabilities to restrict potentially important files and blackmail victims into paying money for full decryption. Victims can see the malicious change once targeted files get altered with the new .buddyransome extension – for instance, a file like 1.pdf will change to 1.pdf.buddyransome and reset its original icon after successful encryption. After this, a text note containing decryption instructions (HOW_TO_RECOVERY_FILES.txt) will be created. Victims are said all the significant data has been encrypted and is now at risk of being published to online resources. To prevent this and decrypt the blocked data, cybercriminals instruct to write an e-mail message to buddyransome@aol.com and include their personal ID by copy-pasting it from the generated note. After this, threat actors should respond with the price for decryption/non-disclosure of data and provide instructions on how to perform the payment.

DeathOfShadow is a ransomware virus that encodes access to system-stored files (using AES+RSA algorithms) and demands victims to pay money for decryption. During encryption, it also assigns its own .Death_Of_Shadow extension to highlight the blocked data. For instance, a file like 1.pdf will change to 1.pdf.Death_Of_Shadow and become inaccessible. After all targeted files end up restricted, the virus creates a text note called (Malakot@protonmail.com).txt or (malakot@tutanota.com).txt depending on what ransomware version attacked the system. The text note is where cybercriminals outline decryption instructions for their victims. Overall, it is said victims have to contact extortionists through their e-mail address. Following this, victims will supposedly be given further guidelines on how to pay money and return the files. As a rule, most cybercriminals make demands to pay ransoms in crypto as it is an untraceable and safe way to receive fraudulent earnings. In addition, threat actors offer to test their decryption abilities implying that victims can send a file (non-valuable and up to 10 MB) and get it decrypted for free. The text in the ransom note also warns that unless victims establish contact with cybercriminals within 48 hours, the decryption of files will no longer be possible.

If your files became unavailable, got weird icons, and got .mztu extension, that means your computer got hit by Mztu Ransomware (also known as STOP Ransomware or Djvu Ransomware). This is an extremely dangerous and harmful encryption virus, that encodes data on victims' computers and extorts ransom equivalent of $490/$960 in cryptocurrency to be paid on an anonymous electronic wallet. If you didn't have backups before the infection, there are only a few ways to return your files with a low probability of success. However, they are worth trying, and we describe them all in the following article. In the text box below, you can get acquainted with the contents of _readme.txt file, which is called "ransom note" among security specialists and serves as one of the symptoms of the infection. From this file, users get information about the technology behind the decryption, the price of the decryption, and the contact details of the authors of this piece of malware.

Mzqw Ransomware (aliases: Djvu Ransomware, STOP Ransomware) is an extremely dangerous file-encrypting virus, that extorts money in exchange for decrypter. Ransomware utilizes a strong AES-256 encryption algorithm and makes files unusable without decryption master key. Particular malware in this review appeared in the end of January 2023 and appends .mzqw extensions to files. As a result, file example.jpg converts to example.jpg.mzqw. Mzqw Ransomware creates a special text file, that is called _readme.txt, where hackers give contact details, overall information about encryption, and options for decryption. Threat places it on the desktop and in the folders with encrypted files. Cyber-criminals can be contacted via e-mail: support@freshmail.top and datarestorehelp@airmail.cc.

SecureAgent is a ransomware virus that encrypts system-stored data and blackmails victims into paying money for its decryption. Along with encrypting access to data, the ransomware also assigns the .secured extension to highlight the blocked files. For instance, a file originally named 1.pdf will change to 1.pdf.secured and reset its icon as well. After encryption is done, the virus changes the desktop wallpapers and displays a pop-up window containing decryption guidelines. Overall, the window features a deadline timer for transferring $120 (in Bitcoin) to the cybercriminals' crypto address. After the given time expires, the decryption key for unlocking the data will supposedly be deleted making files permanently inaccessible. Developers behind SecureAgent do not provide any contact information, which makes it unclear how they will send a decryption key after the payment.

Poqw Ransomware (also known as STOP Ransomware) is a cynical virus that knocks out the soil and leaves users at a loss because it affects the most intimate type of information - personal photos, videos, e-mails, as well as documents, archives, and other valuable data. Ransomware is a type of threat that not only encrypts those files, but demands a buyout. STOP Ransomware is officially the most widespread and dangerous virus among the file-encrypting type of malware. There have been more than 500 versions of it and latest struck with .poqw extensions. Such suffixes are added by Poqw Ransomware to files it encodes with its powerful AES-256 encryption algorithm. In 99% of cases, its algorithms are unbreakable, however, with instructions and utilities covered in this article you get this 1% chance of recovery. Firstly look at the ransom note, that Poqw Ransomware copies to the desktop and affected folders.