Ransomware

Trash Panda Ransomware is a new encryption virus that locks data on a computer and demands a ransom in exchange for the decryption key. It is a dangerous computer virus developed by hackers for commercial purposes. Trash Panda Ransomware is usually hidden in spam emails that look legitimate and trustworthy. When a user downloads and opens the malicious attached files, Trash Panda Ransomware encrypts all files on the computer. As a result, the user has to spend a huge amount of money to buy a decryption key from the Trash Panda Ransomware maker. Once the encryption process is complete, the Trash Panda Ransomware appends the .monochrome extension to the names of all affected files. It also generates a file, named [random_string]-readme.html which serves as a ransom note.

Yytw Ransomware is a type of malware that encrypts files on a computer system and demands a ransom to be paid to allegedly recover them. It is a variant of the STOP/DJVU malware group. During the analysis of malware samples uploaded to VirusTotal, it was discovered that Yytw is linked to the Djvu family. The encryption algorithm used by Yytw is Salsa20, which is not the strongest method, but it still provides an overwhelming amount of possible decryption keys. Yytw Ransomware appends the .yytw extension to the filenames of the encrypted files. For example, sample1.jpg would be changed to sample1.jpg.yytw and sample2.png would be changed to sample2.png.yytw. Yytw Ransomware generates a ransom note in the form of a text file named _readme.txt. The ransom note instructs the victims to pay a defined amount to receive a decryption key that can unlock their files. The ransom amount ranges from $490 to $980 (in Bitcoins).

Yyza Ransomware is an encryption virus, that locks files on a computer and demands payment from the victim to restore access to the files. It is part of the notorious STOP/Djvu ransomware family. The malware is spread through malicious files disguised as freeware, key generators, and hacked games, which are commonly found on file-sharing and torrent sites. Once installed, Yyza encrypts all files on the victim’s computer, adding the .yyza extension to the filenames. Yyza Ransomware uses a file encryption method that is currently unbreakable without the decryption key. yza Ransomware creates a ransom note named _readme.txt. The note instructs the victim to pay a specified amount for a decryption key that can unlock their files. Our instructions below may help you remove malware and recover the files.

CryBaby Ransomware is a type of malware that encrypts data on a computer and demands payment for the decryption of the files. CryBaby Ransomware was discovered by researchers while inspecting new submissions to the VirusTotal website. CryBaby Ransomware is classified as ransomware because it encrypts data and demands payment for the decryption. CryBaby Ransomware adds the .lockedbycrybaby extension to the filenames of encrypted files. For example, a file originally named 1.jpg appears as 1.jpg.lockedbycrybaby, 2.png as 2.png.lockedbycrybaby, and so on. CryBaby Ransomware uses encryption to lock the files on a computer. The encryption method used by CryBaby Ransomware is not discovered. After the encryption process is concluded, CryBaby Ransomware displays a ransom note in a pop-up window. The ransom note contains instructions on how to pay the ransom and obtain the decryption key.

Popn Ransomware is a harmful virus that encrypts files on a victim's computer and demands payment in exchange for the decryption key. It belongs to the STOP/Djvu ransomware family and is usually distributed through malicious websites, spam emails, fake software cracks, or by exploiting vulnerabilities in the operating system and installed programs. Once the ransomware is downloaded and executed, it initiates the encryption process on the victim's system, irrespective of the distribution method. Cybercriminals employ a wide range of file types, including PDFs, Microsoft Office documents, and more. Popn appends .popn extensions to files and utilizes a file renaming pattern, transforming files such as 1.jpg into 1.jpg.popn, 2.png into 2.png.popn etc. The ransomware generates a ransom note called _readme.txt that instructs the victims to pay a specific amount to receive a decryption key to restore access to their files. Failing to meet the payment deadline might result in the irreversible loss of the compromised data.

Krize Ransomware is a type of malware that encrypts files on a victim's computer and demands a ransom payment in exchange for the decryption key. Krize Ransomware was discovered by the PCrisk team while examining samples uploaded to the VirusTotal platform. Krize Ransomware appends the .krize extension to filenames. Krize Ransomware uses encryption to lock the victim's files and demands a ransom payment in exchange for the decryption key. Since Krize Ransomware is a relatively new ransomware, security software developers have not yet found a way to reverse its work. Krize Ransomware creates a file named leia_me.txt containing a ransom note in each directory containing encrypted files. The ransom note contains instructions on how to pay the ransom and a warning that it is impossible to decrypt the files without the decryption key.

Pouu Ransomware (subtype of STOP Ransomware) continues its malicious activity in the end of January 2023, and now adding .pouu extensions to encrypted files. The malware aims most important and valuable files: photos, documents, databases, videos, archives and encrypts them using AES-256 algorithms. Encrypted files become unusable and cybercriminals start extorting ransom. If the hacker server is unavailable (the PC is not connected to the Internet, the server itself does not work), then the encrypter uses the key and identifier that is hard-coded in it and performs offline encryption. In this case, it will be possible to decrypt the files without paying the ransom. Pouu Ransomware creates _readme.txt file, that is called "ransom note", on the desktop and in the folders with encrypted files. Developers use the following e-mails for contact: support@freshmail.top and datarestorehelp@airmail.cc.

BIDON Ransomware is a new variant of the MONTI Ransomware. It is a type of malware that encrypts files and demands payment for their decryption. BIDON Ransomware infects computers through phishing emails using social engineering, malvertising, and exploit kits. Once it infects a computer, it adds the .PUUUK extension to the filenames of encrypted files. BIDON Ransomware uses a symmetric cryptographic algorithm to encrypt files. It creates a ransom note named readme.txt that informs the victim that their data has been encrypted and demands payment for its decryption. Unfortunately, there are currently no free decryption tools available for BIDON Ransomware. However, using instructions and tools from this article you will be able to recover your data fully or partially. Below you can get acquainted with the text from the ransom note of this ransomware.