Tfude Ransomware, which is actually next generation of STOP Ransomware appeared in January of 2019. This virus encrypts user's essential files, such as documents, photos, databases, music with AES encryption and adds .tfude (later started to append .tfudet and .tfudeq) extensions to affected files. This ransomware is almost identical to .puma Ransomware and .djvu Ransomware, and belongs to the same authors, because it uses the same e-mail adresses (firstname.lastname@example.org and email@example.com) and same BitCoin wallets. Tfude variation of STOP Ransomware displays fake Windows Update pop-up during the process of file encryption. From the file above we can understand, that hackers offer 50% discount for decryption, if ransom amount is paid within 72 hours. However, this is just a trick to encourage people to pay the ransom. Often hackers don't send decryptor after this. We recommend you to remove executables of STOP Ransomware and save those encrypted files to the time, when decryption tool appears. Before that, you can try manual instructions described in this article to restore files.
This article contains information about version of STOP Ransomware that adds .pdff, .tro or .rumba extensions to encrypted files, and creates _openme.txt ransom note file on the desktop and in the folders with affected files. This variation first appeared in January, 2019 and almost identical to previous .puma Ransomware and .djvu Ransomware. Ransomware virus still uses AES encryption algorithm and still demands ransom in BitCoins for decryption. All three varieties belong to one author, because they are using the same e-mail addresses for communication: firstname.lastname@example.org and email@example.com. From the file above we can learn, that hackers offer 50% discount for decryption, if ransom amount is paid within 72 hours. However, from our experience, this is just a trick to encourage person to pay the ransom. Often malefactors don't send decryptor after this. We recommend, that you remove active infection of STOP Ransomware and preserve your files until decryption tool appears. Until that time, you can try manual instructions on this page to attempt restoring encrypted files.
GandCrab v5.1 Ransomware is fifth generation of very dangerous and harmful GandCrab Ransomware. It is yet unknown what type of encryption algorithm it uses. Virus assigns randomly generated identification code to each particular user. It looks like set of 8 letters and GandCrab v5.1 Ransomware uses it to create .[random-letters] extension and ransom note filename will look like this: [random-letters]-DECRYPT.txt and [random-letters]-DECRYPT.html. The contents of this ransom note is slightly different from previous versions of this malware. Unfortunately, files encrypted by GandCrab v5.1 Ransomware are currently not decryptable. However, as some of the previous versions had decryptor from BitDefender, we will provide download link for this tool below. There is a possibility, that they will update the program to decrypt latest instances of GandCrab Ransomware. We also provide general manual instructions, that can, in many cases, help you restore some or even all encrypted files. All these methods are worth trying.
Monro Ransomware is subtype of Crysis-Dharma-Cezar ransomware family, that adds .monro extension to encrypted files. Virus uses composite extenion, that consists of e-mail adress and unique 8-digit identification number (randomly generated). Monro Ransomware developers extort from $500 to $1500, that have to be paid in Monero, Dash or BTC (BitCoins) for decryption. Due to the fact, that hackers often do not send decryption keys, or just ignore e-mails from victims, who paid the ransom, it is not recommended to send any funds. Usually, after some time security specialists and individual researchers break the algorithm and release master key. Also, some files can be recovered by using backups, recovery software and instructions given on this page.
Scarab-Enter Ransomware is one of the varieties of Scarab Ransomware family. Scarab Ransomware has typical malicious activity: it encrypts user files using AES encryption and demands ransom of 0.3 BitCoins for decryption. Virus-extorsionist appends .enter or .lol extensions to encrypted files. Depending on version, after encryption Scarab Ransomware creates text files HELP HELP HELP.TXT or HOW TO RECOVER ENCRYPTED FILES.TXT text files with instructions to pay the ransom. Some of the previous Scarab versions were decryptable, however, if you won't succeed in decryption, do not pay the ransom. There are a lot of reports from the victims, that malefactors don't send decryptors. If Dr. Web Decryption Service fails for you, try manual instructions on this page and file-recovery software. In most cases this helps to restore some important files. In this article we collected, consolidated and structured available information about this malware and possible ways of removal and decryption.
Evolution Ransomware is new ransomware with currently unknown genealogy. There are some indications, that it is based on hte code of Everbe 2.0 Ransomware. Virus encrypts user's files using AES encryption algorithm and adds .evolution extension to encoded files. After contacting the developers via one of the provided e-mails, they demand 2 BitCoins for decryption and offer to decrypt 1 file for free as a proof. After this they send wallet for sending funds. 2 BitCoins at the time of righting this article had equivalent of $8000. We do not recommend paying the ransom as there is no guarantee malefactors will send final decryptor. Currently, there are no decryption tools available for this type of crypto-virus. The only way to get all files back is to restore from backups. You can also try to use instructions and tools below to recover some important files.