Tutorials

Ziggy is a new ransomware-infection recorded in December 2020. The virus sneaks into your system disabling all protectionary layers on your PC. Then, it gets the job done by running data encryption with AES256-GCM and RSA-4096 algorithms. These ensure strong encryption, which is hard to decipher. Before going deeper into details, it is important to say that there are two versions of Ziggy Ransomware. The first uses the .ziggy extension along with victims' ID and cybercriminals' e-mail to configure the data. The later version of Ziggy Ransomware detected recently started involving the same string of information but changed the extension at the end to .optimus. For example, a file like 1.docx would change to 1.docx.id=[88F54427].email=[khomeyni@yahooweb.co].ziggy or 1.docx.id[B68A285D].[sikbeker@tuta.io].optimus depending on which version affected your PC. Following successful encryption, the malicious program creates a text file containing decryption instructions. The name of the files can vary from version to version, so there is no commonly-used, but initially, it was called ## HOW TO DECRYPT ##.exe.

Matroska Ransomware is a malicious piece aimed at data encryption. Matroska used to show its activity a couple of years ago until it went dormant. Within some time, it started a series of new infections on users' PCs. Whilst older examples of Matroska applied the .HUSTONWEHAVEAPROBLEM@KEEMAIL.ME, .happyness, .encrypted[Payfordecrypt@protonmail.com], .nefartanulo@protonmail.com extensions to encrypted files, recent attacks of this ransomware showed the new .siliconegun@tutanota.com extension being involved. Depending on which version impacted your system, a file like 1.mp4 will change to 1.mp4.happyness or 1.mp4.siliconegun@tutanota.com at the end of encryption. Once this process is finished, the virus goes further and creates a text file (HOW_TO_RECOVER_ENCRYPTED_FILES) with decryption instructions. Alike other ransomware infections, Matroska asks victims to pay a fee. The amount may vary from person to person, however, we do not recommend buying their software. Luckily, experts found that Dr.Web (leading antimalware software) is able to decrypt your data legitimately and risk-free. Before doing so, you've got to make sure you deleted Matroska Ransomware from your computer. Only then you can use third-party tools to recover the data. For more information on both removal and data decryption, follow the article down below.

DearCry Ransomware is a dangerous virus, which targets the encryption of personal data. Such malware makes everything sure that there is no way to decrypt the locked files. Knowing that, cybercriminals offer their own solution - to buy the decryption key stored on their servers. Because most users can find no way out of the trap, they agree on paying the ransom to recover the data. Unfortunately, this is a serious risk proven by multiple victims who did not receive the promised decryption. This is why it is better to delete DearCry Ransomware and reclaim your files via backup or data-recovery tools. If you are the one having files changed with the .crypt extension, which was then accompanied by the ransom note creation (readme.txt), chances are you are infected with DearCry Ransomware.

Developed on Node.js, JoJoCrypter is a malicious program that functions as a data-encryptor. A thorough investigation conducted recently shows there is a .jojocrypt extension assigned to each of the files. To illustrate, a non-encrypted 1.mp4 will turn into 1.mp4.jojocrypt as a result of infection. Along with this, it is also known that JojoCrypter uses RSA-2048 and AES-192 algorithms to cipher innocent files. It also creates a short ransom note how to recover your files.txt with following content. Unfortunately, the decryption with third-party tools appears to be an impossible task. The encryption chains are too strong and flawless to crack. This is why the only option (apart from paying the ransom) is to recover your files using backup or data-recovery tools. Otherwise, you will be forced to pay for the keys proposed by cybercriminals, which is mentioned in the ransom note dropped on your PC after encryption. Swindlers are not using too many words for describing what happened, instead, they attach their e-mail address to be contacted for further instructions.

Parasite is one of the newest ransomware samples detected by cyber experts in recent days. Alike other malware of this type, Parasite encrypts personal data and demands money for the decryption. However, it was found that Parasite has a significant flaw - it encrypts data with the wrong cipher and overwrites data with 256 bytes. This means that all data encrypted by Parasite loses its value completely, simply because it gets replaced with empty space. For example, a word file, which weighs megabytes of data will decrease and start weighing mere 256 bytes. Such a bug instantly shows that Parasite is not able to decrypt your files, simply because they become damaged. Of course, they claim to decrypt them in HOW_CAN_GET_FILES_BACK.txt ransom note (alternatively @READ_ME_FILE_ENCRYPTED@.html or info.hta), which is created after encryption, but it does not make any sense due to the above-mentioned.

Perfection is a ransomware-infection that involves RSA and AES algorithms to encrypt personal data. The purpose of such attacks is about capitalizing on desperate victims willing to restore their files. As a result, developers behind Perfection offer to pay for the decryption tool that will help you regain access to data. Before that, however, Perfection Ransomware appends the .perfection extension to each of the files. For example, 1.mp4 will change to 1.mp4.perfection and so on. Then, once this process is done, extortionists create a number of identical browser files and place them into folders with encrypted data. The ransom note created by Perfection is known as Recovery_Instructions.html.

Using a set of cryptographic algorithms, Assist Ransomware encrypts personal data and claims money for its decryption. This practice is highly-popular around ransomware infections as they make everything possible to leave no choice to desperate victims. Because of powerful ciphers applied by Assist, manual decryption becomes quite an arduous task. This is why cybercriminals offer to contact them via the team-assist002@pm.me e-mail address and receive further instructions. This information is listed inside of the note (ASSIST-README.txt) created after your data is locked completely. Not to mention that this version of ransomware encrypts files using the .assist extension. To illustrate, a file like 1.mp4 will get a new look of 1.mp4.assist after the encryption is done. As mentioned, the only possible method to get 100% decryption is with the help of ransomware developers, however, this is not the best option since they can fool you and do not give any software for restoring the data. We strongly insist on deleting Assist Ransomware from your computer to prevent further encryption, especially if you do not regret the lost data that much.

According to recent forum reports, users are dealing with a new ransomware infection known as Bonsoir. This virus targets local networks (NAS, QNAP, Samba/SMB, Synology) encrypting the stored data with AES-CFB algorithms. The decryption of files is thereby offered inside of a text file called HOW-RECOVER-MY-FILES.txt. To elaborate on data encryption, we should mention that Bonsoir applies a one-word extension to each piece of data - .bonsoir. For example, if there was a file named 1.mp4 in your storage, it will change to 1.mp4.bonsoir as a result of infection. Developers of the virus claim their instructions to be the only solution towards restoring your files. One of the victims actually emptied his pockets and bought the decryption key imposed by extortionists. He, therefore, managed to recover his files with the provided key. Unfortunately, this method does not fit everybody because of the high amounts required by cybercriminals and the risk to be fooled by them. This is why our advice is to delete Bonsoir QNAP NAS Ransomware and try using legitimate utilities to access your data.