Tutorials

Magniber My Decryptor Ransomware is wide-spread crypto-virus, that targets Windows-PCs. Focuses on English and South Korean users. Since June 2018, Magniber attacks have shifted to other countries in the Asia-Pacific region: China, Hong Kong, Taiwan, Singapore, Malaysia, Brunei, Nepal and others. Virus got its name from the combination of the two words Magnitude + Cerber. Here, Magnitude is a collection of exploits, the last for Cerber is the vector of infection. With this threat, the Cerber malware ended its distribution in September 2017. But on the Tor site of the ransomware it is stated: My Decryptor, here is where second part of the name came from. After encryption Magniber My Decryptor Ransomware can add 5-6-7-8 or 9 random letters as file extension. Magniber My Decryptor Ransomware demands 0.2 BitCois for file decryption. Hackers threaten to double the amount in 5 days. Virus can encrypt almost any file on your computer, including MS Office documents, OpenOffice, PDF, text files, databases, photos, music, video, image files, archives.

Gamma Ransomware is file-encrypting virus, categorized as ransomware and belonging to Crysis-Dharma-Cezar family. This is one of the most widespread ransomware families. It got its name due to file extension it adds to encrypted files. Virus uses complex extenion that consists of e-mail adress and unique 8-digit identification number (randomly generated). Gamma Ransomware developers demand from 0.05 to 0.5 BTC (BitCoins) for decryption, but offer to decrypt 1 non-archived file for free. The file should be less than 1 Mb. We recommend you to recover 1 random file, as it can help fo possible decoding in future. Keep the pair of encrypted and decrypted samples. Currently, there is no decryption tools available for Gamma Ransomware, however, we recommend you to use instructions and tools below. Often, users remove copies and duplicates of docmunets, photos, videos - infection may not affect deleted files. Some of removed files can be restored by using file recovery software.

Java Ransomware is extremely harmful file-encrypting virus, that belongs to the family of Dharma/Crysis ransomware. It adds .java extension to all encrypted files. Usually, this is complex suffix that contains unique id and e-mail. Java Ransomware uses spam mailing with malicious .docx attachments. Such attachments have malicios macros, that runs when user opens the file. This macros downloads executable from the remote server, that, in its turn, starts encryption process.

Nozelesn Ransomware is new type of ransomware, that uses AES-128 encryption to encode user files. It appends .nozelesn extension to "in cipher" files. According ro researchers Nozelesn Ransomware firstly targeted Poland, but then expanded to other european countries. After successful encryption virus drops HOW_FIX_NOZELESN_FILES.htm file with ransom-demanding message on the desktop and in the folders with affected files. The price for decryption is 0.10 BitCoins, that is currently ~$650. Malefactors promise to send decryption key within 10 days. However, cybercrooks cannot be trusted as, according to our experience, oftne do not hold out promises not to put their encryption algorithm at risk. At the moment of writing this article there is no decryptors released, but we keep abreast of the situation.

JobCrypter Ransomware is crypto-virus ransomware based on Hidden Tear code. Virus adds .locked or .css extension sto encrypted files. This crypto-extortioner encrypts user data using 3DES, and then requires a redemption to return the files back. Judging by the text of the demand for the ransom, JobCrypter is focused only on French users. However, it is noteworthy that many infected JobCrypter PCs were in Lithuania. To remove the blocking of files, the affected party needs to pay a ransom of 300 euros from the PaySafeCard.

Updated version of STOP Ransomware ransomware appends .PAUSA, .CONTACTUS, .DATASTOP or .STOPDATA suffixes to encrypted files. Virus still uses RSA-1024 encryption algorithm. All versions, except .STOPDATA, demand $600 ransom in BTC (BitCoin cryptocurrency), last one offers decryption for $200. Still malefactors offer to decrypt from 1 to 3 files for free to prove, that decryption is possible. This can be used to attempt decoding in future. At the moment, unfortunately, the only way to restore your files is from backups.

Dharma-Arena Ransomware belongs to CrySis family, previous wide-spread ransomware of this type was Dharma Ransomware, that we described on this blog. Dharma-Arena Ransomware was detected by security researches first time in August 2017. Since then, it had numerous updates. Different versions of Dharma-Arena Ransomware demand different ransom amounts. It varies from 0,20 to 0,73 BitCoins, which is near $5000. Security experts do not recommend to pay developers of ransomware, as this encourages them to create new variations and does not guarantee decryption of your files. Actually, most times malefactors don't send decryption keys. Latest versions of Dharma-Arena Ransomware are not decryptable, however there is a chance to restore files affected by older versions.

Bip Ransomware is another successor of Dharma/Crysis Ransomware family. New variation adds complex suffix, that ends with .bip extension, to all affected files. Bip Ransomware encrypts almost all types of files, that can be valuable to users, such as documents, images, videos, databases, archives, project files, etc. It is currently unknown, what type of encryption algorithm Bip Ransomware uses, but probably it is AES. Bip Ransomware usually demands from $1000 to $2000 in BitCoins for the decryption key. However, often hackers don't send any keys and it is not recommended to pay the ransom. As for today, the 5-th of May 2018, decryption is not possible, however, you can attempt to decrypt your files from backups or trying file recovery software.