Tutorials

Mallox is the name of a ransomware virus able to encrypt all valuable data stored on a PC. The file-encryptor uses strong encryption algorithms to assign unique ciphers and deny further access to data. It also attaches the new .mallox extension meant to highlight the blocked data. To illustrate, a file like 1.pdf will change to 1.pdf.mallox and reset its original icon. Note that removing the .mallox extension will not help you open the file as long as it is encrypted. After successful encryption, the virus opens and places a text note called RECOVERY INFORMATION.txt onto your desktop that contains ransom instructions. The file says only unique decryption software will be able to access your data. In order to get it, users should send an e-mail letter with their personal ID to cybercriminals. Then, victims will be given further instruction on how to purchase the decryption tool. It is also mentioned there is a possibility to test free file decryption by sending a few encrypted samples that do not contain valuable data. Before you start thinking about recovery options, we have to inform you about the risks of paying the ransom. Many cybercriminals fool their victims and do not send any decryption instruments even after receiving the money.

Also known as Hakbit, Thanos is a ransomware group that develops a number of file-encrypting infections. It was first discovered by GrujaRS, an independent security researcher specializing in ransomware. The virus has quite a long genealogy tree with lots of different versions using AES algorithms to run file encryption. Each of them has a separate extension that is assigned to encrypted data. The most recent are .steriok, .cyber, and .crystal. If you spotted the change of shortcut icons along with extensions, this means your files have been successfully encrypted. To illustrate, a file like 1.pdf will change to 1.pdf.steriok, 1.pdf.cyber, 1.pdf.crystal or similarly depending on which version infiltrated your system. After encryption, Thanos creates either HOW_TO_DECYPHER_FILES.txt, HELP_ME_RECOVER_MY_FILES.txt or RESTORE_FILES_INFO.txt text files. These are the names of ransom notes containing instructions on how to redeem your data.

Zoom is a ransomware program that runs encryption of data to demand money for its recovery. During file encryption, Zoom uses strong mathematical algorithms along with the .zoom extension that is appended to change files visually. For instance, a file like 1.pdf will change to 1.pdf.zoom and reset its default shortcut icon. The same will be seen across all other data targetted by Zoom Ransomware. After getting things done with the encryption, Zoom changes desktop wallpapers and creates the recover-youe-all-files.txt file containing ransom instructions.

CryptoJoker is a ransomware family that releases every new file-encryptor each year. Alike other ransomware infections, CryptoJocker pursues data encryption of potentially valuable data (e.g. pictures, videos, music, documents, databases, etc.) to demand money for its complete return. Depending on which version attacked your system, the encrypted files will be appended with one of these following extensions - .encrypter@tuta.io.encrypted, .crjoker, .cryptolocker, .cryptoNar, .cryptolocker, .nocry, .devos, .devoscpu. Those are often accompanied by .fully and .partially suffixes, suposed to mean, that some files are fully or partially encrypted. For instance, a file like 1.pdf may change to 1.pdf.crjoker, 1.pdf.encrypter@tuta.io.encrypted, and so forth. Different versions of CryptoJocker used different formats of presenting ransom instructions. Some display an interactive window, while others create separate text notes.

Discovered by a researcher named S!Ri, Foxxy is a malicious program that belongs to the malware category known as ransomware. Its main goal is to encrypt personal data and demand money for its recovery. The moment Foxxy starts enciphering data, all files will get a new .foxxy extension and reset their shortcut icons. This is how an encrypted file like 1.pdf will finally look like - 1.pdf.foxxy. Then, as soon as the encryption process is done, the virus displays a full-screen window and creates a text note called ___RECOVER__FILES__.foxxy.txt. Both of them feature ransom instructions to recover the data. You can check the full content of both ransom notes down below:

The Graphics card plays a very important role - that is analyzing and displaying the picture to your monitor. Sometimes, there are troubles when Windows cannot identify whether a graphics card is installed on your motherboard. In other words, users cannot use it to run video games and other tasks during the process. Usually, computers are equipped with integrated cards alongside the processor to run simple tasks. Discrete ones get often enabled to increase maximum performance during gaming and editing experience. If one of them goes off, the system will switch up to another. This can slacken your PC and limit its capabilities to pull off the needed tasks. Luckily, experts have found and tested some methods that contributed to solving this issue thus far. See the step-by-step guide to revive your graphics card down below.

Udacha is a ransomware virus that encrypts data with AES+RSA algorithms and demands payment of 490$ (0.013 BTC) in order to return it. This information is visible inside of the ReadMe_Instruction.mht file, which is created after encryption puts its finishing touches onto the data. Prior to this, however, users will see their files changed with the .udacha extension. To illustrate, a file like 1.pdf will change to 1.pdf.udacha and reset its shortcut icon. Below, you can see the full information that is written within the ransom note.

GABUTS PROJECT is a ransomware virus that encrypts system-stored data to extort money for its return. It does so by appending the .im back extension to each modified file. Files like music, videos, pictures, and documents will acquire the new extension and reset their original shortcut icons. Here is an example of how encrypted files will look like - 1.pdf.im back; 1.mp4.im back; 1.png.im back, 1.docx.im back, and so forth. After this, the virus features a pop-up window and creates the "gabuts project is back.txt" file containing ransom instructions. The text is written in first person with requests to send 100 BTC for data decryption. This is exactly the price victims should send in order to restore the data. It is also mentioned this payment has to be done within 1 day after infection. To begin communication, victims should write to the pinned e-mail address. According to the text, there is also an option to decrypt 1 file by accessing the tor link. Unfortunately, nobody will pay the price of 100 Bitcoins (5,712,670$) unless it is a big corporation that lost extremely important data.