Tutorials

Perfection is a ransomware-infection that involves RSA and AES algorithms to encrypt personal data. The purpose of such attacks is about capitalizing on desperate victims willing to restore their files. As a result, developers behind Perfection offer to pay for the decryption tool that will help you regain access to data. Before that, however, Perfection Ransomware appends the .perfection extension to each of the files. For example, 1.mp4 will change to 1.mp4.perfection and so on. Then, once this process is done, extortionists create a number of identical browser files and place them into folders with encrypted data. The ransom note created by Perfection is known as Recovery_Instructions.html.

Using a set of cryptographic algorithms, Assist Ransomware encrypts personal data and claims money for its decryption. This practice is highly-popular around ransomware infections as they make everything possible to leave no choice to desperate victims. Because of powerful ciphers applied by Assist, manual decryption becomes quite an arduous task. This is why cybercriminals offer to contact them via the team-assist002@pm.me e-mail address and receive further instructions. This information is listed inside of the note (ASSIST-README.txt) created after your data is locked completely. Not to mention that this version of ransomware encrypts files using the .assist extension. To illustrate, a file like 1.mp4 will get a new look of 1.mp4.assist after the encryption is done. As mentioned, the only possible method to get 100% decryption is with the help of ransomware developers, however, this is not the best option since they can fool you and do not give any software for restoring the data. We strongly insist on deleting Assist Ransomware from your computer to prevent further encryption, especially if you do not regret the lost data that much.

According to recent forum reports, users are dealing with a new ransomware infection known as Bonsoir. This virus targets local networks (NAS, QNAP, Samba/SMB, Synology) encrypting the stored data with AES-CFB algorithms. The decryption of files is thereby offered inside of a text file called HOW-RECOVER-MY-FILES.txt. To elaborate on data encryption, we should mention that Bonsoir applies a one-word extension to each piece of data - .bonsoir. For example, if there was a file named 1.mp4 in your storage, it will change to 1.mp4.bonsoir as a result of infection. Developers of the virus claim their instructions to be the only solution towards restoring your files. One of the victims actually emptied his pockets and bought the decryption key imposed by extortionists. He, therefore, managed to recover his files with the provided key. Unfortunately, this method does not fit everybody because of the high amounts required by cybercriminals and the risk to be fooled by them. This is why our advice is to delete Bonsoir QNAP NAS Ransomware and try using legitimate utilities to access your data.

Cuba Ransomware is a malicious program, which uses a set of cryptographic algorithms to encrypt personal data. The virus has been seen in different versions with different styles of encryption. They might differ by ransom instructions, but usually, all of them apply the same .cuba extension and FIDEL.CA file marker in the header. For example, an infected file like 1.mp4 will transform and start looking like this 1.mp4.cuba or similar. Then, once the encryption is up, Cuba drops a text file stating how to decrypt your data. Many victims have received various instruction samples (!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT). In most of the cases, all of them tell victims to contact the attached e-mail with their personal ID number. After this, people will get the necessary steps to run the payment and retrieve the decryption tools promised by the developers. Unfortunately, statistics upon successful decryption are pretty poor. This is because there are potent ciphers applied to the files, which makes it hard to decrypt them.

Cring is categorized as a ransomware-type virus that encrypts personal data of various sorts (images, videos, documents, etc.) To make the encryption successful, Cring applies special cryptographic algorithms, which establish strong cipher protection. All of this is accompanied by the assignment of the ".cring" extension, which is added to the end of each file. As an example, the original piece like 1.mp4 will be changed to 1.mp4.cring and reset its icon. Whilst this process is underway, the virus prepares to drop a text file (!!!!deReadMe!!!.txt) containing ransom instructions. Inside of a document, extortionists are straightforward saying that your files are impossible to unlock on your own. The only solution is to contact developers and pay a fee of 2 bitcoins. Unfortunately, because the infection is very new to the ransomware world, cyber experts have not found a way to decrypt it for free just yet.

A new ransomware infection known as DEcovid19 has come to the web and caused a lot of attacks on unprotected PCs. The virus was reported on 11th January by desperate victims with data encrypted. Based on current information, it is clear that DEcovid19 blocks access to data by changing file extensions to .covid19 or .locked. An example of the original 1.mp4 impacted by ransomware may appear in two ways: either as 1.mp4.locked or 1.mp4.covid19. Once the encryption process gets to a close, the malicious program creates a text note (!DECRYPT_FILES.txt or ATTENTION!!!.txt) meant to explain decryption instructions. Inside, users can see a quick skim through the virus information. The next part of the text is dedicated to restoring your data. Users are said to contact the telegram bot attaching personal ID in the subject line and writing how many PCs need to be decrypted. It is also necessary to send 1-2 encrypted files that do not contain important information (less than 2MB) so that cybercriminals could match up the right decoder for your data. The last, but not least said by swindlers is time boundaries - you have 72 hours to make a decision and pay for the decryption key.

Fair Ransomware is one of many dangerous pieces that encrypts personal type of data. It belongs to the malware family known as Makop, which has developed a number of similar infections. Once Fair Ransomware attacks your system, it installs certain scripts, which block access to multiple files by assigning unique extensions. These extensions consist of a personal ID number, [fairexchange@qq.com] suffix, and .fair at the end of each file. An example of the original sample that experienced these changes looks like this 1.mp4.[9B83AE23].[fairexchange@qq.com].fair. Whilst the access to data is no longer in users' hands, extortionists create a text file called readme-warning.txt in each folder containing encrypted files. Inside of this note, cybercriminals briefly explain to confused people what has happened to their PCs. Then, the creators of Fair Ransomware tell it is necessary to buy the decryption software (in BTC) to regain control over the data. They also offer to take part in the so-called "guarantee check", allowing users to decrypt 2 files of limited size for free. Unfortunately, even though such tricks should justify the integrity of swindlers, statistics are out to say the opposite.

Also known as WickrMe, Hello Ransomware is a dangerous virus that encrypts personal data (photos, videos, documents, etc.). Alike other infections of this sort, it also demands a fee to be paid after encryption. However, before that Hello Ransomware changes your files with the new .hello extension. No extra symbols are included, so your files will look like this 1.mp4.hello and similarly. Then, once such changes are over, the virus creates a text note (Readme!!!.txt) containing ransom instructions. Within this document, users are instructed to contact cyber criminals via attached e-mails or Wickr Me (a private messenger). Therefore, they will receive a list of steps to perform the payment and recover the compromised data. Unfortunately, although ransomware developers are usually the only figures able to decrypt your data, we do not recommend implementing the required payment. Otherwise, it may appear to be a waste of cash since there is no guarantee you will get the promised decryption. Statistically, extortionists ignore users even after completing all of the steps. Thus, it is necessary to delete Hello Ransomware from your computer to prevent further data decryption.