malwarebytes banner


Useful tutorials on various PC troubleshooting topics. Video tutorials.

How to remove Erif Ransomware and decrypt .erif files

Erif Ransomware, being a part of STOP Ransomware is a critical virus, endangering user's personal files. It belongs to the family of file-encrypting malware, that uses the AES (Salsa20) algorithm and unbreakable key. This virus is, sometimes, called DJVU Ransomware, after the word used as an extension in the first versions (.djvu). The variant of the threat, that we describe today, modifies files with .erif extension. Files are encrypted with a secure key and there are quite small chances to decrypt them completely. However, certain manual methods and automatic tools, described in this article can assist you to successfully decrypt some data.

How to remove Fonix Ransomware and decrypt .fonix, .repter or .XINOF files

Also known as FonixCrypter, Fonix Ransomware is an infection, that uses Salsa20 and RSA 4098 algorithms to restrict data accessibility. It encrypts the stored files of various formats - photos, videos, documents, audios, and others that seem to be valuable around regular users. Along the encryption process, the virus assigns compound extensions including e-mail of cybercriminals, personal ID, and .fonix extension at the end. Some versions of Fonix exploit other extensions like .repter and .XINOF. For example, a file like 1.mp4 will be transformed into 1.mp4.EMAIL=[]ID=[1E857D00].Fonix and reset its shortcut as well. It is said that no third-parties tools will be able to decrypt your files because their key is stored on cybercriminal's servers. Instead, developers propose you to buy their decryption key in Bitcoin. If you fail to do this within 2 days, your fee will be doubled immediately. Also, they offer detailed info on how to convert money to BTC in case you have never done it before. As a consolation bonus, extortionists provide decryption of 1 small file for free. Despite this, it is dangerous to pay for the key, because they tend to dumb gullible users, as statistics say. Unfortunately, it is true that there are no feasible methods to unlock files encrypted by Fonix Ransomware. The best way to restore it is by using an external backup of lost files, if possible.

How to remove STOP Ransomware and decrypt .repl, .kuus, .maas or .zida files

If you cannot open your files and they've got .repl, .kuus, .maas or .zida extensions added at the end of the filenames, it means your PC is infected with STOP/Djvu Ransomware. This malware is tormenting its victims since 2017 and already became the most wide-spread ransomware-type virus in history. It infects thousands of computers per day using various methods of distribution. It is using a complex combination of symmetric or asymmetric encryption algorithms, removes Windows restore points, Windows previous versions of files, shadow copies and basically leaves only 3 possibilities for recovery. First is to pay the ransom, however, there is absolutely no guarantee, that malefactors will send the decryption key back. The second possibility is very unlikely, but worth trying - using special decryption tool from Emsisoft, called STOP Djvu Decryptor. It works only under a number of conditions, that we describe in the next paragraph. The third one is using file-recovery programs, that often act as a workaround for ransomware infection problems.

How to run Windows programs on Mac

The range of leading operating systems comes down to two major giants - Windows and Mac. Those who get their first experience on Mac after moving from Windows start wondering about how can I use all of the windows-based applications that I used previously. It's been quite a big problem for gaming geeks who strive to spend their break at the helm of iconic games apart from the job without having additional PC nearby. Well, there are various ways that can help you launch these programs even without their actual compatibility on Mac. For this, let's deep dive into our tutorial on how to open Windows programs on Macintosh below.

How to remove HE-HELP Ransomware and decrypt ._HE or ._HE._LP files

HE-HELP Ransomware (Normanzak Ransomware) is a type of malware that encrypts files of users or business holders. Ransomware is considered to be the most dangerous piece since your files get locked forever unless you pay them a certain fee. Unfortunately, because HE-HELP popped in June 2020, security experts have not found a crack to decrypt users’ data for free. Like other infections, the virus assigns new extensions to normal files - either ._HE or ._HE._LP. For instance, 1.mp4 will appear like 1.mp4._HE or similarly after the encryption process is done. Thereafter, the ransomware triggers an automatic opening of a text file called READ_ME_.txt, which is dropped on the victim's desktop. In this note, people can see the encryption report including instructions on how to revive your data. They say that you should contact them via one of the attached e-mails and mention your company name. Cybercriminals also offer a free option to decrypt up to 3 files as a proof sign towards their honesty. Furthermore, they terrify you with threats of publishing your data worldwide. However, if you do not have anything precious to worry about, then you can simply delete it from your computer. In other cases, there is no feasible option to retrieve the affected files with the help of third-parties tools. Either way, we recommend you to wait some time until security experts find a way to handle HE-HELP Ransomware.

How to remove PL Ransomware and decrypt .encoded_PL files

PL is a ransomware infection recently found by cyber experts. The malware of this type encrypts files and demands a fee to get them back. Developers of PL Ransomware simply assign the .encoded_PL, unlike others that use complex combinations of ID numbers with random characters. For instance, a file like 1.mp4 will be changed to 1.mp4.encoded_PL and reset its icon as well. After this, the ransomware script creates a text note (!ALL_YOUR_FILES_ARE_ENCRYPTED) that explains how to decrypt your data. To do so, you should contact them via e-mail to get further instructions for buying a decryption key. It also provides an ability to restore a couple of files for free to prove their integrity. Unfortunately, the research is still underway because security experts have not found a way to decrypt files just yet. However, we can help you with the uninstallation of PL Ransomware to secure further protection in the article below.