malwarebytes banner


Useful tutorials on various PC troubleshooting topics. Video tutorials.

How to remove Polis Ransomware and decrypt .polis files

Polis is a recent ransomware infection. Alike other malware within this category, it renders files inaccessible and demands victims to pay a monetary ransom. During encryption, the virus assigns its own .polis extension to highlight the blocked data. For instance, an innocent file previously named 1.pdf will change its name to 1.pdf.polis and reset the original icon as well. Following this, Polis Ransomware creates a text note (Restore.txt) to instruct what victims should do. It is said victims have 2 days to establish contact with cybercriminals (via e-mail) and pay money to them for decryption. Otherwise, if the deadline will not be met, extortionists promise to publish the uploaded copies of locked data on special public domains. By posing such threats, cybercriminals try to make victims act immediately and follow what the guidelines say.

How to remove Ofoq Ransomware and decrypt .ofoq files

Ofoq Ransomware is a devastating crypto-virus (variation of STOP Ransomware), that uses the AES-256 asymmetrical encryption algorithm to restrict user access to their files without the key. Malware appends .ofoq extensions to files, make them unreadable and extort ransom for decryption. Unfortunately, due to technical modifications in the newest version, file recovery is impossible without backups. However, there are certain standard Windows features and tools, that may help you restore at least some files. File-recovery software may also be useful in this case. In the text box below, there is a text message from _readme.txt file, called "ransom note". In this file, malefactors disclose contact information, the price of the decryption, and ways to pay the ransom.

How to remove Oflg Ransomware and decrypt .oflg files

The number of queries related to new ransomware activity is growing each day with new infections. This time around, users are dealing with Oflg Ransomware, which is a new and dangerous piece developed by the Djvu/STOP family. Its recent activity has encrypted a lot of personal data with strong algorithms. Despite Oflg Ransomware has not being totally inspected just yet, there are some things that are clear already. For example, the virus reconfigures various types of data (images, documents, databases, etc.) changing original extensions to .oflg. This means that all types of data will save its initial name, but change the main extension to something like this "1.pdf.oflg". Once the encryption process gets to a close, you will no longer be able to access your data. In order to regain it, extortionists have scripted the creation of identical notes dropped into encrypted folders or onto a desktop. The name of the note is usually _readme.txt, which contains detailed instructions on how to recover your data.

How to remove Moisha Ransomware and decrypt your files

Moisha is a ransomware virus developed and promoted by the PT_MOISHA Hacking Team. This group of developers targets files of business-related users. After infiltrating the system and running strong encryption of data, the cybercriminals demand $10,000 in ransom for file decryption and a guarantee to not publish the collected information. All of this information is presented in more detail within the !!!READ TO RECOVER YOUR DATA!!! PT_MOISHA.html text note created after successful encryption. Unlike other ransomware infections, Moisha does not add any custom extensions to the affected files.

How to remove Aabn Ransomware and decrypt .aabn files

Aabn Ransomware (that is a part of a large family of STOP/Djvu Ransomware) is an obnoxious virus, that encrypts files on computers using the AES encryption algorithm, makes them unavailable, and demands money in exchange for so-called "decryptor". Files processed by the latest version of STOP Ransomware, in particular, can be distinguished by .aabn extensions. The analysis showed that the cryptographic installer loaded with the "crack" or adware is installed under an arbitrary name in the %LocalAppData%\ folder. When executed, it loads four executable files there: 1.exe, 2.exe, 3.exe and updatewin.exe. The first of them is responsible for neutralizing Windows Defender, the second is for blocking access to information security sites. After the malware is launched, a fake message appears on the screen that says about installing the update for Windows. In fact, at this moment, almost all user files on the computer are encrypted. In each folder containing encrypted documents, a text file (_readme.txt) appears, in which attackers explain the operation of the virus. They offer to pay them a ransom for decryption, urging them not to use third-party programs, as this can lead to the deletion of all documents.

How to remove Aayu Ransomware and decrypt .aayu files

New wave of STOP Ransomware infection continues with Aayu Ransomware, that appends .aayu extensions. Those extensions are added to encrypted files in the middle of September 2022. This tricky virus uses the AES encryption algorithm to encode users' important information. As a rule, Aayu Ransomware attacks photos, videos, and documents - data, that people value. The malware developers extort ransom and promise to provide a decryption key in return. Full decryption of lost data is possible in a minority of cases, if an offline encryption key was used, otherwise, use instructions on the page to recover enciphered files. After infection, malware creates _readme.txt file, that acts as a ransom note and contains the following message.