malwarebytes banner


Useful tutorials on various PC troubleshooting topics. Video tutorials.

How to remove DearCry Ransomware and decrypt .crypt files

DearCry Ransomware is a dangerous virus, which targets the encryption of personal data. Such malware makes everything sure that there is no way to decrypt the locked files. Knowing that, cybercriminals offer their own solution - to buy the decryption key stored on their servers. Because most users can find no way out of the trap, they agree on paying the ransom to recover the data. Unfortunately, this is a serious risk proven by multiple victims who did not receive the promised decryption. This is why it is better to delete DearCry Ransomware and reclaim your files via backup or data-recovery tools. If you are the one having files changed with the .crypt extension, which was then accompanied by the ransom note creation (readme.txt), chances are you are infected with DearCry Ransomware.

How to remove JoJoCrypter Ransomware and decrypt .jojocrypt files

Developed on Node.js, JoJoCrypter is a malicious program that functions as a data-encryptor. A thorough investigation conducted recently shows there is a .jojocrypt extension assigned to each of the files. To illustrate, a non-encrypted 1.mp4 will turn into 1.mp4.jojocrypt as a result of infection. Along with this, it is also known that JojoCrypter uses RSA-2048 and AES-192 algorithms to cipher innocent files. It also creates a short ransom note how to recover your files.txt with following content. Unfortunately, the decryption with third-party tools appears to be an impossible task. The encryption chains are too strong and flawless to crack. This is why the only option (apart from paying the ransom) is to recover your files using backup or data-recovery tools. Otherwise, you will be forced to pay for the keys proposed by cybercriminals, which is mentioned in the ransom note dropped on your PC after encryption. Swindlers are not using too many words for describing what happened, instead, they attach their e-mail address to be contacted for further instructions.

How to remove Reig Ransomware and decrypt .reig files

Reig Ransomware (also known as STOP Ransomware) is ruinous virus, whose operating principle is based on strong file encryption and money extortion. There have been more, than 300 versions of this malware, with several major modifications and numerous minor changes. Recent ones use random 4-letter extensions added to affected files, to indicate that they are encrypted. Since the very beginning, Reig Ransomware has used the AES-256 (CFB mode) encryption algorithm. Depending on the exact extension there are slightly different, but similar removal and decryption methods. Variation under research today uses .reig extensions. Like its predecessors, it creates a ransom note called _readme.txt, below is an example of such a text file. Reig Ransomware uses system directories to store its own files. In order to start automatically each time the OS starts, the encryptor creates an entry in the Windows registry section that defines the list of programs that start when the computer is turned on or restarted. Therefore, to be able to decrypt your files you need to remove the virus first. The technical peculiarity of this malware allows users to decrypt files successfully in some cases. The matter is Reig Ransomware tries to connect its server every time it starts encryption on a victim's computer.

How to remove Parasite Ransomware and decrypt .parasite, .betarasite or .paras1te files

Parasite is one of the newest ransomware samples detected by cyber experts in recent days. Alike other malware of this type, Parasite encrypts personal data and demands money for the decryption. However, it was found that Parasite has a significant flaw - it encrypts data with the wrong cipher and overwrites data with 256 bytes. This means that all data encrypted by Parasite loses its value completely, simply because it gets replaced with empty space. For example, a word file, which weighs megabytes of data will decrease and start weighing mere 256 bytes. Such a bug instantly shows that Parasite is not able to decrypt your files, simply because they become damaged. Of course, they claim to decrypt them in HOW_CAN_GET_FILES_BACK.txt ransom note (alternatively @READ_ME_FILE_ENCRYPTED@.html or info.hta), which is created after encryption, but it does not make any sense due to the above-mentioned.

How to remove Perfection Ransomware and decrypt .perfection files

Perfection is a ransomware-infection that involves RSA and AES algorithms to encrypt personal data. The purpose of such attacks is about capitalizing on desperate victims willing to restore their files. As a result, developers behind Perfection offer to pay for the decryption tool that will help you regain access to data. Before that, however, Perfection Ransomware appends the .perfection extension to each of the files. For example, 1.mp4 will change to 1.mp4.perfection and so on. Then, once this process is done, extortionists create a number of identical browser files and place them into folders with encrypted data. The ransom note created by Perfection is known as Recovery_Instructions.html.

How to remove Tirp Ransomware and decrypt .tirp files

Tirp Ransomware or as it is often called STOP Ransomware or DjVu Ransomware belongs to the large family of file-encryption viruses with long history and multiple modifications. Currently, this is one of the most widespread ransomware. We won't go deep into technical details of the infection, but explain simple methods and chances to decrypt affected files and remove the virus. The first thing you should know, there are cases, that can be treated successfully, the bad news is - chances of a successful outcome are less than 5%. In this article, we will observe variations that append .tirp extensions to files. Tirp Ransomware uses a similar pattern with all victims. It comes as a fake windows update from torrent websites that run executable to disable security programs and starts the encryption process of valuable files, such as docs, videos, photos, music. In the end, it places a ransom note (_readme.txt) file in every folder with encrypted files.