MegaLocker Ransomware (NamPoHyu Virus) is new ransomware virus, that encrypts data from sites, servers, using AES-128 (CBC mode), and then requires $250 ransom for individuals ($1000 for companies) in BTC to return files. Any Windows computers, Linux devices and Android devices connected to computers and network devices used to access the Internet are subject to attack. After encryption MegaLocker adds .crypted or .NamPoHyu extensions to affected files. MegaLocker Ransomware was first spotted in March, 2019, when multiple sources stated they were infected with MegaLocker Virus, that encrypted files on NAS devices with .crypted extension. In April, 2019 name was changed to NamPoHyu Virus and now .NamPoHyu extension is appended. Developers are from Russia (or Russian-speaking country). It is not recommended to pay the ransom to malefactors as there is no guarantee, they will send decryptor in return. Paying the ransom also stimulates the hackers to run malvertising campaign and infect new victims.
GandCrab v5.3 Ransomware is probably imposter of original GandCrab Ransomware family. However, it still encrypts files in similar fashion to GandCrab v5.2 Ransomware. Encrypted files get .[5-6-7-8-random-letters] extension and ransom note file has different name: [5-6-7-8-random-letters]-MANUAL.txt, however, still looks identical to previous generation. After debugging executable files security specialists find ironical comments “Jokeroo, new ransom”, “We rulez!!”. Jokeroo is a new Ransomware-as-a-Service, that is promoted on underground hacking sites and via Twitter that allows affiliates to allegedly gain access to a fully functional ransomware and payment server. GandCrab Ransomware grows into separate industry, where people with bad intentions and basic computer knowledge can earn money with this criminal schemes. Some of the previous versions of GandCrab Ransomware could be decrypted with speciql decryptor from BitDefender, we will provide download link for this tool below.
Planetary Ransomware is harmful file-encrypting virus, that blocks access to user’s files by encoding them and adding .mira, .yum, .neptune or .pluto extensions. After encryption malware developers extort ransom to be paid in bitcoins. Planetary Ransomware creates ransom note called !!!READ_IT!!!.txt, where decryption routine and contact information are described. As our experience shows, ransom varies between $500 and $1500. Malefactors send cryptocurrency wallets to receive payment in Bitcoins or Ethereum. There are no way to track the payments, as such wallets are anonymous. Of course, we never advise to pay the ransom, as there are many cases when hackers don’t send master keys or decryptors. There is still a chance decryption tool will be released by antivirus companies or security enthusiasts.
STOP Ransomware (DJVU Ransomware) is high-risk widespread encryption virus, that first appeared near 1 year ago. It experienced several visual and technical changes throughout the time. In this tutorial we will analyse recent versions of this dangerous malware. In April of 2019, STOP Ransomware started to add following extensions to encrypted files: .browec, .guvara, .etols, .grovat or .grovas. They are sometimes called “Browec Ransomware”, “Guvara Ransomware”, “Etols Ransomware”, “Grovas Ransomware” and “Grovat Ransomware” respectively. Virus also modifies the hosts file to block Windows updates, antivirus programs, and sites related to security news or offering security solutions. The process of infection also looks like installing of Windows updates, malware shows fake window, that imitates update process.
STOP Ransomware is large family of encryption viruses with over than a year history. It has undergone multiple visual and technical modifications during the time. This article will describe peculiar properties of latest versions of this malware. Since the end of March, STOP Ransomware started to add following extensions to encrypted files: .raldug, .refols, .roland, .tronas or .trosak. The cost of decryption of files encrypted by STOP Ransomware is $980 (or for $490, if ransom is paid within 72 hours). Hackers should send special decryption tool, that will decode affected files. However, we must warn the victims, that malefactors often don’t keep promises, and don’t send the decoder. We recommend you to remove active infection of STOP Ransomware and use decryption tools available. STOPDecrypter is capable of decryption of .raldug, .refols, .roland, .tronas or .trosak files. You can also try manual guide in this article to attempt restoring files.