Viruses

Wwpl Ransomware is a malicious software that belongs to the STOP/DJVU ransomware family. It targets Microsoft Windows operating systems and encrypts files on the victim's computer, demanding a ransom payment in exchange for a decryption key to restore access to the encrypted files. The ransomware appends the .wwpl extension to filenames, for example, a file originally labeled 1.jpg is changed to 1.jpg.wwpl. Wwpl Ransomware uses a strong encryption algorithm to lock the victim's files, making them inaccessible. After encrypting the files, it generates a ransom note in the form of a text document named _readme.txt. The ransom amount demanded ranges from $490 to $980 in Bitcoin cryptocurrency.

Wwza Ransomware is a malicious software that belongs to the Djvu family. It encrypts files on the victim's computer and demands payment in exchange for a decryption key and tool to restore access to the files. The virus spreads by disguising itself as legitimate software and can infect a computer through various means, including downloading programs from torrent websites, running hacked games or freeware, and installing key generators for Windows or Office software. Once Wwza Ransomware infiltrates a computer, it encrypts data and adds the .wwza extension to file names. For example, a file originally named 1.jpg is altered to 1.jpg.wwza, and 2.png is renamed to 2.png.wwza. Wwza Ransomware uses the Salsa20 encryption algorithm to encrypt files. Wwza Ransomware creates a ransom note in the form of a text document named _readme.txt.

Magaskosh Ransomware is a type of malicious software that encrypts files on a victim's computer, making them inaccessible until a ransom is paid. It appends the .magaskosh extension to filenames, for example, renaming 1.jpg to 1.jpg.magaskosh and 2.png to 2.png.magaskosh. Magaskosh Ransomware was first detected in early September 2023. Although it primarily targets English-speaking users, it can potentially spread worldwide. Magaskosh Ransomware displays a ransom note on the locked screen of the infected computer. The note typically contains instructions on how to purchase the decryption tool from the ransomware developers and may also include other remarks.

Elibe Ransomware is a type of malicious software designed to encrypt data on a victim's computer and demand a ransom for decryption. It was discovered by researchers while investigating new submissions to the VirusTotal website. When Elibe Ransomware infects a computer, it encrypts files and alters their filenames by appending the attacker's email, a unique ID assigned to the victim, and a .elibe extension. For example, a file initially named 1.jpg would appear as 1.jpg.EMAIL=[recoveryfile7@gmail.com]ID=[16-digit-random-string].elibe. After the encryption process is completed, a ransom-demanding message titled FILES ENCRYPTED.txt is dropped. The contents of the ransom note are presented in the text box below, and typically include payment information, the amount to be paid, and the consequences of not paying.

ZeroCool Ransomware is a type of malware that encrypts files on the victim's computer. In addition to encrypting data, ZeroCool adds the .ZeroCool extension to filenames and provides a ransom note (ZeroCool_Help.txt). This ransomware poses significant challenges to individuals, businesses, and governments due to its ability to disrupt operations, compromise data, and extract ransom payments. Modern ransomware, like ZeroCool, often uses a hybrid encryption scheme, combining AES and RSA encryption to secure their malware against researchers recovering encrypted files. This approach involves generating an RSA key pair, encrypting all files with the public key, and sending the private key to the server to be stored.

FarAttack is the name of a ransomware infection that encrypts personal data by appending the .farattack extension. This means a previously unaffected 1.pdf will be forcefully changed to 1.pdf.farattack and reset its original icon after successful encryption. Following this process, the ransomware creates a text note called How_to_recovery.txt which features decryption instructions. The note guides victims to contact swindlers either using the TOR link or e-mail communication (ithelp02@decorous.cyou or ithelp02@wholeness.business). In response to your reach-out cybercriminals give further instructions on how to pay for decryption. They also advise victims to fit in 72 hours unless they want the price to go higher. The price itself is kept secret and ends up declared after victims contact the crooks. Unfortunately, decrypting files without the help of ransomware creators is quite an arduous task. It may only be possible to decrypt some parts of the data, but not fully.