Viruses

Also known as Sullivan, RansomBoggs is a ransomware infection designed to encrypt data and demand payment for decryption afterwards. Recent research showed that this virus has had numerous attacks on various organizations placed in Ukraine. During encryption, RansomBoggs renames all targeted files with the .chsch extension. For example, a file originally titled as 1.pdf will change to 1.pdf.chsch and become no longer accessible. Following this, the ransomware also creates its own note (SullivanDecryptsYourFiles.txt) with decryption instructions.

Uyro is another file-encryptor developed and spread by the STOP/Djvu family. It copies all traits and capabilities of older versions issues by the STOP/Djvu group. The virus encrypts PC-stored data and demands crypto ransom for unique decryption software that will decipher this data. Most often, malware like Uyro targets vital data like images, music, videos, and documents containing important information. After detecting such files, the ransomware program will generate unique ciphers and write them over the files to prevent users from accessing them. Apart from this, ransomware infections also append new extensions to highlight the encrypted data. In the case of Uyro Ransomware, users will see their data changed with the .uyro extension. This means a regular file like 1.pdf will change its look to something like this 1.pdf.uyro. After this, Uyro developers create a text note called _readme.txt that explain decryption instruction. Note that all of these changes happen in a blink of an eye, so it is impossible to track which part of encryption occurred first. This is what you can see written inside the text note with ransom demands.

SEX3 is a computer virus classified as ransomware. Also, it was discovered to be a new version of another file encryptor called SATANA Ransomware. Software of this type is developed to encrypt potentially valuable data and demand file owners to pay money for their decryption. While running encryption, SEX3 Ransomware is programmed to alter targeted files with the .SEX3 extension. This is simply a visual change to highlight blocked data on top of successful encryption. After this, the virus changes the desktop wallpapers and also creates a text note called !satana!.txt that contains short instructions about how to unlock access to files.

Kcbu Ransomware is another representative of STOP/Djvu virus, that has been tormenting users since 2017. This particular version was released in the end of November 2022 and adds .kcbu extension to all encrypted files, as can be seen from its name. Other than that, it's the same file-encypting and ransom-demanding virus as hundreds of its predecessors. Ransomware of this type uses the same cryptography, that is, unfortunately, still undecryptable. The only things that change during last years are extension and contact e-mail addresses. The name of the ransom note remains unchanged (_readme.txt) and you can check the content in the text box below.

Onelock is a ransomware infection developed by the Medusa ransomware family. Its purpose is to encrypt access to potentially important data (using RSA and AES encryption algorithms) and extort money from victims for full decryption. While rendering files inaccessible, the virus adds the new .onelock extension, which would make a file like 1.pdf change to 1.pdf.onelock and reset its original icon. The same pattern applies to other files that get targeted by the infection. After successful completion, Onelock creates the how_to_back_files.html file to feature decryption instructions. Overall, it is said that ransomware developers are the only figures able to decrypt victims' data. For this, victims are therefore instructed to contact cybercriminals using a chat link in Tor Browser (or e-mail) and pay some specified amount of ransom.

Kcvp Ransomware is a high-risk file-encrypting computer virus, that belongs to notorious family of STOP/Djvu. Here are some of its characteristics: it modifies files' extensions with 4-letter code .kcvp; it encrypts those files with strong combination of AES-256 and RSA-1024 cryptography; it creates ransom note _readme.txt, where authors demand $980/$490 ransom for decryption. Unfortunately, full decryption is not possible if the virus used online key (your PC was online during the whole process of encryption). But do not despair, there are still chances to restore data partially or even completely with instructions provided on this page and certain portion of luck. The hackers offer to decrypt 1 file for free, and we recommend not to miss this opportunity. Although, they say file must not contain important information, send them 1 crucial file, most important document or memorable photo. However, that should be all communication with them. Do not pay the ransom, because, in most cases, malefactors just stop responding. Before proceeding with any decryption instructions in this article, you need to remove the actual virus and make sure it will not return. Use one of the removal tools provided, or any decent antivirus of your choice. Then, we recommend copying any untouched data to an external drive. Now you can start attempts to recover the files.