Viruses

Ouroboros Ransomware (a.k.a. Zeropadypt Ransomware) is an extremely dangerous virus, that forcibly encrypts and blocks off the access to personal data. By doing so, Ransomware developers prompt users to pay a ransom (around 1000$) for getting a unique decrypting key. When infiltrating the device, it immediately starts rushing through files like images, videos, music, text documents and other valuable data that can be stored on your computer and encrypts it by using the AES-256 encryption algorithm. After that, ransomware assigns a unique .odveta extension to each file, therefore, making it impossible to open. For example, if sample.mp4 gets encrypted it will change the file name to sample.mp4.odveta. There are many other versions and variation of Ouroboros Ransomware, that change file extensions to .bitdefender, .harma, .rx99, .Lazarus, .Lazarus+, .James, .lol, .hiddenhelp, .angus, .limbo, or .KRONOS. Some of the recent extensions like .bitdefender, were created as mockery, because BitDefender released decryption tool, that, unfortunately, cannot decode latest Ouroboros Ransomware species.

Rezm Ransomware is called so, because of .rezm extensions, added to affected files, modifying original extensions of various types of sensitive data. In fact, technically it is STOP Ransomware, that uses AES encryption algorithms to encrypt user's files. This suffix is one of the hundreds of different extensions used by this malware. Does it mean you lost your valuable data? Not necessarily. There are certain methods, that allow you to recover your files fully or partially. Also, there is free decryption utility called STOP Djvu Decryptor from EmsiSoft, that is constantly updated and is able to decrypt hundreds of types of this virus. The authors of the virus report that the victim’s files are encrypted and the only way to decrypt them is to buy a key and a decryptor, that is, to pay a ransom. Attackers demand $980, if the victim agrees to pay the ransom within 72 hours, then the ransom is reduced to $490. Criminals offer to decrypt one file for free and thus confirm that it is possible that the victim can return all his files. Of course, successful decryption of one file does not guarantee that after the ransom is paid in full, the victim will receive a key and a decryptor. We strongly recommend removing STOP virus, using special anti-malware programs.

Oled-Makop Ransomware is a type of virus that aims at encrypting multiple files and demanding a payment to get decryption software. All of these symptoms are part of ransomware operation. Once installed, it is configured to cipher various kinds of data ranging from videos, images, text files, PDFs to others. Then, the isolated files are suffering a couple of changes: firstly, they change their extensions to .[e-mail@mail.cc].oled or .[e-mail@mail.cc].makop (.[somalie555@tutanota.com].makop)and reset their icons to clean sheets. For example, normal 1.mp4 will be transformed into 1.mp4.[makop@airmail.cc].makop immediately after the penetration. After that, the program creates a ransom note, called readme-warning.txt, where developers explain why your data was locked and how to recover it. To incept their trust, they are offering to decrypt one simple file with .jpg, .xls and .doc extensions (not over 1 MB) by sending it via a given e-mail as well as proceeding a payment to get a "scanner-decoder" program. Very often, decryption with third-parties tools is impossible without the involvement of malware developers. However, it does not mean that you have to gift them money since there is a risk that they will not keep their promises. Instead, you should delete Oled-Makop Ransomware from your computer to ensure further safety and recover the lost data from an external backup if possible.

Ech0raix a.k.a. QNAPCrypt is a type of malware classified as ransomware that uses uncommon methods of penetrating and encrypting user's data. Besides typical system infection, it also spreads across physical network appliances like NAS Synology or QNAP that are meant to ensure high-quality internet connections. After sneaking into the system, intruders get access to your "admin" account by matching the password (if set) and start encrypting vulnerable files as a result. Unlike other ransomware, it infiltrates network devices by violating their settings which therefore leads to its malfunction. Consecutively, users are compelled to update their software or ask for professional help. Of course, likewise Medusalocker or Ouroboros, it involves AES-256 algorithms to lock down the data like images, videos, office documents, and others by assigning .encrypt extension to each file so that it looks like this 1.mp4.encrypt. Once done, users are no longer allowed to access their data and forced to proceed with the ransom note that is created after the encryption.

Zeoticus is file-encrypting ransomware that restricts access to your personal data (images, videos, textfiles, audio files, etc.) by encrypting files with .zeoticus@tutanota.com.zeoticus extension. It covers all versions of Windows involving Windows 7, Windows 8.1 and Windows 10. And once it is initiated on your computer it will rapidly go through your computer folders scanning a certain group of files to encrypt. It primarily focuses on scouting files solely with extensions like .doc, .docx, .pdf, and others. When these files get detected they instantly change their extension name to .zeoticus@tutanota.com.zeoticus concurrently shattering all of the Shadow Volume Copies that were generated on your PC so that you can no longer open them. The only possible way seems to be making a ransom that often varies from 500-1000 dollars and that is just more than a lot. So do not fall into this trap! Even if you pay this amount of money, there is no guarantee that fraud will give you access back. It is just a matter of guessing.

MuchLove is another example of file-encryption viruses classified as ransomware. After installation, it ruthlessly encrypts multiple files like MS Office, PDFs, Music, Images, Video, and others. Users get totally shocked once they realize that their data became inaccessible desperately trying to restore the data. Usually, decryption requires assistance from third-parties tools since all manual attempts are useless. Also, the encrypted data acquires a new extension that is .encrypted, in our case. To illustrate, the default 1.mp4 will be changed to 1.mp4.encrypted and reset its icon. Note that the ".encrypted" extension is more generic since it is used by multiple developers. This makes it a bit harder to match appropriate measures to combat the program because you cannot identify exactly which virus attacked your PC. Although, we can then grasp it according to the content of the ransom note (READ_IT.txt)that is created after encryption.