Rapid V3 Ransomware (a.k.a Rapid 3.0 Ransomware) is new iteration of notorious Rapid Ransomware. This version uses AES encryption algorithm and can append following extensions to user files: .no_more_ransom, .ezymn, .rpd, .[5-random-characters]. Currently, there is no decryptor with confirmed working capacity for Rapid V3 Ransomware. However, using backups, recovery software or other advices from this page can help you recover encoded files. Virus uses the same template for ransom note. Some variation create ransom note with name: How Recovery Files.txt. Rapid V3 Ransomware extorts 0,7 BitCoins (BTC) for recovering files from decryption. Users can contact developers using e-mail firstname.lastname@example.org, which is reference to and mockery of a famous security researcher from Bleeping Computer forum, who has nickname “demonslay335”. There is information about the victims from the following countries: USA, Iran, Germany, Japan, Benin, South Korea, Indonesia, Spain, Malaysia, India.
Java Ransomware is extremely harmful file-encrypting virus, that belongs to the family of Dharma/Crysis ransomware. It adds .java extension to all encrypted files. Usually, this is complex suffix that contains unique id and e-mail. Java Ransomware uses spam mailing with malicious .docx attachments. Such attachments have malicios macros, that runs when user opens the file. This macros downloads executable from the remote server, that, in its turn, starts encryption process.
Nozelesn Ransomware is new type of ransomware, that uses AES-128 encryption to encode user files. It appends .nozelesn extension to “in cipher” files. According ro researchers Nozelesn Ransomware firstly targeted Poland, but then expanded to other european countries. After successful encryption virus drops HOW_FIX_NOZELESN_FILES.htm file with ransom-demanding message on the desktop and in the folders with affected files. The price for decryption is 0.10 BitCoins, that is currently ~$650. Malefactors promise to send decryption key within 10 days. However, cybercrooks cannot be trusted as, according to our experience, oftne do not hold out promises not to put their encryption algorithm at risk. At the moment of writing this article there is no decryptors released, but we keep abreast of the situation.
JobCrypter Ransomware is crypto-virus ransomware based on Hidden Tear code. Virus adds .locked or .css extension sto encrypted files. This crypto-extortioner encrypts user data using 3DES, and then requires a redemption to return the files back. Judging by the text of the demand for the ransom, JobCrypter is focused only on French users. However, it is noteworthy that many infected JobCrypter PCs were in Lithuania. To remove the blocking of files, the affected party needs to pay a ransom of 300 euros from the PaySafeCard.
Updated version of STOP Ransomware ransomware appends .PAUSA, .CONTACTUS, .DATASTOP or .STOPDATA suffixes to encrypted files. Virus still uses RSA-1024 encryption algorithm. All versions, except .STOPDATA, demand $600 ransom in BTC (BitCoin cryptocurrency), last one offers decryption for $200. Still malefactors offer to decrypt from 1 to 3 files for free to prove, that decryption is possible. This can be used to attempt decoding in future. At the moment, unfortunately, the only way to restore your files is from backups.