Viruses

If your files became no longer accessible and now appear with the new .MEOW extension, then you are most likely infected with Meow Ransomware (a.k.a. MeowCorp2022 Ransomware and ContiStolen Ransomware). This file-encryptor blocks access to practically all types of system-stored data using the ChaCha20 algorithm and demands victims to establish contact with its developers (presumably to pay for decryption). In addition, it was also determined that this ransomware works on code stolen from another popular file-encryptor named Conti-2 Ransomware. Information about contacting swindlers can be found inside a text note called readme.txt, which the virus drops into each folder with encrypted files.

Loplup is a file-encrypting virus that was determined to be part of the ZEPPELIN ransomware family. While restricting access to system-stored data, it renames attacked files by adding the custom .loplup.[victim's_ID] extension. This means a file previously called 1.pdf will change to something like 1.pdf.loplup.312-A1A-FD7. Note that the victim's ID is variable so it can be different in your case. Following successful encryption of data, Loplup creates a text file (!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT) that contains decryption guidelines.

This article contains information about Aawt Ransomware version of STOP Ransomware that adds .aawt extensions to encrypted files, and creates ransom note files on the desktop and in the folders with affected files. Aawt Ransomware is actively distributed in the following countries: USA, Canada, Spain, Mexico, Turkey, Egypt, Brazil, Chile, Ecuador, Venezuela, Germany, Poland, Hungary, Indonesia, Thailand. This variation first appeared in September 2022 and is almost identical to the previous dozens of variations. Ransomware virus still uses AES encryption algorithm and still demands a ransom in Bitcoin for decryption.

Eebn Ransomware (sometimes called STOP Ransomware or DjVu Ransomware) is a wide-spread encryption virus, that first appeared in December 2017. Since then, lots of technical and design changes took place, and a few generations of malware changed. Ransomware uses the AES-256 (CFB-mode) encryption algorithm to encode user's files, and after this last version appends .eebn extensions. After encryption, virus creates a text file _readme.txt, which is called "ransom note", where hackers disclose ransom amount, contact information, and instructions to pay it. STOP Ransomware with .eebn file extensions use following e-mails: support@bestyourmail.ch and datarestorehelp@airmail.cc.

FirstKill is a ransomware infection designed to encrypt users' data and blackmail victims into paying financial ransom for its recovery. It uses AES and RSA military-grade algorithms to run strong encryption and prevent victims from re-accessing their files. During this process, FirstKill also renames all targeted files with the .FirstKill extension and resets their original icons to blank. For instance, a previously untouched file like 1.pdf will change to 1.pdf.FirstKill and become no longer accessible. Following this, the virus creates a text note called CO_SIĘ_STAŁO.html which contains instructions for decrypting the data.

Eeyu Ransomware (a.k.a. STOP Ransomware or Djvu Ransomware) is an extremely dangerous virus that encrypts files using AES-256 encryption algorithm and adds .eeyu extensions to affected files. The infection mostly involves important and valuable files, like photos, documents, databases, e-mails, videos, etc. Eeyu Ransomware does not touch system files to allow Windows to operate, so users will be able to pay the ransom. If the malware server is unavailable (computer is not connected to the Internet, remote hackers' server does not work), then the encryption tool uses the key and identifier that is hard-coded in it and performs offline encryption. In this case, it will be possible to decrypt the files without paying the ransom. Eeyu Ransomware creates _readme.txt file, that contains ransom message and contact details, on the desktop and in the folders with encrypted files. Developers can be contacted via e-mail: support@bestyourmail.ch and datarestorehelp@airmail.cc.