Viruses

GoGoogle is a ransomware-type virus that encrypts users' data with cryptographic algorithms. Note that it has no correlation with Google Services. Those who get infected with programs of such type, experience immediate data encryption that undergoes a couple of changes. Firstly, the affected files get appended with new .google extension, cybercriminal's e-mail, and victim's ID. For instance, the original 1.mp4 will be renamed to 1.mp4_ID_512064768_Bossi_tosi@protonmail.com.google or 1.mp4_ID_882345678_bitsupportz@protonmail.com.google after penetration. After that, GoGoogle drops the FileRecovery.txt text note with ransom information. Inside the message, extortionists strongly insist on not attempting to unblock your data manually since this can lead to permanent loss. Instead, you should contact them via e-mail and pay for the guaranteed key that will decrypt your data. Unfortunately, trusting cyber criminals is a huge risk because they can dump you easily and not recover your files.

Being part of DCRTR-WDM Ransomware family, Rhino Ransomware is a malicious program that stealthily infiltrates systems and encrypts data stored on them. Likewise other ransomware-type programs, Rhino attacks files by appending new .rhino extension (with cybercriminal's e-mail) and creating a text file afterward. For example, if the original 1.mp4 gets interfered with Rhino Ransomware, it will be changed to 1.mp4.[generalchin@countermail.com].rhino. After the virus encrypted your data, it drops the info.hta file in the %APPDATA% folder and the ReadMe_Decryptor.txt file on a desktop. The information contained in the note explains how to decrypt your data. To do so, you have to contact them via their e-mail and pay for the decryption software in Bitcoin. Additionally, there has been a very popular method around developers to cultivate the trust of victims - they allow them to send 1 file (less than 500 Kb) for free decryption. Unfortunately, unlocking data with third-parties tools is typically impossible unless ransomware has flaws or bugs.

Suspected to be another version of STOP (DJVU) Ransomware, VoidCrypt is a malicious program that encrypts personal data with the .void extension. Originally, this virus used to have the .dewar extension until it has been upgraded to ".void". To be honest, there is no difference between them because the encryption process looks precisely the same. After successful encryption, the standard 1.mp4 will be renamed to 1.mp4.[xtredboy@protonmail.com][ID-EJHPFWKYCNQ5***].void which includes cybercriminal's e-mail and a unique ID. After that, VoidCrypt creates a text-like notification, that informs users about encryption. After finishing the encryption process ransomware creates and opens the following ransom note, called Decryption-Info.HTA .

ZyNoXiOn is a file-encrypting virus that leaves significant damage after its penetration. Such programs are categorized as ransomware and restrict access to files by applying strong algorithms. All of the affected data get appended with .ZyNoXiOn extension. This means that a typical file like 1.mp4 will be changed to 1.mp4.ZyNoXiOn and reset its icon. Once the encryption process is done, users are facing the text file named HOW TO DECRYPT FILES.txt that contains ransom information. Unfortunately, in most cases, you cannot decrypt data without the involvement of cybercriminals. This is why extortionists propose paying 0.13 BTC (roughly 900 USD) through the attached link to obtain special keys that will unlock the encrypted files. Once done, you have to contact them via their e-mail to get the promised tools. Luckily, with the help of contemporary tools designed by world-class laboratories, it is possible to delete ZyNoXiOn Ransomware and decrypt the infected data.

In case you are wondering why your data is blocked and became inaccessible, then N2019cov Ransomware has penetrated your system. Being one of the file-encrypting programs, N2019cov locks unprotected data and tricks users into paying a ransom in Bitcoin. After successful encryption, all files get altered with .P4WN3D extension. For example, the original 1.mp4 will be transformed into 1.mp4.P4WN3D. Thereafter, the program will generate a ransom-demanding message inside of the 1nF0rM@t1On.txt text document that notifies users about data encryption and recovery methods. Extortionists ask you to transfer 100 Euro to the attached wallet and If you do not know how to do so, there is a link to the official website explaining how bitcoin operates. Once the transaction is paid, you have to send a confirmation e-mail to X.cryp.0.R@gmail.com (or other) to retrieve the blocked data.

Velar is a type of malware classified as ransomware. Ransomware is a category of malicious software that operates by encrypting data and extorting money from users via ransom techniques. During the encryption process, all files are getting configured and obtain new extensions. For example, the non-infected file called 1.mp4 will be renamed to 1.mp4.Velar and reset its default icon. Thereafter, users are presented with a text file displaying the ransom information. The ransom note is called readme.txt. It claims that your system was infected by ransomware that ciphered a large number of files by using a hybrid encryption scheme. In order to restore the blocked data, extortionists ask you to contact them via one of the e-mails and attach your personal ID that is listed in the note. Unfortunately, the only option to access your files is buying a decryption key held by cybercriminals because none of the third-parties software is able to decrypt the infected data. However, it is not recommended to follow the instructions of frauds and paying a ransom because most people get fooled and the problem remains unsolved as a result.

If you are no longer able to access your files, then this is because ransomware infected your system. SD (Unlock11) Ransomware is not an exception since it ciphers users' data with RSA + Salsa20 algorithm and adds brand new .[unlock11@protonmail.com].enc extension to each file. As an example, standard 1.mp4 will be renamed to 1.mp4.[unlock11@protonmail.com].enc after the encryption process is done. It is necessary to point out that .enc extension is more generic and has been exploited by several types of ransomware including MOTD, TrueCrypter, and Cryptohasyou. After successful encryption, the program automatically opens a ransom note ReadMeToDecrypte.txt, which contains the details on how to decrypt your data. Some versions of SD replace desktop wallpaper for displaying the ransom information. In both cases, to unlock the affected files, users should reach out to cybercriminals via unlock11@protonmail.com. You are also allowed to attach 3 files (less than 5MB) so that swindlers could prove they can be trusted. After sending a message, you will be presumably required to pay a specific sum to unlock your data. Furthermore, they will give you recommendations on how to protect yourself from further attacks. Unfortunately, there is no other option at this moment to decrypt files configured by SD Ransomware without paying the ransom and getting the private keys.

Being part of the Dharma family, Dharma-Harma is a ransomware program based on AES-256 + RSA algorithms that are meant to encrypt user's data. After the virus gets settled on the system, it blocks multiple files by putting unbreakable ciphers. Once encrypted, files undergo a couple of significant changes. Firstly, the affected files are altered according to such pattern: original_filename.{random-8-digit-alphanumerical-sequence}.[e-mail-address].harma. Note that cybercriminal's e-mail may vary from person to person. Once the encryption is finished, Dharma-Harma generates a text file or image that contains ransom information. It says that your computer is unprotected and needs to be fixed. To restore the lost files, you have to contact them through the attached e-mail. After that, they will supposedly give further instructions and demand a payment in BTC. Unfortunately, those victims who decided to pay a ransom, often get fooled and do not get any decryption keys.