Viruses

Eemv is a new file-encrypting program developed and published by STOP/Djvu family. Almost all versions entitled to this group of extortionists employ similar steps to extort money from victims. Once Eemv gets on your PC, it runs a quick scan of your system to find sensitive data. Then, once this process is done, the malicious program gets to encrypt your data. During this, all files are changed with the .eemv extension, which appears at the end of each file name. For example, a file like 1.pdf will change to 1.pdf.eemv, and similarly. Once you spot such an immediate change, you will no longer be able to access the data. In order to decrypt it, cybercriminals instruct victims through the steps listed inside a text note (_readme.txt), which opens at the end of encryption. All recent versions of this ransomware family have used identical text in the notes.

ChinaHelper is a ransomware virus designed to encrypt personal data and blackmail victims into paying the ransom. While restricting access to data with the help of AES-256 and RSA-2048 algorithms, the virus assigns the .cnh extension so that a file like 1.pdf turns into 1.pdf.cnh, for instance. The next thing ChinaHelper does is creating a text note called README.txt. There is also another variant spotted in a later distribution, which assigned .cnhelp or .charm extension to files and created the HOW_TO_RETURN_FILES.txt file instead.

STOP Ransomware is a sophisticated encryption virus, that uses the Salsa20 algorithm to encode sensitive personal data, such as photos, videos, and documents. The latest version (Eewt Ransomware), appeared in the middle of September 2022, adds .eewt extension to files and makes them unreadable. To date, the family includes about 550 representatives, and the total number of affected users is approaching a million. Most of the attacks are in Europe and South America, India, and Southeast Asia. The threat also affected the United States, Australia, and South Africa. Although the Eewt virus is less known than GandCrab, Dharma, and other ransomware trojans, it is this year that accounts for more than half of the detected attacks. Moreover, the next rating participant, the aforementioned Dharma, lags behind him by this indicator by more than four times. A significant role in the prevalence of STOP Ransomware is played by its diversity: in the most active periods, experts found three or four new versions daily, each of which hit several thousand victims.

Bom is the name of a ransomware infection. Malware within this category encrypts system-stored data and demands victims to pay money for its return. This ransomware variant is also a by-product of the VoidCrypt family. During encryption, the virus renames all targeted files according to this example - 1.png.[tormented.soul@tuta.io][MJ-KB3756421908].bom. Your renamed files may slightly vary (e.g., different string of characters), but the basis will remain the same. After successfully restricting access to data, the ransomware creates a text note called Scratch - to provide decryption guidelines.

STOP Ransomware is a plague of 2017-2022, tenacious virus based on encryption technology, Mmvb Ransomware is a recent version of it. Ransomware uses the AES encryption algorithm to encode important files and extorts a ransom in Bitcoins for decryption. This malware aims at western countries mostly, but there've been thousands of infections detected in other parts of the world. Mmvb Ransomware uses the same patterns but adds different extensions to modify the files. The version that we observe today appends .mmvb extension. The crypto-virus affects the user's valuable data: photos, videos, and documents, it takes hostage potentially important files. At the same time, it keeps Windows system files intact. All recent versions used a ransom note file called _readme.txt, and this variation is not an exception. All samples belong to the same authors, as they use the same contact details: support@bestyourmail.ch and datarestorehelp@airmail.cc.

DASHA Ransomware is a new variant of Eternity Ransomware. This malware is designed to encrypt system-stored data and demand money for its decryption. While restricting access to files (e.g., photos, videos, documents, databases, etc.), the virus alters file appearance with the .ecrp extension. For instance, a file previously named 1.pdf will therefore change to 1.pdf.ecrp and become no longer accessible. Once this process gets to a close and all targeted files are eventually renamed, DASHA replaces the desktop wallpapers and displays a pop-up window with ransom instructions.