Viruses

Poqw Ransomware (also known as STOP Ransomware) is a cynical virus that knocks out the soil and leaves users at a loss because it affects the most intimate type of information - personal photos, videos, e-mails, as well as documents, archives, and other valuable data. Ransomware is a type of threat that not only encrypts those files, but demands a buyout. STOP Ransomware is officially the most widespread and dangerous virus among the file-encrypting type of malware. There have been more than 500 versions of it and latest struck with .poqw extensions. Such suffixes are added by Poqw Ransomware to files it encodes with its powerful AES-256 encryption algorithm. In 99% of cases, its algorithms are unbreakable, however, with instructions and utilities covered in this article you get this 1% chance of recovery. Firstly look at the ransom note, that Poqw Ransomware copies to the desktop and affected folders.

Being part of the Djvu and STOP virus family, Zouu Ransomware is a file-encrypting virus that has been strolling around the web since the middle of January 2023. In fact, developers distribute a plethora of versions that vary from each other by extensions, cybercriminals' e-mail, and other details. There are over 600 extensions that STOP Ransomware has used to attack the user's data. In our case, STOP Ransomware appends .zouu extension to files so that they become encrypted. For instance, something like 1.mp4 will be retitled to 1.mp4.zouu and reset its default icon after infection. Sequentially, the program creates a note called _readme.txt that contains ransom information. Usually, the generated content looks very similar in all ransomware types.

Zoqw Ransomware, being a part of STOP Ransomware is a critical virus, endangering user's personal files. It belongs to the family of file-encrypting malware, that uses the AES (Salsa20) algorithm and unbreakable key. This virus is, sometimes, called Djvu Ransomware, after the word used as an extension in the first versions (.djvu). The variant of the threat, that we describe today, modifies files with .zoqw extension appeared in first half of January 2023 and acts exactly the same in comparison with dozens of previous versions. Files are encrypted with a secure key and there are quite small chances to decrypt them completely, especially if an online key was used. However, certain manual methods and automatic tools, described in this article can assist you in successfully decrypting some data. In the text box below you can find the "ransom note" - a small text file with a brief virus introduction and instructions to pay the ransom.

One of the main computer security threats today is ransomware. Those are devastating computer viruses, that encrypt users' files using various cryptographic algorithms and extort ransom money for the decryption key. It is especially sensitive for users, as it attacks either personal files such as videos, photos, music, or business data such as MS Office file formats, e-mails, databases. Such files can be crucial for business operation or extremely important personally as part of family memory. Malefactors can demand from several hundred to several thousand dollars as a ransom. STOP Ransomware is officially the most widespread and therefore most dangerous ransomware threat. There've been more, than 650 versions of this virus in 5 years. Each variation infects thousands of computers, and there are millions of victims of this nasty malware. In this article, we will explain typical methods to fight Bpto Ransomware and decrypt affected files. In today's focus, versions of STOP (Djvu), that add .bpto extensions. Recent samples use a very similar pattern to infiltrate PCs and encrypt files. After encryption, ransomware creates a file (ransom note), called _readme.txt.

Theva is the name of a ransomware virus that encrypts system-stored data and demands victims to pay money in Bitcoin for its decryption. During encryption, targeted files end up visually altered - for instance, 1.pdf will change to 1.pdf.[sql772@aol.com].theva and so forth with other files. Upon successful blockage of data, Theva Ransomware represents its decryption instructions in a text document called #_README_#.inf. It also changes victims' desktop wallpapers. In order to recover the data, victims are urged to contact cybercriminals via the given e-mail address (sql772@aol.com) and pay the ransom in Bitcoin cryptocurrency. It is said the price for decryption depends on how fast victims establish contact with swindlers. Following successful payment, threat actors promise to send the necessary decryption tool that will unlock all blocked data.

Eternity is a ransomware virus that was discovered by Cyble researchers. This piece of malicious software belongs to the Eternity malware family and is designed to extort money from victims by encrypting potentially valuable data (with secure AES and RSA cryptographic algorithms). Dasha is another popular ransomware variant from this family. There are two known versions of Eternity - one does not change files visually and the other assigns the .ecrp extension to filenames and alters original icons. For instance, 1.pdf may either remain the same or become 1.pdf.ecrp after encryption depending on which ransomware version attacked the system. After successfully completing encryption, Eternity displays a pop-up window containing decryption instructions. Because Eternity Ransomware is a public Malware-as-a-service (MaaS) virus, which many threat actors may buy, the content of instructions (contact details, ransom size, countdowns, etc.) may slightly vary as well. Below are examples of ransom texts from two ransomware variants.

Black Hunt is a malicious infection classified as ransomware. Upon infiltration, it begins encrypting data and then blackmails victims into paying for decryption (in #BlackHunt_ReadMe.hta and #BlackHunt_ReadMe.txt ransom notes). While running encryption, the virus also assigns the victim's ID, cybercriminal's email address, and .black extension to influenced files. To illustrate, a file originally named 1.pdf will change to something like 1.pdf.[nnUWuTLm3Y45N021].[sentafe@rape.lol] and acquire the new Black Hunt icon as well. Desktop wallpapers get altered as well. Inside the ransom notes cybercriminals state victims have 14 days to contact them by e-mail and buy a unique key for decryption. Unless the deadline is met, threat actors say they will start selling or leaking the collected data to various third-parties. Victims can review their "data situation" via the provided TOR link.

ScareCrow is a ransomware infection that first appeared on malware radars in 2019. Since then, the ransomware has undergone a couple of insignificant changes and upgrades. For instance, depending on which ScareCrow versions attacked the system, either .scrcrw or .CROW extensions will be assigned to targeted files. Ransomware infections are designed to encrypt potentially valuable data and hold it blocked until victims meet cybercriminals' demands to pay a ransom. ScareCrow uses a combination of AES and RSA cryptographic algorithms to thoroughly encryption of data. After successfully making files inaccessible, the virus automatically opens a pop-up window with decryption instructions. Please note that paying the ransom might not be mandatory - victims are advised to contact reputable ransomware researcher Michael Gillespie and decrypt ScareCrow files for free.