How to remove LockCrypt ransomware and decrypt .lock, .1btc or .mich files

May 29, 2018 Aleksei Abalmasov 0

LockCrypt Ransomware is encryption virus, that affects user files such as photos, documents, music, videos etc. It modifies filenames using certain pattern: it changes name of the file to random numbers and letters and alters extension to .lock, .1btc or .mich. Experts now research this virus, and we don’t know if it uses symmetric or asymmetric cryptography, but currently, there is no automatic way to decrypt files encrypted by LockCrypt. But some users reported that they partially restored files, using shadow copies recovery. (Read our article about this method)

How to remove Matrix Ransomware and decrypt .matrix, .[] or .MTXLOCK files

May 10, 2018 Aleksei Abalmasov 0

Matrix is another ransomware-type malware, that can encrypt user documents, photos, music, video, archives and other types of personal files. Virus adds “.matrix” extension to all encrypted files. It also creates matrix-readme.rtf or Readme-Matrix.rtf files with message in Russian and English with instructions to pay the ransom. Developers of Matrix ransomware offers to contact them using following e-mail addresses:, or and demand ransom of about $500 – $1500.

How to remove Vortex Ransomware and decrypt .aes or .ZABLOKOWANE files

May 7, 2018 Aleksei Abalmasov 0

Vortex Ransomware is a cryptographic virus, that mostly attacks users in Poland, but may also be distributed in other counties. Vortex Ransomware code is based on AESxWin – a free program for encryption and decryption. It uses AES-256 cryptography and adds .aes and .ZABLOKOWANE extensions to encrypted files. After encoding, Vortex creates a text files (ODZSZYFRUJ-DANE.txt (or “#$# JAK-ODZYSKAC-PLIIKI.txt”)), and places it on the desktop. Various versions of this virus demand from $100 to $200 in BitCoins. One of the alternative versions of Vortex Ransomware is called Flotera and it also appends .aes suffix.

How to remove Hermes Ransomware and decrypt .hrm files (April 2018 Update)

April 26, 2018 Aleksei Abalmasov 0

Hermes Ransomware is crypto-extortionist, that encrypts user data using AES-256 + RSA-2048 encryption, and then requires you to contact by e-mail to return files. Virus appends .hrm extension to encrypted files, however, some versions do not add any extensions or suffixes. Hermes Ransomware also creates “UNIQUE_ID_DO_NOT_REMOVE” file, that malefactors require attaching to e-mail. This malware uses the Evelen method to bypass UAC. Removes volumes of shadow copies of files and backup files. Currently ransom amount is unknown, but usually ransomware demands from $500 to $2000 in BitCoins to be paid for decryptor. There are many cases when hackers ignore the payment and do not send any keys in return. There is free decryptor available, created by security specialists, but unfortunately, it can not decrypt all versions of Hermes Ransomware.