How to remove Arrow Ransomware and decrypt .arrow files

March 12, 2018 Aleksei Abalmasov 0

Arrow Ransomware is a new version of encryption virus from notorious Dharma/Crysis ransomware family. Ransomware uses AES and RSA algorithms to encrypt user files and add .arrow extension to affected files. Actually, it appends a complex suffix, that looks like this: .id-{8-symbols-alphanumeric-id}-{e-mail}.arrow. Ransom is 0.1 BitCoin, that currently equals to ~$1000. However, this amount may vary depending on cryptocurrency exchange rate. Arrow Ransomware targets most important user data, which makes it effective for malefactors. These are MS Office documents, OpenOffice, PDF, text files, databases, photos, music, videos, image files, archives, web page files and other web files, educational, application and specialized files, and other files.

How to remove GandCrab2 Ransomware and decrypt .crab files

March 7, 2018 Aleksei Abalmasov 0

GandCrab2 is a successor of previous wide-spread ransomware-type virus GandCrab. This virus encrypts user data using AES-256 and RSA-2048 encryption algorithms. GandCrab2 Ransomware appends .CRAB extension to affected files. Following successful encryption ransomware demands ~$400 in Dash cryptocurrency. Ransom note also states, that this amount will double, if not paid in 48 hours.

How to remove Vortex Ransomware and decrypt .aes or .ZABLOKOWANE files

February 7, 2018 Aleksei Abalmasov 0

Vortex Ransomware is a cryptographic virus, that mostly attacks users in Poland, but may also be distributed in other counties. Vortex Ransomware code is based on AESxWin – a free program for encryption and decryption. It uses AES-256 cryptography and adds .aes and .ZABLOKOWANE extensions to encrypted files. After encoding, Vortex creates a text files (ODZSZYFRUJ-DANE.txt (or “#$# JAK-ODZYSKAC-PLIIKI.txt”)), and places it on the desktop. Various versions of this virus demand from $100 to $200 in BitCoins. One of the alternative versions of Vortex Ransomware is called Flotera and it also appends .aes suffix.

How to remove GandCrab Ransomware and decrypt .GDCB files

February 6, 2018 Aleksei Abalmasov 0

GandCrab is crypto ransomware encrypts user data using AES-256 (CBC mode) encryption algorithm. and RSA-2048 for the key, and then demands a ransom of 1-3 Dash (crypto-currency) to buy GandCrab Decryptor from extortionists and restore files. GandCrab Ransomware appends .GDCB extension to encrypted files. After finishing encryption process virus creates GDCB-DECRYPT.txt file with ransom-demanding content. GandCrab Ransomware stimulates users to pay the ransom by giving limited time period, after the end of which ransom amount doubles.

How to remove Rapid Ransomware and decrypt .rapid or .paymeme files

January 24, 2018 Aleksei Abalmasov 0

Rapid Ransomware is encryption virus that encodes user files using AES algorithm. After successful encryption ransomware appends .rapid or .paymeme extensions to affected files. It also creates text files (“!!! README !!!.txt”, “! How Recovery Files.txt”, “How Recovery Files.txt”, “recovery.txt”, ) with ransom note and contact e-mails. This version wants 0.4 BitCoins which is around $5000, but we strongly recommend you not to pay money to malefactors, as you can put your bank credentials at risk. Rapid Ransomware also deletes shadow copies of files, so it will be impossible to restore files from shadow copies. However other instructions given on this page can be very useful and help you in your particular case. Follow the guide below to remove Rapid Ransomware and decrypt .rapid or .paymeme files in Windows 10, Windows 8/8.1 or Windows 7.