Articles about removing ransomware that blocks Windows or browsers and can encrypt your data and demand ransom.
RSAUtil Ransomware is cryptovirus, which infiltrates user’s PC and encrypts all files on it. Based on Delphi, RSAUtil spreads both on users PC or Servers, and the main purpose of this type of viruses – is extortion of money (750$ or more) from victims for potentially decryption of encrypted files. Usually, cybercriminals try to stay anonymous, they use bitcoins for transactions and remote servers for virus attacks. All encrypted files, for example, databases, documents, tables, photos, videos and other media files, gain a new suffix after encryption.
LockCrypt Ransomware is encryption virus, that affects user files such as photos, documents, music, videos etc. It modifies filenames using certain pattern: it changes name of the file to random numbers and letters and alters extension to .lock, .1btc or .mich. Experts now research this virus, and we don’t know if it uses symmetric or asymmetric cryptography, but currently, there is no automatic way to decrypt files encrypted by LockCrypt. But some users reported that they partially restored files, using shadow copies recovery. (Read our article about this method)
Scarab-Walker is the latest version of ransomware viruses, marked as Scarab Ransomware. We already subscribed old versions: Horsia, Scarab-XTBL, Scarab-crypto, Scarab, Amnesia. Scarab-Walker shows all features of other versions: it encrypts all files on user’s PC, adding .JohnnieWalker suffix to every coded file, and start to demand a ransom in BTC. All documents (.doc, .docx, .pdf, .txt, .xls and others), databases, mediafiles are at risk.
BTCWare Ransomware belongs to the family of BTCWare Ransomware, that we described in our blog. However, unlike its predecessor it uses more complex AES-256 encryption algorithm, which makes it more difficult to decrypt files. Latest version uses following pattern to modify filenames and extensions: [email]-id-[id-number].payday.