Nemesis Ransomware is a successor of CryptON Ransomware and is very likely developed and distributed by the same team of hackers. Files are encrypted using mix of RSA, AES-256 and SHA-256 or SHA-512 encryption algorithm. Other version of Nemesis Ransomware are known under the names Cry9, Cry128, Cry36, X3M. Newer version add randomly generated extensions. After encryption ransomware creates file ### DECRYPT MY FILES ###.html with instructions to pay the ransom.
CryptON Ransomware is crypto-virus, that gave birth to large family of ransomware encryption viruses like Nemesis, X3M, Cry9, Cry128, Cry36. This particular ransomware appends _crypt extension to filenames and saves original extension. So after encryption user file sample.txt will become sample_crypt.txt. After successful encryption CryptOn Ransomware creates readme_encrypted.txt file. There are several decryption tools released from companies like Emsisoft, Avast, Eset and we will give you instructions to use them below. Learn how to remove CryptON ransomware and decrypt _crypt files using guide on this page.
Blind Ransomware is cryptoviral extortion, that uses RSA and AES algorithms to encrypt user data. This particular ransomware appends .blind and .kill suffixes to compromised files. It also adds developers e-mail to the filenames: email@example.com or firstname.lastname@example.org. Usually, malware attacks files, that represent value for the user – documents, presentations, photos, video, music. After finishing encoding files, Blind Ransomware creates following file: How_Decrypt_Files.hta.
Paradise Ransomware is crypto-virus distributed as RaaS (Ransomware-as-Service). That means it is simplified ransomware development kit, that allows potential hackers and malware distributors to substitute their e-mails and BitCoin wallets and receive ransom payments from infected users. Virus appends .paradise file extension and modifies filename with affiliate identification number and e-mail, so the final pattern looks like this: id-affiliate-id-[affiliate-e-mail].paradise. Malware uses RSA-1024 cryptography. Ransomware creates 3 text files: Files.txt, Failed.txt, and #DECRYPT MY FILES#.txt. First two are the lists of successfully encrypted files and files, that failed to be encrypted.
CryptoMix Ransomware is famous family of ransom-demanding encryption viruses. Recently it came up with updated version that modifies your files with random set of 32 letters and digits and .xzzx file extension. So it makes your files look like this: 1V3DJHJ6M78BL3535RTY987XZFDGP876.XZZX. This new version uses complex double encryption with RSA-1024 ans AES algorithms. After encryption finishes CryptoMix Ransomware creates _HELP_INSTRUCTION.TXT file that contains contact e-mails and ransom-demanding message. Malefactors use following e-mails: email@example.com, firstname.lastname@example.org, email@example.com, and firstname.lastname@example.org.