How to remove PayDay ransomware and decrypt .sexy files

December 20, 2016 Aleksei Abalmasov 0

Payday is a ransomware based on HiddenTear source code and developed by Portuguese hackers. Payday derives its name from popular game of the same name. The purpose of the infection is to deny access to the personal data so it encrypts them using complex AES cipher. At the time of encryption, Payday appends the names of encrypted files with the .sexy extension. Although, the data encryption is a time-consuming process, the users usually don’t notice nothing suspicious. The whole procedure runs in stealth mode. Once encrypted, virus creates HTML file saving it on the desktop.

How to remove Osiris ransomware and decrypt .osiris files

December 6, 2016 Aleksei Abalmasov 5

Osiris is new crypto-virus, that belongs to Locky ransomware type. After finishing the process of encrypting files, malware adds .osiris extension and alters filenames. Your files get such names: [8_random_characters]-[4_random_characters]-[4_random_characters]-[8_random_characters]-[12_random_characters].osiris. Virus blackmails user to pay ransom of 2.5 BitCoins (~$1880) for file decryption. Osiris ransomware creates 3 files on users computers: OSIRIS.html, OSIRIS_[4_random_characters].html and OSIRIS.bmp and copies them to the folder with encrypted files. Those files contain instructions for users to pay the ransom on Bitcoin wallet.

How to remove Purge ransomware and decrypt .purge files

November 29, 2016 Aleksei Abalmasov 0

Purge Ransomware refer to the ransomware virus that encrypts your files. Once launched, it begins the process of encrypting your files stored on the system drives and attached network drives. The each infected file is added the extension .purge. This tricky malware uses strong encryption algorithm – RSA, that can be decrypted using a unique key. Unfortunately, restoring files are almost impossible without this key which crooks store on the remote servers

How to remove Globe ransomware and decrypt .globe files

November 29, 2016 Aleksei Abalmasov 0

Globe is a ransomware that is very similar to Mahasaraswati, JohnyCryptor, Ecovector and JohnyCryptor. Once Globe ransomware has infected your computer, it encrypts various data. After finishing encrypting process, this ransomware adds .globe (.purge) extensions to the name of all the encrypted files. It will create a HTA note named How to restore files.hta in each folder with the encrypted data. Also this ransomware creates an autorun named How to restore files that automatically opens ransom note each time you login to Windows and changes wallpaper on your desktop to “Purge: Election Year” film’s theme.