Vegclass is a ransomware that is very similar to Mahasaraswati, JohnyCryptor, Ecovector and JohnyCryptor. Once Vegclass has infected your computer, it encrypts various data. After finishing encrypting process, this ransomware adds .Vegclass(@)aol.com.xtbl extension to the name of all the encrypted files. It will create text file named “How to decrypt your files” in each folder with the encrypted data. Also this ransomware changes wallpaper on your desktop. Every change Vegclass makes on your PC is stating developer’s demands. These cyber criminals want you to contact them, then they will offer you to restore encrypted files by paying them a certain fee.
When you see the black screen with the message that your files was encrypted with “HappyLocker” it means that your system infected by ransomware. The HappyLocker Ransomware is a threat that is designed to encrypt the victim’s data and demand payment in Bitcoins to release a decryptor. Payment amount is 0.1 BitCoin or approximately 70$. HappyLocker encrypts the files with AES-256 cipher or similar. The authors of the HappyLocker Ransomware deliver the Trojan to users by using spam emails. Users get it when they are opening emails with infected attachments.
The Kangaroo Ransomware is a serious threat to your computer. It’s a Trojan virus, that encrypts all the data placed on your hard drive. Still you can get your files and folders back, because Kangaroo Ransomware does not damage, move or delete them. After finishing the encryption process, this virus demands payment in order to “help” you with decryption. These criminals usually demand 500 – 1000 US Dollars in Bitcoins. After the payment is done, there is no guarantee that it will help you to get your data back. So please do not invest into this criminal scheme.
Angry Duck is ransomware-type virus that uses encryption with AES-512 cryptography. Virus is very weird because it demands huge ransom (10 BitCoins or $6500), however, authors do not provide any contacts or instructions to pay this ransom like e-mail or electronic wallet. But Angry Duck actually encrypts files and appends .adk extension to all affected ones. Usually, ransomware targets pictures, videos, documents and other types of personal files. Feedback shows, that hackers never or rarely send decryption keys or decryption tools after users pay them.
Thor is another variant of Locky ransomware that uses RSA-2048 and AES-128 encryption algorithms to encode files. Virus got its name because it adds .thor extension to all ciphered files. It also modifies filenames using random characters and numbers, so it becomes hard to distinguish files. Mostly malware affects user documents, pictures, videos, game files. Thor ransomware demands ransom of 3 BitCoins (~$1950). Ransomware creates 2 files: _WHAT_is.html and _WHAT_is.bmp. This files contain instructions for users to pay the ransom and get decryptor.