How to remove Angry Duck ransomware and decrypt .adk files

October 27, 2016 Aleksei Abalmasov 0

Angry Duck is ransomware-type virus that uses encryption with AES-512 cryptography. Virus is very weird because it demands huge ransom (10 BitCoins or $6500), however, authors do not provide any contacts or instructions to pay this ransom like e-mail or electronic wallet. But Angry Duck actually encrypts files and appends .adk extension to all affected ones. Usually, ransomware targets pictures, videos, documents and other types of personal files. Feedback shows, that hackers never or rarely send decryption keys or decryption tools after users pay them.

How to remove Thor ransomware and decrypt .thor files

October 26, 2016 Aleksei Abalmasov 0

Thor is another variant of Locky ransomware that uses RSA-2048 and AES-128 encryption algorithms to encode files. Virus got its name because it adds .thor extension to all ciphered files. It also modifies filenames using random characters and numbers, so it becomes hard to distinguish files. Mostly malware affects user documents, pictures, videos, game files. Thor ransomware demands ransom of 3 BitCoins (~$1950). Ransomware creates 2 files: _WHAT_is.html and _WHAT_is.bmp. This files contain instructions for users to pay the ransom and get decryptor.

How to remove Shit ransomware and decrypt .shit files

October 26, 2016 Aleksei Abalmasov 0

Shit ransomware is new virus from Locky family. Actually, it infects files using the same way – like previous variants, ransomware is installed using a DLL that is executed by Rundll32.exe. After execution it attacks files of 380 various file extension and encrypts them using AES encryption. After this it appends .shit extension to all encoded files and demands ransom of 3 BitCoins (~$1950). Ransomware creates 3 files: _WHAT_is.html, _[2_digit_number]_WHAT_is.html, and _WHAT_is.bmp. This files contain texts encouraging users to pay the ransom.

How to remove Odin ransomware and decrypt .odin files

September 29, 2016 Aleksei Abalmasov 8

Odin ransomware is new cryptographic virus from family of Locky and Zepto ransomware. It uses system process (rundll32.exe) to execute and encrypt user files. Usually, infection affects user personal files such as documents, photos, videos and music. In this version virus adds .odin extension and modifies filename, changing it to random set of numbers and letters. Virus creates 3 files: _5_HOWDO_text.html, _HOWDO_text.bmp, and _HOWDO_text.html. Image file is used as desktop background and contains text with instructions to pay the ransom.

How to remove JohnyCryptor ransomware and decrypt .johnycryptor@hackermail.com.xtbl files

September 6, 2016 Aleksei Abalmasov 1

JohnyCryptor is wide-spread ransomware virus, that uses AES encryption to encrypt important files (documents, photos, e-mails, music, video, gaming files). Virus adds .johnycryptor@aol.com.xtbl or .johnycryptor@hackermail.com.xtbl extension to encrypted files (depending on version), and creates “How to decrypt your files.txt” file on the desktop. This file contains instructions to pay the ransom and get the decryptor. Users have to pay from 0.5 to 1.5 ($250-$700) BitCoins to get the decryptor.

1 2 3 4 5 10