If you are infected with ransomware and you see any of this extension added – that means your files are encrypted with TeslaCrypt 4.2 or earlier versions and your files can be decrypted. To effectively restore your files you need to remove any active process of this ransomware using special removal tools or trying standard antivirus software. After this you need to use special decoders to determine decryption key and get your files back. Follow instructions below to remove TeslaCrypt 4.2 Ransomware and decrypt .vvv or .exx files in Windows 10, Windows 8, Windows 7.
Arena Ransomware is successor of Dharma Ransomware from CrySis crypto-virus family. This malware uses asymmetric cryptography to encrypt users files, such as documents, photos, music, videos, games etc. This version appends .arena extension to affected files. After finishing encryption process various versions of Arena Ransomware can create different text or html files with instructions: FILES ENCRYPTED.txt, info.hta, Your personal data are encrypted!.txt, _HELP_INSTRUCTION.TXT. Ransomware can demand payment from 0.3 to 1 BitCoins (which is equivalent to $2000 – $6000) for decryption services, but usually malefactors don’t send any keys.
Losers Ransomware is new variant of Nemesis/Cry36 ransomware family viruses. According to our research it appends .losers and .damoclis (In this case it is called Damoclis Gladius Ransomware) extensions to encrypted files. Ransomware creates HOWTODECRYPTFILES.html file with instructions to pay the ransom and possibly decrypt your files.
Sage 2.2 Ransomware is successor of Sage 2.0 Ransomware and Sage Ransomware based on CryLocker family. It was changed in terms of design of desktop background and payment pages. It also uses new filenames for instructions file and image file (!HELP_SOS.hta and !HELP_SOS.bmp). Virus still adds .sage file extension to encrypted files and uses Microsoft SAPI voice to read the message on your desktop aloud. This is done to create negative psychological effect. Latest version of this ransomware demands 0.17720 BTC or almost $1000 for decryption.
Bad Rabbit is new wide-spread ransomware, that uses RSA-2048 and AES cryptography. It mostly targets enterprises in Eastern Europe. Security experts claim, that Bad Rabbit is related to previously distributed Petya и NotPetya viruses. Currently, several governmental institutions and banks were attacked by this virus in Russia, Ukraine, Turkey, Germany. Hackers demand ransom of 0.05 BTC (BitCoins), which is ~280$ and threaten to increase this amount if not paid within certain time gap. We strongly recommend not to send money, as in most cases malefactors do not send keys.