Category Ransomware

Articles about removing ransomware that blocks Windows or browsers and can encrypt your data and demand ransom.

How to remove Crypt0l0cker virus and decrypt .encrypted files

Crypt0l0cker (TorrentLocker) is file-encrypting virus and ransomware that targets following countries: Australia, Austria, Canada, Czech Republic, Italy, Ireland, France, Germany, Netherlands, Korea, Thailand, New Zealand, Spain, Turkey, and the United Kingdom. For some reason it is not affecting US-based PCs. The ransom amount is 2.2 Bitcoins, which is currently about $330 GBP. Crypt0l0cker encrypts all files except ones with following extensions: avi, wav, mp3, gif, ico, png, bmp, txt, html, inf, manifest, chm, ini, tmp, log, url, lnk, cmd, bat, scr, msi, sys, dll, exe. Because those files are needed for OS operation.

How to remove NegozI ransomware and decrypt .evil files

NegozI is file-encrypting virus ransomware that uses AES-256 algorithm to encrypt your files. The ransom amount is huge 5 Bitcoins, which is currently about $3300. NegozI encrypts following file types: documents, images, game files, e-mails. Ransomware adds extension .evil to every encrypted file and also creates files "decrypt_your_files.txt" and "decrypt_your_files.html", that contain instructions to pay the ransom and decrypt files.

How to remove SecureCrypted virus and decrypt .SecureCrypted files

SecureCrypted (Apocalypse) is file-encrypting virus that demands ransom (0.5 and 1.5 Bitcoin) to decrypt infected files. Such type of threats is also called ransomware. After infection virus starts encrypting files of following extensions: .txt, .docx, .xlsx, .jpg, .png, .pdf and other. Those files are usually sensitive documents, photos, reports, books and other file types, that are important to regular people. Ransomware adds extension .SecureCrypted to every encrypted file and also creates files "yourfilename.Contact_Here_To_Recover_Your_Files.txt", that contains instructions to recover those files.

How to remove LeChiffre Ransomware and decrypt .LeChiffre files

LeChiffre Ransomware is drifting on the Internet since 2015 but hasn’t been closely analyzed until recently. The latest researches showed that the ransomware is surprisingly simple by its formation. To run this ingenious client the malware creators should launch it on a hijacked server to override the files for encryption. The encrypted files may be distinguished by the extension changed to .lechiffre. After the end of encryption process the cyber criminals will wipe all traces of their presence and leave the note with explanations and demands.

How to remove JobCrypter and decrypt .locked files

JobCrypter is a threat that belongs to the groups of ransomware. It is designed to affect files on the infected system and encrypt them demanding payment for the restoration. JobCrypter originates in France, however it has already spread around the world. JobCrypter works in the similar way with other ransomware: it detects the files with most popular extensions and encrypts them adding .locked extension, after which the malware creates a text file.

How to remove CryptoLocker and decrypt .7z files

CryptoLocker is a ransomware that squeezes money from users by encrypting the personal files with AES-265 and RSA algorithms. After the installation CryptoLocker inserts a randomly named executable file into %AppData% or %LocalAppData% folders. This executable is created for detecting the files for enciphering. It will change the extension of your media files and documents to .7z. CryptoLocker affects executables to prevent you from using the shadow copies.

How to remove UltraCrypter and decrypt .cryp1 files

UltraCrypter is updated version of previously described CryptXXX virus, that can be called CryptXXX 3.0 ransomware. Malware developers made some crucial changes, that are not very pleasant for potential victims. It still uses AES CBC 256-bit encryption algorithm, but now it adds .cryp1 extension to encrypted files. Ransom is 1.2 Bitcoins (around 500$). Bad news are, that now decryptors for CryptXXX does not work. That means the only chance to decrypt UltraCrypter-affected files is if you have external backup or enabled Windows service that will store previous versions of your files.

How to remove DMA Locker and decrypt !DMALOCK4.0 files

DMA-Locker or MadLocker is a ransomware that silently sneaks into your PC and makes it a disaster. After it has found a way to get on your computer, DMA-Locker starts searching the hard drives for important and mostly used files. Alongside with it, the ransomware displays a notification with detailed explanation of what has happened and with instruction for the user. It states that the files were hijacked and encrypted with unique code, which makes them unacceptable without Master Key that can be purchased.

How to remove 777 Ransomware and decrypt .777 files

.777 is file extension of files encrypted by recently appeared ransomware called 777 Virus or 777 Ransomware, that targets computers running Windows OS. Malware uses asymmetric encryption and generates two decryption keys (private and public). Hackers ask for ransom of $500 or $1500 to decrypt files. Usually users have to pay in BitCoins. Users need to send an e-mail to to receive message like shown below, with instructions to pay the ransom.