Category Ransomware

Articles about removing ransomware that blocks Windows or browsers and can encrypt your data and demand ransom.

How to remove Purge ransomware and decrypt .purge files

Purge Ransomware refer to the ransomware virus that encrypts your files. Once launched, it begins the process of encrypting your files stored on the system drives and attached network drives. The each infected file is added the extension .purge. This tricky malware uses strong encryption algorithm - RSA, that can be decrypted using a unique key. Unfortunately, restoring files are almost impossible without this key which crooks store on the remote servers

How to remove Globe ransomware and decrypt .globe files

Globe is a ransomware that is very similar to Mahasaraswati, JohnyCryptor, Ecovector and JohnyCryptor. Once Globe ransomware has infected your computer, it encrypts various data. After finishing encrypting process, this ransomware adds .globe (.purge) extensions to the name of all the encrypted files. It will create a HTA note named How to restore files.hta in each folder with the encrypted data. Also this ransomware creates an autorun named How to restore files that automatically opens ransom note each time you login to Windows and changes wallpaper on your desktop to "Purge: Election Year" film's theme.

How to remove .zzzzz ransomware and decrypt .zzzzz files

.zzzzz is actually redesigned Locky crypto-virus. We remind that Locky (and its new version) uses asymmetric encryption algorithm to encrypt user files, images, videos, documents, game files. Now virus can detect and encode more than 450 types of files. After encryption virus appends .zzzzz extension and modifies filenames sol they get long alphanumeric 24 digit names. This ransomware still extorts ransom of 3 BitCoins (~$2200) from user to decrypt files. Zzzzz ansomware creates 3 files on users PC: INSTRUCTION.bmp, -INSTRUCTION.html and _6-INSTRUCTION.html. All this files are used to inform users, that their system is hacked and files are encrypted.

How to remove Aesir ransomware and decrypt .aesir files

Aesir is another ransomware-type virus from Locky family. It still uses RSA-2048 and AES-128 algorithms to encrypt user files. Now virus targets more than 450 types of files. After encrypting malware adds .aesir suffix and modifies filenames. Aesir ransomware demands user to pay ransom of 3 BitCoins (~$2200) to decrypt files, but never send the keys. Ransomware creates 3 files on users computers: INSTRUCTION.bmp, -INSTRUCTION.html and _1-INSTRUCTION.html. This files contain instructions for users to pay the ransom and get decryptor. Image is used to set as background and also contains ransom-note with payment details.

How to remove Vegclass ransomware and decrypt .vegclass@aol.com.xtbl files

Vegclass is a ransomware that is very similar to Mahasaraswati, JohnyCryptor, Ecovector and JohnyCryptor. Once Vegclass has infected your computer, it encrypts various data. After finishing encrypting process, this ransomware adds .Vegclass(@)aol.com.xtbl extension to the name of all the encrypted files. It will create text file named "How to decrypt your files" in each folder with the encrypted data. Also this ransomware changes wallpaper on your desktop. Every change Vegclass makes on your PC is stating developer's demands. These cyber criminals want you to contact them, then they will offer you to restore encrypted files by paying them a certain fee.

How to get rid of “You have a ZEUS virus” scam message

It's a browser hijacker that is usually accompanied with other free software. This malware shows the Windows Detected ZEUS Virus to trick the user. It’s created to make people think that their computer has crashed or that there is a real virus has been detected. The main purpose of such malware is to scare user and force him to call on one of the listed numbers to get support. But in reality they are just selling unneeded services and support contracts.

How to remove HappyLocker ransomware and decrypt .happy files

When you see the black screen with the message that your files was encrypted with "HappyLocker" it means that your system infected by ransomware. The HappyLocker Ransomware is a threat that is designed to encrypt the victim's data and demand payment in Bitcoins to release a decryptor. Payment amount is 0.1 BitCoin or approximately 70$. HappyLocker encrypts the files with AES-256 cipher or similar. The authors of the HappyLocker Ransomware deliver the Trojan to users by using spam emails. Users get it when they are opening emails with infected attachments.

How to remove Kangaroo ransomware and decrypt .crypted_file files

The Kangaroo Ransomware is a serious threat to your computer. It’s a Trojan virus, that encrypts all the data placed on your hard drive. Still you can get your files and folders back, because Kangaroo Ransomware does not damage, move or delete them. After finishing the encryption process, this virus demands payment in order to "help" you with decryption. These criminals usually demand 500 - 1000 US Dollars in Bitcoins. After the payment is done, there is no guarantee that it will help you to get your data back. So please do not invest into this criminal scheme.

How to remove YOUR COMPUTER HAS BEEN BLOCKED message

YOUR COMPUTER HAS BEEN BLOCKED message can be of 2 types. Browser pop-up message, that does not allow you to close it going full-screen or re-opening every time you close it. Or application message, saying that your computer is blocked and you are blocked from access to internet. This problems should be treated differently and in this article we created full guide to get rid of YOUR COMPUTER HAS BEEN BLOCKED message from Windows or browsers.

How to remove Angry Duck ransomware and decrypt .adk files

Angry Duck is ransomware-type virus that uses encryption with AES-512 cryptography. Virus is very weird because it demands huge ransom (10 BitCoins or $6500), however, authors do not provide any contacts or instructions to pay this ransom like e-mail or electronic wallet. But Angry Duck actually encrypts files and appends .adk extension to all affected ones. Usually, ransomware targets pictures, videos, documents and other types of personal files. Feedback shows, that hackers never or rarely send decryption keys or decryption tools after users pay them.