Category Ransomware

Articles about removing ransomware that blocks Windows or browsers and can encrypt your data and demand ransom.

How to remove Velso Ransomware and decrypt .velso and .david files

Velso Ransomware is crypto-virus, that secretly infiltrates computers and encrypts user data. It encrypts files using symmetric or asymmetric cryptography (AES encryption) and appends .velso or .david extension. Velso Ransomware affects many types of files, that can be important for users: photos, videos, documents, project files of popular programs. The ID of the key and victim is generated by CryptGenRandom using AES-256 OpenSSL in ECB mode. Ransomware ask from $500 to $1000 ransom in BitCoins. Often, ransomware developers ignore victims after receiving the payment or send wrong decryption keys or decryptors. Use instructions on this page to attempt decryption of files affected by Velso Ransomware.

How to remove Scarab-Crypto Ransomware and decrypt .crypto files

Scarab-Crypto is a parallel version of the Scarab Ransomware, which can cause troubles for users. The main purpose of such viruses is to encrypt most important files on user's machine and to require a ransom from victims. Antiviruses without real-time internet protection are useless against Scarab-Crypto. A malicious program has unique symptoms: firstly, every encrypted file got a .crypto suffix using the AES. Coded files are impossible to view and edit.

How to remove BlackRuby2 Ransomware and decrypt .BlackRuby2 files

BlackRuby2 Ransomware is a second edition of wide-spread BlackRuby Ransomware virus based on InfiniteTear. It encrypts files using symmetric or asymmetric cryptography (AES encryption) and appends .BlackRuby2 (.BlackRuby-2) extension. Malware also modifies filename with certain template, and as a result, affected files look like this: Encrypted_[random_letters].BlackRuby2. BlackRuby2 Ransomware demands ransom in BitCoins. The previous version asked for $650. It checks the presence of following anti-viruses in the system: Avast, Avira, COMODO, Kaspersky Lab, McAfee, Symantec. Uses services to locate the user's PC, up to the city. BlackRuby2, in comparison to the first version, also spreads in following countries: Afghanistan (AF), Armenia (AM), Azerbaijan (AZ), Iran (IR), (Iraq) IQ, Pakistan (PK), Turkey (TR), Turkmenistan ( TM).

How to remove Zenis Ransomware and decrypt your files

Zenis is a new virus, which encrypts all data files on a user PC and after that developers demand a ransom for decryption. This type of viruses called Ransomware and has a very high level of damage to docs, music, videos, photos, and databases on a users machines. We strongly recommend you not to pay to cybercriminals, because real decrypting is not guaranteed and payments can increase a number of new virus threats in future. Zenis ransomware show other typical features of ransomware: it adds a random symbols suffix (for example .Zenis-******) for every encrypted file and creates a file Zenis-Instructions.html. Use this article to remove Zenis Ransomware completely from Windows 10, 8, 7 and decrypt your files.

How to remove Arrow Ransomware and decrypt .arrow files

Arrow Ransomware is a new version of encryption virus from notorious Dharma/Crysis ransomware family. Ransomware uses AES and RSA algorithms to encrypt user files and add .arrow extension to affected files. Actually, it appends a complex suffix, that looks like this: .id-{8-symbols-alphanumeric-id}-{e-mail}.arrow. Ransom is 0.1 BitCoin, that currently equals to ~$1000. However, this amount may vary depending on cryptocurrency exchange rate. Arrow Ransomware targets most important user data, which makes it effective for malefactors. These are MS Office documents, OpenOffice, PDF, text files, databases, photos, music, videos, image files, archives, web page files and other web files, educational, application and specialized files, and other files.

How to remove GandCrab2 Ransomware and decrypt .crab files

GandCrab2 is a successor of previous wide-spread ransomware-type virus GandCrab. This virus encrypts user data using AES-256 and RSA-2048 encryption algorithms. GandCrab2 Ransomware appends .CRAB extension to affected files. Following successful encryption ransomware demands ~$400 in Dash cryptocurrency. Ransom note also states, that this amount will double, if not paid in 48 hours.

How to remove GandCrab Ransomware and decrypt .GDCB files

GandCrab is crypto ransomware encrypts user data using AES-256 (CBC mode) encryption algorithm. and RSA-2048 for the key, and then demands a ransom of 1-3 Dash (crypto-currency) to buy GandCrab Decryptor from extortionists and restore files. GandCrab Ransomware appends .GDCB extension to encrypted files. After finishing encryption process virus creates GDCB-DECRYPT.txt file with ransom-demanding content. GandCrab Ransomware stimulates users to pay the ransom by giving limited time period, after the end of which ransom amount doubles.

How to remove Rapid Ransomware and decrypt .rapid or .paymeme files

Rapid Ransomware is encryption virus that encodes user files using AES algorithm. After successful encryption ransomware appends .rapid or .paymeme extensions to affected files. It also creates text files ("!!! README !!!.txt", "! How Recovery Files.txt", "How Recovery Files.txt", "recovery.txt", ) with ransom note and contact e-mails. This version wants 0.4 BitCoins which is around $5000, but we strongly recommend you not to pay money to malefactors, as you can put your bank credentials at risk. Rapid Ransomware also deletes shadow copies of files, so it will be impossible to restore files from shadow copies. However other instructions given on this page can be very useful and help you in your particular case. Follow the guide below to remove Rapid Ransomware and decrypt .rapid or .paymeme files in Windows 10, Windows 8/8.1 or Windows 7.