Scarab-Walker is the latest version of ransomware viruses, marked as Scarab Ransomware. We already subscribed old versions: Horsia, Scarab-XTBL, Scarab-crypto, Scarab, Amnesia. Scarab-Walker shows all features of other versions: it encrypts all files on user's PC, adding .JohnnieWalker suffix to every coded file, and start to demand a ransom in BTC. All documents (.doc, .docx, .pdf, .txt, .xls and others), databases, mediafiles are at risk.
BTCWare Ransomware belongs to the family of BTCWare Ransomware, that we described in our blog. However, unlike its predecessor it uses more complex AES-256 encryption algorithm, which makes it more difficult to decrypt files. Latest version uses following pattern to modify filenames and extensions: [email]-id-[id-number].payday.
Matrix is another ransomware-type malware, that can encrypt user documents, photos, music, video, archives and other types of personal files. Virus adds ".matrix" extension to all encrypted files. It also creates matrix-readme.rtf or Readme-Matrix.rtf files with message in Russian and English with instructions to pay the ransom. Developers of Matrix ransomware offers to contact them using following e-mail addresses: email@example.com, firstname.lastname@example.org or email@example.com and demand ransom of about $500 - $1500.
How to remove Horsia Ransomware and decrypt .oblivion, .firstname.lastname@example.org or .decryptsairmail.cc files
Horsia is another version of a "Scarab Family" group, which consist of similar ransomware viruses. For victims, an infiltration by these viruses may lead to loss of all data files on PC, because like another ransomware threats, both Horsia or Oblivion code all files with .doc, .xls, .pdf, .mp3, .wav, .mdb and many others files with another extension. After penetration, all coded files become unreadable and unavailable for editing. Besides, scammers, create files with ransom demands where they promise to decrypt files, after payloads in BTC. We argue to not pay them because all cybercriminals can lie easily.
How to remove Jigsaw ransomware and decrypt .LolSec, .onion, .jes, .fun, .choda or others encrypted files
Jigsaw, also known as Koolova, HiddenTear, Nice Jigsaw or CryptoHitman is a ransomware-type virus, which "distributed" since early 2016. It is known about it was listed more than 60 versions of Jigsaw Ransomware. Written within the .NET Framework technology, this virus encrypts user data using AES-256 (sometimes RSA-2048) for the key and then demands a ransom for decrypted keys or for the decryption tool.
Vortex Ransomware is a cryptographic virus, that mostly attacks users in Poland, but may also be distributed in other counties. Vortex Ransomware code is based on AESxWin - a free program for encryption and decryption. It uses AES-256 cryptography and adds .aes and .ZABLOKOWANE extensions to encrypted files. After encoding, Vortex creates a text files (ODZSZYFRUJ-DANE.txt (or "#$# JAK-ODZYSKAC-PLIIKI.txt")), and places it on the desktop. Various versions of this virus demand from $100 to $200 in BitCoins. One of the alternative versions of Vortex Ransomware is called Flotera and it also appends .aes suffix.
GANDCRAB V3 is a new version of most dangerous virus GandCrab Ransomware. Thousands of computers in the world were infected by Gandcrab in 2018. Most of the victims can't recover lost data, despite all efforts. Ransomware threats usually encrypt user data using AES-256 and RSA-2048 encryption algorithms and demand a ransom for decryption. Main features of GANDCRAB V3 Ransomware are:.CRAB extension to every affected file and unique ransom note(see below)
Hermes Ransomware is crypto-extortionist, that encrypts user data using AES-256 + RSA-2048 encryption, and then requires you to contact by e-mail to return files. Virus appends .hrm extension to encrypted files, however, some versions do not add any extensions or suffixes. Hermes Ransomware also creates "UNIQUE_ID_DO_NOT_REMOVE" file, that malefactors require attaching to e-mail. This malware uses the Evelen method to bypass UAC. Removes volumes of shadow copies of files and backup files. Currently ransom amount is unknown, but usually ransomware demands from $500 to $2000 in BitCoins to be paid for decryptor. There are many cases when hackers ignore the payment and do not send any keys in return. There is free decryptor available, created by security specialists, but unfortunately, it can not decrypt all versions of Hermes Ransomware.
CryptoMix Ransomware is famous family of ransom-demanding encryption viruses. Recently it came up with updated version that modifies your files with random set of 32 letters and digits and .xzzx file extension. So it makes your files look like this: 1V3DJHJ6M78BL3535RTY987XZFDGP876.XZZX. This new version uses complex double encryption with RSA-1024 ans AES algorithms. After encryption finishes CryptoMix Ransomware creates _HELP_INSTRUCTION.TXT file that contains contact e-mails and ransom-demanding message. Malefactors use following e-mails: email@example.com, firstname.lastname@example.org, email@example.com, and firstname.lastname@example.org.
Scarab-XTBL Ransomware is another file locker, which can cause many troubles to millions of PC users. First of all, it encrypts all Office, Media, Database files on users machines, adding a .xtbl extension to every coded file. Then Scarab removes all shadow copies of encrypted files, making difficult to restore it. After that, it turns off windows restore and recovery tools. Next step of infiltration is a creating a ransom message IF YOU WANT TO GET ALL YOUR FILES BACK, PLEASE READ THIS.TXT.