PoisonFang is a cryptovirus developed by Israeli programmers. It encrypts user files using various algorithms. Files that are encrypted are very different, they can be office documents, PDP files, archives, multimedia (photo and video) and much more. The probability of decrypting these files is scanty because it removes copies of target files and erases the system restore points.
Shrug ransomware is another trojan, which encrypts all user data without any approval. Some users report, that their files renamed with adding .SHRUG extension. After encryption, files become unavailable for editing, view or playing, because the virus uses AES+RSA encryption. Cybercriminals demand ransom (in BTC) for a decryption program. Also, Shrug ransomware run the program, which locks screen on victim PC.
"24H" is another cryptovirus aimed at getting user money. Crypto-extortioners are constantly updated and changing, but they have the same pattern of behavior. After entering the PC, it encrypts user files, including photos, videos, office documents, PDP files, archives and other important files.
How to remove Scarab-Omerta Ransomware and decrypt .[firstname.lastname@example.org].omerta or .[XAVAX@PM.ME].omerta files
Infected with Scarab-Omerta Ransomware? Need to decrypt your files? What is Scarab-Omerta Ransomware Scarab-Omerta Ransomware is the next cryptographer of the Scarab family. Like analogs, it encrypts many user data of various formats, for example office documents, PDP files, photos,…
Scarab Red, also called Scarab Danger is a common version of the Scarab Ransomware - the virus, that encrypts users data. Created in the Russian-language country for demanding a Bitcoin payment from its victims, it spreads around the world. Read our article with removal tools.
THT Ransomware is a cryptographic virus, which became most active at the end of June this year. Like many similar extortionists, it encrypts key and most valuable user files, such as documents, photos, video files and much more.
Nozelesn ransomware is a trojan-crypter, which distributed since June'2018, mostly in Poland. Some users report, that their files renamed with adding .nozelesn extension. After encryption, users unable to open their files, because the virus uses AES encryption. Cybercriminals want money (0,1 in BTC) for decryption keys. Also, Nozelesn ransomware creates HOW_FIX_NOZELESN_FILES.htm file with rasom demands. For removing Nozelesn ransomware and .nozelesn files decryption, please try all methods from our article.
Animus Locker ransomware is a relatively new virus, which encrypts users files on their machines, through unprotected network configuration. The first symptom of infiltration is new extension .animus which added to all filenames on users PC. For example, 1.doc become 1.doc.animus. After encryption users can use coded files. Animus Locker based on AES algorithm, so decryption is very difficult but sometimes possible.
Oktropys@protonmail.com ransomware is a crypto-trojan, which encrypts all files on victims machines without permission. It insert new file extensions .Aurora to every encrypted file, for example, if you have a Photo.png file, then its name becomes Photo.png.Aurora. All text documents, images , photos, images, and other files is at risk. We think, that files with next extensions can be encrypted by a virus:
.shw, .cat, .csv, .db, .doc, .gif, .htm, .ico, .inf, .ini, .jpg, .png, .ppt, .sam, .txt, .url, .xls, .xml, .wav, .wb2, .wk4, .wpd, .wpgAfter encryption, criminals create special files with the debscription of their demands and procedure of payment for decryption.
If you found, that some files on your PC got new .BtcKING extension and became unreadable, unfortunately, your system was hit by a virus. Virus researchers classified such viruses as Ransomware-trojan. Our sample called BtcKING Ransomware and started to attack users machines since the second half of June 2018. An encryption method is AES, so decryption is near impossible. Despite it, we can help with removing BtcKing ransomware and partial decryption of .BtcKING files.