Category Ransomware

Articles about removing ransomware that blocks Windows or browsers and can encrypt your data and demand ransom.

How to remove PoisonFang Ransomware and decrypt your files

PoisonFang is a cryptovirus developed by Israeli programmers. It encrypts user files using various algorithms. Files that are encrypted are very different, they can be office documents, PDP files, archives, multimedia (photo and video) and much more. The probability of decrypting these files is scanty because it removes copies of target files and erases the system restore points.

How to remove Shrug Ransomware and decrypt .SHRUG files

Shrug ransomware is another trojan, which encrypts all user data without any approval. Some users report, that their files renamed with adding .SHRUG extension. After encryption, files become unavailable for editing, view or playing, because the virus uses AES+RSA encryption. Cybercriminals demand ransom (in BTC) for a decryption program. Also, Shrug ransomware run the program, which locks screen on victim PC.

How to remove THT Ransomware

THT Ransomware is a cryptographic virus, which became most active at the end of June this year. Like many similar extortionists, it encrypts key and most valuable user files, such as documents, photos, video files and much more.

How to remove Nozelesn ransomware and decrypt .nozelesn files

Nozelesn ransomware is a trojan-crypter, which distributed since June'2018, mostly in Poland. Some users report, that their files renamed with adding .nozelesn extension. After encryption, users unable to open their files, because the virus uses AES encryption. Cybercriminals want money (0,1 in BTC) for decryption keys. Also, Nozelesn ransomware creates HOW_FIX_NOZELESN_FILES.htm file with rasom demands. For removing Nozelesn ransomware and .nozelesn files decryption, please try all methods from our article.

How to remove Animus Locker ransomware and decrypt .animus files

Animus Locker ransomware is a relatively new virus, which encrypts users files on their machines, through unprotected network configuration. The first symptom of infiltration is new extension .animus which added to all filenames on users PC. For example, 1.doc become 1.doc.animus. After encryption users can use coded files. Animus Locker based on AES algorithm, so decryption is very difficult but sometimes possible.

How to remove Oktropys@protonmail.com ransomware and decrypt .Aurora files

Oktropys@protonmail.com ransomware is a crypto-trojan, which encrypts all files on victims machines without permission. It insert new file extensions .Aurora to every encrypted file, for example, if you have a Photo.png file, then its name becomes Photo.png.Aurora. All text documents, images , photos, images, and other files is at risk. We think, that files with next extensions can be encrypted by a virus:
.shw, .cat, .csv, .db, .doc, .gif, .htm, .ico, .inf, .ini, .jpg, .png, .ppt, .sam, .txt, .url, .xls, .xml, .wav, .wb2, .wk4, .wpd, .wpg
After encryption, criminals create special files with the debscription of their demands and procedure of payment for decryption.

How to remove BtcKING ransomware and decrypt .BtcKING files

If you found, that some files on your PC got new .BtcKING extension and became unreadable, unfortunately, your system was hit by a virus. Virus researchers classified such viruses as Ransomware-trojan. Our sample called BtcKING Ransomware and started to attack users machines since the second half of June 2018. An encryption method is AES, so decryption is near impossible. Despite it, we can help with removing BtcKing ransomware and partial decryption of .BtcKING files.