Category Ransomware

Articles about removing ransomware that blocks Windows or browsers and can encrypt your data and demand ransom.

How to remove Oktropys@protonmail.com ransomware and decrypt .Aurora files

Oktropys@protonmail.com ransomware is a crypto-trojan, which encrypts all files on victims machines without permission. It insert new file extensions .Aurora to every encrypted file, for example, if you have a Photo.png file, then its name becomes Photo.png.Aurora. All text documents, images , photos, images, and other files is at risk. We think, that files with next extensions can be encrypted by a virus:
.shw, .cat, .csv, .db, .doc, .gif, .htm, .ico, .inf, .ini, .jpg, .png, .ppt, .sam, .txt, .url, .xls, .xml, .wav, .wb2, .wk4, .wpd, .wpg
After encryption, criminals create special files with the debscription of their demands and procedure of payment for decryption.

How to remove BtcKING ransomware and decrypt .BtcKING files

If you found, that some files on your PC got new .BtcKING extension and became unreadable, unfortunately, your system was hit by a virus. Virus researchers classified such viruses as Ransomware-trojan. Our sample called BtcKING Ransomware and started to attack users machines since the second half of June 2018. An encryption method is AES, so decryption is near impossible. Despite it, we can help with removing BtcKing ransomware and partial decryption of .BtcKING files.

How to remove Scarab Bomber ransomware and decrypt .bomber, .glutton, .fastsupport@xmpp.jp or .fastrecovery@xmpp.jp files

Scarab Bomber is a new version of the widespread Scarab Ransomware. Created in the Russian-language country, it spreads around the world, mostly in English speaking countries. The virus is very dangerous, because it crypts all files on victims PCs. Moreover, after encryption users can loose these files completely. Unfortunately, only a few versions of this virus are decryptable now. The latest versions of Scarab become very difficult to decrypt. Encrypted files got new .bomber, .fastsupport@xmpp.jp or .fastrecovery@xmpp.jp extensions. For example 1.txt become 1.txt.bomber. Ransomware can encrypt doc, txt, pdf, xls, bmp, jpg, bmp, mp3, avi and many other files.

How to remove QNBQW ransomware and decrypt .qnbqw or qnbqwqe@protonmail.com files

QNBQW ransomware is a new crypto-trojan, which must be removed as soon as possible, because all files on your PC can be damaged by this virus. QNBQ encrypts all files on victims machines without their permission. Trojan uses special sophisticated algorithms - AES256, because of what the user cannot open the encrypted files or restore it without special knowledge, decryption or tool or recovery software. Also, it replaces file suffixes by adding .qnbqw to every encrypted file, for example, if you have a Photo123.png file, then its name becomes Photo123.png.qnbqw.