Category Ransomware

Articles about removing ransomware that blocks Windows or browsers and can encrypt your data and demand ransom.

How to remove Cerber3 Ransomware and decrypt .cerber3 files

Cerber3 is newer version of Cerber and Cerber2 ransomware, that is became more complicated. It was discovered and described by AVG malware analyst. New version of this virus adds .cerber3 extension instead of .cerber or .cerber2. Authors of Cerber3 demand 0.7154 bitcoins (~$400) for decryption. Malefactors give users 5 day time frame, otherwise ransom amount doubles. Malware has new ransomware note filenames (# HELP DECRYPT #.html, # HELP DECRYPT #.txt, # HELP DECRYPT #.url). Text and html files contain the same message and instructions to pay the ransom, ".url" file opens Cerber3's payment website in browser.

How to remove Nemucod Ransomware and decrypt .crypted files

Nemucod is a trojan, that downloads ransomware virus on your computer. This virus claims it uses RSA-1024 algorithm to encrypt user personal files and appends .crypted to those files. In fact, files are encrypted with more simple XOR algorithm. Ransomware encodes various types of files: documents, music, e-mails, videos, photos, game files. Decryption is possible with the special decrypter by EmsiSoft, that we will describe later.

How to remove CrySis Ransomware and decrypt .CrySis files

CrySis (Virus-Encoder) is ransomware virus, that uses AES encryption to encrypt sensitive files (documents, photos, e-mails, music, video, gaming files). Threat most often appends .CrySis extension to all affected files, and that is where it name comes from. Malware generates unique user ID, that should be used by user to ask for decryption key. Ransomware modifies desktop wallpaper with image with text, e-mail and instructions to pay the ransom.

How to remove Hitler-Ransomware and restore deleted files

Hitler-Ransomware is fake crypto-virus, that is not actually encrypting your files. Alert message is written with tons of grammar mistakes and states, that user files are encoded and demands $25 ransom to be paid in 1 hour. Users need to buy Vodafone card with $25 value and send its code to the attackers. Many inexperienced users are scared with the message, and this is something that they expect.

How to remove REKTLocker and decrypt .rekt files

REKTLocker is cryptographic virus, that that belongs to the category of ransomware viruses. It uses RSA-2048 encryption to encrypt important user files and adds .rekt to all affected files. Decryption key is stored on the remote server that is controlled by malefactors, that makes it very hard to decrypt files without paying the ransom. By the way, hackers demand a ransom of 1 BTC for the private key they will send to you.