Category Ransomware

Articles about removing ransomware that blocks Windows or browsers and can encrypt your data and demand ransom.

How to remove CryptoLocker and decrypt .7z files

CryptoLocker is a ransomware that squeezes money from users by encrypting the personal files with AES-265 and RSA algorithms. After the installation CryptoLocker inserts a randomly named executable file into %AppData% or %LocalAppData% folders. This executable is created for detecting the files for enciphering. It will change the extension of your media files and documents to .7z. CryptoLocker affects executables to prevent you from using the shadow copies.

How to remove UltraCrypter and decrypt .cryp1 files

UltraCrypter is updated version of previously described CryptXXX virus, that can be called CryptXXX 3.0 ransomware. Malware developers made some crucial changes, that are not very pleasant for potential victims. It still uses AES CBC 256-bit encryption algorithm, but now it adds .cryp1 extension to encrypted files. Ransom is 1.2 Bitcoins (around 500$). Bad news are, that now decryptors for CryptXXX does not work. That means the only chance to decrypt UltraCrypter-affected files is if you have external backup or enabled Windows service that will store previous versions of your files.

How to remove DMA Locker and decrypt !DMALOCK4.0 files

DMA-Locker or MadLocker is a ransomware that silently sneaks into your PC and makes it a disaster. After it has found a way to get on your computer, DMA-Locker starts searching the hard drives for important and mostly used files. Alongside with it, the ransomware displays a notification with detailed explanation of what has happened and with instruction for the user. It states that the files were hijacked and encrypted with unique code, which makes them unacceptable without Master Key that can be purchased.

How to remove 777 Ransomware and decrypt .777 files

.777 is file extension of files encrypted by recently appeared ransomware called 777 Virus or 777 Ransomware, that targets computers running Windows OS. Malware uses asymmetric encryption and generates two decryption keys (private and public). Hackers ask for ransom of $500 or $1500 to decrypt files. Usually users have to pay in BitCoins. Users need to send an e-mail to seven_legion@india.com to receive message like shown below, with instructions to pay the ransom.

How to remove ENCRYPTED ransomware and decrypt .encrypted files

ENCRYPTED is categorized as crypto-virus and ransomware. ENCRYPTED targets .pdf, .doc, .ppt and many other types of files and encrypts them asking for ransom to decrypt. Attributes of ENCRYPTED virus are: ransomware modifies desktop background to the picture that contains instructions to decrypt files, it modifies encrypted files adding .encrypted extension, it creates text file "Read Me (How Decrypt) !!!!.txt" in every folder that contains encrypted files, ENCRYPTED asks ransom between 0.5 - 1.5 BTC (bitcoins) which is around $400.

How to remove CTB-Locker and decrypt .ctb (.ctb2) files

CTB-Locker (Curve-Tor-Bitcoin Locker) belongs to the family of ransomware viruses. It is also known as Critroni ransomware. This is also crypto-virus and it uses RSA 2048 encryption to encrypt sensitive files and folders. Usually CTB-Locker encrypts user documents, photos, music and other types of personal information. After this it asks for a ransom in bitcoins (0.3 or $120). CTB-Locker modifies file names and extensions of encrypted files. All affected files get .ctb or .ctb2 extension.

How to remove TeslaCrypt and decrypt .ecc files

TeslaCrypt is virus that belongs to ransomware category of crypto-viruses. TeslaCrypt encrypts important documents, images, presentations using AES encryption. Then it demands a payment (ransom) for decryption key that will allow user to restore the files. One of the "features" of TeslaCrypt is that it also encrypts game files of 40+ popular games like Dota, Minecraft, World of Warcraft etc.

How to remove Locky virus and decrypt .locky files

Locky virus is ransomware threat that encrypts documents, music, video and other information on victims computer using AES encryption. This virus can also encrypt folders on unmapped network shares. It modifies affected files extensions to .locky. After this it demands ransom in bitcoins (0.5 - 2 BTC or approximately $200 - $800) for decryption services. There is no known guaranteed way to decrypt files infected by Locky virus and that is why this blackmail virus is considered very harmful.