Category Ransomware

Articles about removing ransomware that blocks Windows or browsers and can encrypt your data and demand ransom.

How to remove Microsoft Decryptor ransomware and decrypt encrypted files

Microsoft Decryptor ransomware is crypto-virus, that uses asymmetric RSA-4096 encryption algorithm to encrypt important files on users machine. It is basically updated version of CryptXXX and UltraCrypter ransomware. Virus demands a ransom of 1.2 BitCoins (~$646) to decrypt files and if ransom is not paid within 96 hours, the amount doubles to 2.4 BitCoins. Microsoft Decryptor does not modify encrypted files names and creates 3 files (README.txt, README.bmp, and README.html) in every affected folder. README.bmp is then used to change desktop background.

How to remove Stampado Ransomware and decrypt .locked files

Stampado Ransomware is ransomware virus, that uses asymmetric AES-256 encryption to encrypt important files on users machine. Its particularity is that anyone can buy "license" for this ransomware and spread it using his or her own channels. Virus then demands a ransom from user to send secret key that will allow to decrypt infected files. Stampado "encourages" user to pay the ransom faster by giving 96 hours deadline. It also removes random files every 6 hours and that is called "Russian Roulette". This is done After this period private key will be deleted and encryption will be impossible.

How to remove WildFire Locker and decrypt .wflx files

WildFire Locker is virus, that uses asymmetric AES-256 encryption to lock important files and documents on victims machine. It asks ransom for file decryption. Ransom amount is about $/€299, however, if it is not paid within 7 days amount will increase to $/€299. Ransomware adds extension .wflx to every encrypted file and also creates file "HOW_TO_UNLOCK_FILES_README_(victim's ID).txt", that contains instructions to unlock those files.

How to remove Zepto virus and decrypt .zepto files

Zepto is new file-encrypting virus, previously known as Locky ransomware. Virus uses AES-256 algorithm to encrypt your files. Zepto encrypts following file types: documents, images, game files, e-mails. Ransomware adds extension .zepto to every encrypted file and also creates file "_{random number}_HELP_instructions.html", and in this file hackers give instructions to pay the ransom and decrypt files. Threat also modifies name of the affected files with hexadecimal chars, making it difficult to understand where certain files are.

How to remove Crypt0l0cker virus and decrypt .encrypted files

Crypt0l0cker (TorrentLocker) is file-encrypting virus and ransomware that targets following countries: Australia, Austria, Canada, Czech Republic, Italy, Ireland, France, Germany, Netherlands, Korea, Thailand, New Zealand, Spain, Turkey, and the United Kingdom. For some reason it is not affecting US-based PCs. The ransom amount is 2.2 Bitcoins, which is currently about $330 GBP. Crypt0l0cker encrypts all files except ones with following extensions: avi, wav, mp3, gif, ico, png, bmp, txt, html, inf, manifest, chm, ini, tmp, log, url, lnk, cmd, bat, scr, msi, sys, dll, exe. Because those files are needed for OS operation.

How to remove NegozI ransomware and decrypt .evil files

NegozI is file-encrypting virus ransomware that uses AES-256 algorithm to encrypt your files. The ransom amount is huge 5 Bitcoins, which is currently about $3300. NegozI encrypts following file types: documents, images, game files, e-mails. Ransomware adds extension .evil to every encrypted file and also creates files "decrypt_your_files.txt" and "decrypt_your_files.html", that contain instructions to pay the ransom and decrypt files.

How to remove SecureCrypted virus and decrypt .SecureCrypted files

SecureCrypted (Apocalypse) is file-encrypting virus that demands ransom (0.5 and 1.5 Bitcoin) to decrypt infected files. Such type of threats is also called ransomware. After infection virus starts encrypting files of following extensions: .txt, .docx, .xlsx, .jpg, .png, .pdf and other. Those files are usually sensitive documents, photos, reports, books and other file types, that are important to regular people. Ransomware adds extension .SecureCrypted to every encrypted file and also creates files "yourfilename.Contact_Here_To_Recover_Your_Files.txt", that contains instructions to recover those files.

How to remove LeChiffre Ransomware and decrypt .LeChiffre files

LeChiffre Ransomware is drifting on the Internet since 2015 but hasn’t been closely analyzed until recently. The latest researches showed that the ransomware is surprisingly simple by its formation. To run this ingenious client the malware creators should launch it on a hijacked server to override the files for encryption. The encrypted files may be distinguished by the extension changed to .lechiffre. After the end of encryption process the cyber criminals will wipe all traces of their presence and leave the note with explanations and demands.

How to remove JobCrypter and decrypt .locked files

JobCrypter is a threat that belongs to the groups of ransomware. It is designed to affect files on the infected system and encrypt them demanding payment for the restoration. JobCrypter originates in France, however it has already spread around the world. JobCrypter works in the similar way with other ransomware: it detects the files with most popular extensions and encrypts them adding .locked extension, after which the malware creates a text file.