Category Ransomware

Articles about removing ransomware that blocks Windows or browsers and can encrypt your data and demand ransom.

How to remove CryptoMix Ransomware and decrypt .xzzx, .MOLE, .CK, .ZERO and .BACKUP files

CryptoMix Ransomware is famous family of ransom-demanding encryption viruses. Recently it came up with updated version that modifies your files with random set of 32 letters and digits and .xzzx file extension. So it makes your files look like this: 1V3DJHJ6M78BL3535RTY987XZFDGP876.XZZX. This new version uses complex double encryption with RSA-1024 ans AES algorithms. After encryption finishes CryptoMix Ransomware creates _HELP_INSTRUCTION.TXT file that contains contact e-mails and ransom-demanding message. Malefactors use following e-mails: xzzx@tuta.io, xzzx1@protonmail.com, xzzx10@yandex.com, and xzzx101@yandex.com.

How to remove Scarab-XTBL Ransomware and decrypt .XTBL or .OBLIVION files

Scarab-XTBL Ransomware is another file locker, which can cause many troubles to millions of PC users. First of all, it encrypts all Office, Media, Database files on users machines, adding a .xtbl extension to every coded file. Then Scarab removes all shadow copies of encrypted files, making difficult to restore it. After that, it turns off windows restore and recovery tools. Next step of infiltration is a creating a ransom message IF YOU WANT TO GET ALL YOUR FILES BACK, PLEASE READ THIS.TXT.

How to remove Java NotDharma Ransomware and decrypt .java files

Java NotDharma Ransomware is a file encryptor, which codes users documents, photos, videos, databases and other files. A virus uses AES for the key. After encryption cybercriminals demand Bitcoins for decryption. All encrypted files have .java extension, the same extension as after Java Ransomware coding, but there are two different viruses.Note, that real decryption is not guaranteed after payment!.

How to remove Iron Ransomware and decrypt .encry files

Iron Ransomware, also known as Iron Locker, Iron Unlocker Ransomware, Maktub Ransomware, is malware file encryptor, which locks users documents, photos, videos and other files using AES + RSA for the key, and then cybercriminals demand a 0.2-1.1 Bitcoins for decryption. In fact, real decryption is not guaranteed after payment. Ransomware virus creates a unique id for every infiltrated machine.

How to remove Horros Ransomware and decrypt .horros files

Horros is crypto ransomware, which encrypts user data using AES-256 and RSA-2048 for the key, and then demands a ransom for decrypted files or for the decryptor. After finishing encryption process virus creates a text file with a ransom demand. To prevent infiltration, you shouldn't allow unknown programs to run and make changes on your PC. User Account Control can help to prevent infiltration. Read our article to remove Horros Ransomware and decrypt .horros files.