Category Ransomware

Articles about removing ransomware that blocks Windows or browsers and can encrypt your data and demand ransom.

How to remove Scarab Ransomware and decrypt .scarab and .scorpio files

Scarab Ransomware is encryption virus, that encodes your files using AES cryptography and appends .scarab extension. Following successful infection and encryption Scarab Ransomware creates IF_YOU_WANT_TO_GET_ALL_YOUR_FILES_BACK_PLEASE_READ_THIS.TXT file. And puts it on the desktop. It demand ransom between $500 and $1000 in BitCoins. Latest versions remove shadow copies of files, restore points and system state backups, not allowing users to restore files using any of this methods. At the moment files hit by Scarab Ransomware are non-decryptable. We will update this article, as soon as decryption tool appears.

How to remove Nemesis Ransomware and decrypt .nemesis, .63vc4, .t5019 files

Nemesis Ransomware is a successor of CryptON Ransomware and is very likely developed and distributed by the same team of hackers. Files are encrypted using mix of RSA, AES-256 and SHA-256 or SHA-512 encryption algorithm. Other version of Nemesis Ransomware are known under the names Cry9, Cry128, Cry36, X3M. Newer version add randomly generated extensions. After encryption ransomware creates file ### DECRYPT MY FILES ###.html with instructions to pay the ransom.

How to remove CryptON Ransomware and decrypt _x3m, _locked, _r9oj, _crypt files

CryptON Ransomware is crypto-virus, that gave birth to large family of ransomware encryption viruses like Nemesis, X3M, Cry9, Cry128, Cry36. This particular ransomware appends _crypt extension to filenames and saves original extension. So after encryption user file sample.txt will become sample_crypt.txt. After successful encryption CryptOn Ransomware creates readme_encrypted.txt file. There are several decryption tools released from companies like Emsisoft, Avast, Eset and we will give you instructions to use them below. Learn how to remove CryptON ransomware and decrypt _crypt files using guide on this page.

How to remove Blind Ransomware and decrypt .blind and .kill files

Blind Ransomware is cryptoviral extortion, that uses RSA and AES algorithms to encrypt user data. This particular ransomware appends .blind and .kill suffixes to compromised files. It also adds developers e-mail to the filenames: blind@cock.li or kill@rape.lol. Usually, malware attacks files, that represent value for the user - documents, presentations, photos, video, music. After finishing encoding files, Blind Ransomware creates following file: How_Decrypt_Files.hta.

How to remove Paradise Ransomware and decrypt .paradise files

Paradise Ransomware is crypto-virus distributed as RaaS (Ransomware-as-Service). That means it is simplified ransomware development kit, that allows potential hackers and malware distributors to substitute their e-mails and BitCoin wallets and receive ransom payments from infected users. Virus appends .paradise file extension and modifies filename with affiliate identification number and e-mail, so the final pattern looks like this: id-affiliate-id-[affiliate-e-mail].paradise. Malware uses RSA-1024 cryptography. Ransomware creates 3 text files: Files.txt, Failed.txt, and #DECRYPT MY FILES#.txt. First two are the lists of successfully encrypted files and files, that failed to be encrypted.