WannaCry Ransomware new dangerous encrypting virus, that targets sensitive user files like documents, photos, videos, music and infected more then 250000 machines worldwide. Unfortunately, currently there are no way to restore your files, but there is no point to pay the ransom either, as malefactors never send the key. Threat developers earned more the $50000 in a few days since several hundreds of users paid the demanded amount. There is no information whether they received decryption service or not.
Spora Ransomware is file encryption virus possibly originating in Russia. It encrypts user files, documents, photos, videos using RSA encryption. Spora does not rename encrypted files. During the process virus generates private key, that, in turn, encrypted with AES encryption. Spora Ransomware is complex infection and certain efforts needed to break it encryption. Currently antivirus companies are unable to find decryption key, and the only way to restore files infected by Spora is backup.
Dharma virus is new variation of Crysis ransomware, and it uses asymmetric cryptography to encrypt user files (documents, music, photos, game files). If you see, that your filenames end on .dharma, .wallet, .zzzzz, .xtbl there is a great possibility you are infected with Dharma Ransomware.
Shade is a ransomware that is very similar to Wildfire, Hades Locker, CryptFIle2 (or CryptMix) and MarsJoke (or JokeFromMars). Once Shade ransomware has infected your computer, it encrypts various data. After finishing encrypting process, this ransomware adds .no_more_ransom extension (what an irony) to the name of all the encrypted files. It will create a text note named nomoreransom_note_original.txt / YourID.txt / hacked.txt in each folder with the encrypted data and on your desktop.
There are two features of this ransomware that differs it from other ransomware programs. First, it's the fee for decrypting files. 30$ is rather smaller ransom in opposition to 500-1000$ (usually ransomware developers demand this amount of money).
Payday is a ransomware based on HiddenTear source code and developed by Portuguese hackers. Payday derives its name from popular game of the same name. The purpose of the infection is to deny access to the personal data so it encrypts them using complex AES cipher. At the time of encryption, Payday appends the names of encrypted files with the .sexy extension. Although, the data encryption is a time-consuming process, the users usually don’t notice nothing suspicious. The whole procedure runs in stealth mode. Once encrypted, virus creates HTML file saving it on the desktop.
