Cerber2 is new version of Cerber ransomware, that we described in one of our previous articles. both viruses act in similar fashion, but new one adds .cerber2 extension instead of .cerber. After this virus asks for 1.24 bitcoins (~$500) for decryption service. As well as its predecessor, Cerber2 virus copies 3 files on you computer (#DECRYPT MY FILES#.txt, #DECRYPT MY FILES#.html, #DECRYPT MY FILES#.vbs).
Cerber is ransomware virus that encrypts your documents, images and music with AES encryption and adds .cerber extension to every encrypted file. After this virus asks for 1.24 bitcoins ($500) for decryption service. After infecting PC, Cerber virus creates 3 files (#DECRYPT MY FILES#.txt, #DECRYPT MY FILES#.html, #DECRYPT MY FILES#.vbs), that contain instructions to decrypt your files in different format and link to online "Cerber Decryptor".
Troldesh is family of ransomware viruses also called Shade Ransomware. Unique version of this threat can be created by anyone using special "developer kit", that is available on the underground forums. This virus targets Russian and American users. Malware encrypts user personal files and documents along with photos, music, videos with asymmetric encryption algorithm (RSA-2048 or RSA-4096). Ransomware appends .xtbl extension to all encrypted files.
Microsoft Decryptor ransomware is crypto-virus, that uses asymmetric RSA-4096 encryption algorithm to encrypt important files on users machine. It is basically updated version of CryptXXX and UltraCrypter ransomware. Virus demands a ransom of 1.2 BitCoins (~$646) to decrypt files and if ransom is not paid within 96 hours, the amount doubles to 2.4 BitCoins. Microsoft Decryptor does not modify encrypted files names and creates 3 files (README.txt, README.bmp, and README.html) in every affected folder. README.bmp is then used to change desktop background.
Stampado Ransomware is ransomware virus, that uses asymmetric AES-256 encryption to encrypt important files on users machine. Its particularity is that anyone can buy "license" for this ransomware and spread it using his or her own channels. Virus then demands a ransom from user to send secret key that will allow to decrypt infected files. Stampado "encourages" user to pay the ransom faster by giving 96 hours deadline. It also removes random files every 6 hours and that is called "Russian Roulette". This is done After this period private key will be deleted and encryption will be impossible.