Ransomware

Monro Ransomware is subtype of Crysis-Dharma-Cezar ransomware family, that adds .monro extension to encrypted files. Virus uses composite extenion, that consists of e-mail adress and unique 8-digit identification number (randomly generated). Monro Ransomware developers extort from $500 to $1500, that have to be paid in Monero, Dash or BTC (BitCoins) for decryption. Due to the fact, that hackers often do not send decryption keys, or just ignore e-mails from victims, who paid the ransom, it is not recommended to send any funds. Usually, after some time security specialists and individual researchers break the algorithm and release master key. Also, some files can be recovered by using backups, recovery software and instructions given on this page.

Scarab-Enter Ransomware is one of the varieties of Scarab Ransomware family. Scarab Ransomware has typical malicious activity: it encrypts user files using AES encryption and demands ransom of 0.3 BitCoins for decryption. Virus-extorsionist appends .enter or .lol extensions to encrypted files. Depending on version, after encryption Scarab Ransomware creates text files HELP HELP HELP.TXT or HOW TO RECOVER ENCRYPTED FILES.TXT text files with instructions to pay the ransom. Some of the previous Scarab versions were decryptable, however, if you won't succeed in decryption, do not pay the ransom. There are a lot of reports from the victims, that malefactors don't send decryptors. If Dr. Web Decryption Service fails for you, try manual instructions on this page and file-recovery software. In most cases this helps to restore some important files. In this article we collected, consolidated and structured available information about this malware and possible ways of removal and decryption.

Evolution Ransomware is new ransomware with currently unknown genealogy. There are some indications, that it is based on hte code of Everbe 2.0 Ransomware. Virus encrypts user's files using AES encryption algorithm and adds .evolution extension to encoded files. After contacting the developers via one of the provided e-mails, they demand 2 BitCoins for decryption and offer to decrypt 1 file for free as a proof. After this they send wallet for sending funds. 2 BitCoins at the time of righting this article had equivalent of $8000. We do not recommend paying the ransom as there is no guarantee malefactors will send final decryptor. Currently, there are no decryption tools available for this type of crypto-virus. The only way to get all files back is to restore from backups. You can also try to use instructions and tools below to recover some important files.

Combo Ransomware is new reincarnation of Dharma/Cezar/Crysis Ransomware family. The successor of Arrow and Bip Ransomware. This version appends complex extension, that ends with .combo or .cmb and contains e-mail address and unique ID. Combo Ransomware encrypts all sensitive files including documents, images, videos, databases, archives, project files, etc. Windows files stay untouched for stable operation. Combo Ransomware uses AES-256 encryption, which makes the victim's files inaccessible without decryption key. As for today, decryption is not possible, however, you can attempt to decrypt files from backups or trying file recovery software. There is also chance of decryption after using methods explained in this article.

RYUK Ransomware is virulent ransomware threat, based on the code of Hermes 2.1 and BitPaymer viruses. Researchers believe, that famous Lazarus Group is responsible for the development and implementation of the virus. Latest variations of this virus append .RYK or .rcrypted extension to encrypted files. Hackers demand 15-50 BTC for decryption, which is great amount. RYUK Ransomware does not bypass UAC, requires permission to run, which means user granted access to the computer for virus executable file. Ransomware encrypts all files except ones in following folders: "Windows", "Mozilla", "Chrome", "RecycleBin", "Ahnlab". Before the onset of destructive activity, malware stops more than 180 services and 40 processes, by using taskkill and net stop commands. Stopped services and processes mainly belong to antivirus software, running databases, software for backup and editing documents that can prevent file encryption.

This is fourth iteration of notorious STOP Ransomware, that was launched in November, 2018. Now it adds .DATAWAIT, .INFOWAIT or .shadow extensions to encrypted files. Virus uses new name for ransom note: !readme.txt. It pretends to be a Windows update and uses the TeamViewer resource. Ransomware still uses RSA-1024 encryption algorithm. Current version of STOP Ransomware was developed in Visual Studio 2017. This variation of STOP Ransomware demands $290 ransom for decryption. Malefactors offer 50% discount, if users pay in 72 hours. At the moment, there are no decryption tools availabe for STOP Ransomware.

Puma Ransomware, that started to hit thousands of computers in November, 2018, is, actually, nothing but another variation of STOP Ransomware. Current version appends .puma, .pumax or .pumas extensions to encrypted files, and that is why it has such nickname. Virus uses the same name for ransom note file: !readme.txt. Developers tried to confuse ransomware identification services and users by adding new extensions, but using the same templates, code and other signs unequivocally indicate belonging to a certain family. As we see from the name of the executable: updatewin.exe, it pretends to be a Windows update. Puma (STOP) Ransomware still uses RSA-1024 encryption algorithm. Current version of Puma Ransomware was developed in Visual Studio 2017.

Everbe 2.0 Ransomware is second generation of wide-spread Everbe Ransomware. It is file-encryption virus, that encrypts user files using combination of AES (or DES) and RSA-2048 encryption algorithms and then extorts certain amount in BitCoins for decryption. The initial virus first appeared in March, 2018 and was very active since that time. Security researchers consider, that Everbe 2.0 Ransomware started its distribution on 4th of July 2018. Everbe 2.0 Ransomware authors demand from $300 to $1500 in BTC (BitCoins) for decryption, but offer to decrypt any 3 files for free. It is worth mentioning, that Everbe 2.0 Ransomware works only on Windows 64-bit versions of OS. Currently, there is no decryption tools available for Everbe 2.0 Ransomware, however, we recommend you to try using instructions and tools below.