How to remove STOP Ransomware and decrypt .PAUSA, .CONTACTUS, .DATASTOP or .STOPDATA files
Updated version of STOP Ransomware ransomware appends .PAUSA, .CONTACTUS, .DATASTOP or .STOPDATA suffixes to encrypted files. Virus still uses RSA-1024 encryption algorithm. All versions, except .STOPDATA, demand $600 ransom in BTC (BitCoin cryptocurrency), last one offers decryption for $200. Still malefactors offer to decrypt from 1 to 3 files for free to prove, that decryption is possible. This can be used to attempt decoding in future. At the moment, unfortunately, the only way to restore your files is from backups.
How to remove Dharma-Arena Ransomware and decrypt .arena files
Dharma-Arena Ransomware belongs to CrySis family, previous wide-spread ransomware of this type was Dharma Ransomware, that we described on this blog. Dharma-Arena Ransomware was detected by security researches first time in August 2017. Since then, it had numerous updates. Different versions of Dharma-Arena Ransomware demand different ransom amounts. It varies from 0,20 to 0,73 BitCoins, which is near $5000. Security experts do not recommend to pay developers of ransomware, as this encourages them to create new variations and does not guarantee decryption of your files. Actually, most times malefactors don't send decryption keys. Latest versions of Dharma-Arena Ransomware are not decryptable, however there is a chance to restore files affected by older versions.
How to remove Bip Ransomware and decrypt .bip files
Bip Ransomware is another successor of Dharma/Crysis Ransomware family. New variation adds complex suffix, that ends with .bip extension, to all affected files. Bip Ransomware encrypts almost all types of files, that can be valuable to users, such as documents, images, videos, databases, archives, project files, etc. It is currently unknown, what type of encryption algorithm Bip Ransomware uses, but probably it is AES. Bip Ransomware usually demands from $1000 to $2000 in BitCoins for the decryption key. However, often hackers don't send any keys and it is not recommended to pay the ransom. As for today, the 5-th of May 2018, decryption is not possible, however, you can attempt to decrypt your files from backups or trying file recovery software.
How to remove GandCrab V3 Ransomware and decrypt .CRAB files
GandCrab V3 Ransomware is another generation of high-risk GandCrab virus, that uses AES-256 (CBC-mode) + RSA-2048 encryption algorithms. This version also appends .CRAB extensions to all encrypted files. GandCrab V3 creates similar CRAB-DECRYPT.txt file with changed ransom note. Unlike previous versions GandCrab V3 Ransomware uses carder.bit as a server and Psi-Plus Jabber for communication. It also modifies desktop background with unpleasant inscription. Ransomware restarts the computer after encryption is finished, and creates autorun key in the registry to run on Windows startup and attack newly created files. Ransom amount is ~$1000 and can be paid in Dash or BitCoin. Virus creates counter and deadline after which ransom amount can double.
How to remove Scarab Ransomware and decrypt .oblivion, .xtbl or .amnesia files
Scarab Ransomware is a large family of international file-encrypting virus-extortionist. It has multiple versions and languages and attacks computers all over the world. Scarab Ransomware has typical malicious activity: it encrypts user files using AES encryption and demans ransom for decryption. Latest versions of this malware add .oblivion, .xtbl, .decrypts@airmail.cc or .amnesia extensions and modify filenames using randomly-generated alphanumeric sequence.
How to remove Hermes (2.0 – 2.1) Ransomware and decrypt .hrm files
Hermes Ransomware wide-spread family of crypto-viruses. There have been 2 major updates of initial ransomware - Hermes 2.0 Ransomware and Hermes 2.1 Ransomware. All variants use AES-256 encryption algorithm combined with RSA-2048. First version did not add any extensions and modified only content of the files by adding HERMES file-marker. Last version started to append .hrm suffix, but then just encrypted files without filename modification. After encryption, ransomware creates text files DECRYPT_INFO.txt and DECRYPT_INFORMATION.html, that contains message with instructions to pay the ransom and contact details. You can see the contents of this files below in the next paragraph.
How to remove CryptXXX Ransomware and decrypt .crypt, .cryp1 or .crypz files
CryptXXX is ransomware crypto-virus. It encrypts user personal data with AES CBC 256-bit algorithm and asks for RSA-4096 key. Actually, CryptXXX Ransomware also steals bitcoins stored on the computer if there are any. Virus modifies names and extension of all encrypted files to .crypt, .cryp1 or .crypz, changes desktop wallpaper using de_crypt_readme.bmp (image with black background and white text), creates text file with instructions to pay the ransom (de_crypt_readme.txt), and html file with the same instructions (de_crypt_readme.html). Ransom is about 1.2 BitCoins or $400. CryptXXX Ransomware attacks data on local drives and attached storage devices.
How to remove GandCrab2 Ransomware and decrypt .CRAB files
GandCrab2 Ransomware is a virus, that uses AES (CBC-mode) algorithm to encrypt user files. During the process ransomware adds .CRAB extension to encrypted files. Following successful encryption, GandCrab2 creates CRAB-DECRYPT.txt file. Unfortunately, due to using TOR payment pages, NameCoin servers and cryptocurrency, there is no way to track the hackers, unless they make a mistake. Decryption key of previous version of GandCrab became public due to data leakage from their servers. GandCrab2 Ransomware asks 0.5 - 0.8 Dash (cryptocurrency) , which is less then before, however it still can estimate from several hundreds to more than thousand dollars.