Tutorials

Rapid V3 Ransomware (a.k.a Rapid 3.0 Ransomware) is new iteration of notorious Rapid Ransomware. This version uses AES encryption algorithm and can append following extensions to user files: .guesswho, .mouse, .GILLETTE, .no_more_ransom, .nano, .ezymn, .rpd, .[5-random-characters]. Currently, there is no decryptor with confirmed working capacity for Rapid V3 Ransomware. However, using backups, recovery software or other pieces of advice from this page can help you recover encoded files. The virus uses the same template for a ransom note. Some variation create ransom note with name: How Recovery Files.txt. Rapid V3 Ransomware extorts 0,7 BitCoins (BTC) for recovering files from decryption. Users can contact developers using e-mail demonslay335@rape.lol, which is a reference to and mockery of a famous security researcher from Bleeping Computer forum, who has nickname "demonslay335". There is information about the victims from the following countries: USA, Iran, Germany, Japan, Benin, South Korea, Indonesia, Spain, Malaysia, India.

Aurora Ransomware (sometimes called OneKeyLocker Ransomware) is new crypto-virus, that started circulating the web since the end of May, 2018. The virus mostly aims Western countries, however, some versions were spread in Turkey. It uses DES algorithm to encode files and adds .aurora extension, after which it got its name. Since that, malware had multiple updates and modifications. Ransomware now also adds following extenions: .nano, .cryptoid, .peekaboo and .isolated. After encryption ransomware creates different text files (depending on version), containing ransom note with contact information and instructions.

Dharma virus, unlike similar types of ransomware, does not change desktop background, but creates README.txt or Document.txt.[amagnus@india.com].zzzzz files and places them in each folder with compromised files. Text files contain message stating that users have to pay the ransom using Bitcoins and amount is approximately $300-$500 depending on ransomware version. The private decryption key is stored on a remote server, and there currently impossible to break the encryption of the latest version.

Dharma-Html Ransomware is one of the types of encryption viruses based on the code of the family of Crysis-Dharma-Cezar ransomware. Version, that is under review today has certain differences. It adds .html extension to encrypted files and uses other e-mail addresses for communication. Dharma-Html Ransomware, as well as other latest Dharma variations, doesn't have decryptor, that can automatically decrypt encoded data. However, using instructions below can help you recover some files. Dharma-Html Ransomware creates suffix, that consists of several parts: prefix "id-", identification number (alphanumeric and unique for each computer), developer's e-mail address and .html extension. The pattern of the filename after encryption looks like this: file called 1.doc will be converted to 1.doc.id-{8-digit-id}.[{email-address}].html.

Jamper Ransomware is a nasty file-encryption virus, that uses AES algorithm to encrypt your files and extorts a ransom of 1 to 3 BTC (Bitcoins). This malware is the successor of VegaLocker (Vega Ransomware) and predecessor of Buran Ransomware. Jamper Ransomware, depending on the version, may add .jamper, .jumper or .SONIC extensions to files it affects. After ransomware activity, your files become inaccessible and unreadable. Malware creates ransom note file called ---README---.TXT after it finishes. Jamper Ransomware removes shadow copies of files (VSS), disables recovery features of Windows, which makes it difficult to recover encrypted files.

Dharma-Good Ransomware is typical representative of encryption viruses from Crysis-Dharma-Cezar ransomware family. This sample appends .good extension to affected files. Dharma-Good Ransomware adds complex extension, that consists of unique id, developer's e-mail and .good suffix. As a result, file named 1.doc will be converted to 1.doc.id-{8-digit-id}.[{email-address}].good. Dharma-Good Ransomware developers can extort from $500 to $15000 ransom in BTC (BitCoins) for decryption. Usually, it is quite big amount of money, because hackers pay the commission to Dharma Ransomware as Service (RaaS) owners. Using cryptocurrency makes it impossible to track the payee. Besides, victims of such viruses often get scammed, and malefactors don't send any keys even after paying the ransom. We do not recommend to pay any money to malefactors. Usually, after some period of time security specialists from antivirus companies or individual researchers break the algorithms and release decryption keys. Mention, that some files can be restored by using backups, shadow copies, previous versions of files or file-recovery software.

Dharma-MERS Ransomware is another iteration of extremely dangerous Crysis-Dharma-Cezar ransomware family, that, in this case, adds .MERS extension to the end of the files it encrypts. Virus, actually, composes suffix using several parts: e-mail address, unique 8-digit identification number (randomly generated) and .MERS extension. So, finally, encoded files will receive following complex suffix - .id-{8-digit-id}.[{email-address}].MERS. As a rule, Dharma-type Ransomware extorts for $500 to $1500 ransom, that can be paid in Monero, Dash or BTC (BitCoins), and in return they promise to send decryption key. Using cryptocurrency makes it impossible to track the payee. We do not recommend to pay any money to malefactors. Usually, after some period of time security specialists from antivirus companies or individual researchers break the algorithms and release decryption keys. Mention, that some files can be restored by using backups, shadow copies, previous versions of files or file-recovery software.