How to remove Hermes (2.0 – 2.1) Ransomware and decrypt .hrm files
Hermes Ransomware wide-spread family of crypto-viruses. There have been 2 major updates of initial ransomware - Hermes 2.0 Ransomware and Hermes 2.1 Ransomware. All variants use AES-256 encryption algorithm combined with RSA-2048. First version did not add any extensions and modified only content of the files by adding HERMES file-marker. Last version started to append .hrm suffix, but then just encrypted files without filename modification. After encryption, ransomware creates text files DECRYPT_INFO.txt and DECRYPT_INFORMATION.html, that contains message with instructions to pay the ransom and contact details. You can see the contents of this files below in the next paragraph.
How to remove WhiteRose Ransomware and decrypt .WHITEROSE files
WhiteRose Ransomware is dangerous encryption virus from InfiniteTear family. It uses AES algorithm to encode user files. After this it appends complex suffix _ENCRYPTED_BY.WHITEROSE, and modifies the filename to random set of letter and numbers. Then, ransomware creates text file HOW-TO-RECOVERY-FILES.TXT, containing ransom-demanding message with contact information and instructions. Usually, viruses of this type ask for $500 - $1000 in BitCoins. To reсover data, users must contact WhiteRose's developers via Tox chat.
How to remove Rapid (2.0) Ransomware and decrypt .rapid or .paymeme files
Rapid Ransomware is nasty virus, that encrypts user files using AES encryption algorithm and demands ransom for decryption. All affected files get .rapid extension, in some versions .paymeme suffix is added. Rapid 2.0 Ransomware appends extensions, that contains 5 random letters in uppercase. Extension is unique for every PC. Unlike other similar ransomware threats, it does not do one time encryption, but continues to encode every new file on victims computer, whether it was just created or copied. Amount of ransom varies from $500 to $1500 and have to be paid in BitCoins. Using BitCoin payments and TOR websites, makes it difficult to find location of malefactors.
How to remove CryptXXX Ransomware and decrypt .crypt, .cryp1 or .crypz files
CryptXXX is ransomware crypto-virus. It encrypts user personal data with AES CBC 256-bit algorithm and asks for RSA-4096 key. Actually, CryptXXX Ransomware also steals bitcoins stored on the computer if there are any. Virus modifies names and extension of all encrypted files to .crypt, .cryp1 or .crypz, changes desktop wallpaper using de_crypt_readme.bmp (image with black background and white text), creates text file with instructions to pay the ransom (de_crypt_readme.txt), and html file with the same instructions (de_crypt_readme.html). Ransom is about 1.2 BitCoins or $400. CryptXXX Ransomware attacks data on local drives and attached storage devices.
How to remove GandCrab2 Ransomware and decrypt .CRAB files
GandCrab2 Ransomware is a virus, that uses AES (CBC-mode) algorithm to encrypt user files. During the process ransomware adds .CRAB extension to encrypted files. Following successful encryption, GandCrab2 creates CRAB-DECRYPT.txt file. Unfortunately, due to using TOR payment pages, NameCoin servers and cryptocurrency, there is no way to track the hackers, unless they make a mistake. Decryption key of previous version of GandCrab became public due to data leakage from their servers. GandCrab2 Ransomware asks 0.5 - 0.8 Dash (cryptocurrency) , which is less then before, however it still can estimate from several hundreds to more than thousand dollars.
How to remove Arrow Ransomware and decrypt .arrow files
Arrow Ransomware is new file encryption virus from Dharma/Crysis Ransomware family. Malware uses AES encryption. Unlike previous versions, it appends .arrow extension to all encrypted files. Arrow Ransomware encodes almost all types of files that can be important to users, including documents, images, videos, databases, archives. Arrow Ransomware demands from $1000 to $2000 in BitCoins for the decryption key, that they actually rarely send out. Currently, decryption is not possible, however, you can decrypt your files from backups or trying file recovery software. There is also a slight possibility, that you will decrypt your files using tips and tricks described in this article.
How to remove GandCrab Ransomware and decrypt .GDCB files
GandCrab Ransomware is file encrypting virus, that uses AES-256 (CBC-mode) encryption algorithm to encode user files. It affects documents, media files, databases - the most important data for users. During encryption process ransomware appends .GDCB extension to encrypted files. After it finishes GDCB-DECRYPT.txt is created. GandCrab Ransomware targets 64-bit systems in Western Europe and South Korea. Its developers demand 1.5 - 2 Dash (cryptocurrency) which estimates in more than $1100. GandCrab checks the system for the presence of .exe files of antiviruses from the popular vendors, and won't run on the computers with such security software or will attempt to disable it.
How to remove Cloudnet virus
Cloudnet (Cloudnet.exe) is malicious application from EpicNet Inc. Security specialists categorize this program as adware or potentially unwanted application (PUA). It implements scripts in browser pages to display pop-ups, banners and other types of advertising in Google Chrome, Mozilla Firefox and Internet Explorer.
