How to remove CryptON Ransomware and recover ._crypt files

5/5 (2)

What is CryptON Ransomware?

CryptON is an infamous virus that extorts money from users in exchange for their personal data. The point is, immediately after penetration, it starts to encrypt all sensitive files on victim’s computer using AES-256 complicated algorythm. In the process of encryption, all files get ._crypt extension, for example, file “mydoc.doc” will turn into “mydoc.doc._crypt files”. We also want to note that in some cases the extension might be different. At the time of writing the article, there are known following cases:
.id-_locked.id-_locked_by_krec.id-_locked_by_perfect.id-_x3m.id-_r9oj.id-_garryweber@protonmail.ch.id-_steaveiwalker@india.com_.id-_julia.crown@india.com_.id-_tom.cruz@india.com_.id-_CarlosBoltehero@india.com_.id-_maria.lopez1@india.com_ read more

How to remove Horsia Ransomware and recover .horsia@airmail.cc files

5/5 (2)

Horsia is a cryptovirus that belongs to the group of Scarab Ransomware family. After infiltration, it starts to encrypt all sensitive files on victim’s computer and then demands a ransom. All found files are encrypted with AES-256 cipher getting .horsia@airmail.cc extension. For example, “mydoc.doc” will turn into “mydoc.doc.horsia@airmail.cc”. At the end of encryption procedure, the virus creates TXT file (“HOW TO RECOVER ENCRYPTED FILES.TXT”) placing it in each folder as well as replaces your desktop wallpaper with a new one.

How to remove HPE iLO Ransomware and recover your files

5/5 (2)

HPE iLO is a new ransomware-type virus that encrypts data on server systems HPE iLO 4. Notably, the distribution method is very different from many similar viruses. To get into victims’ computers, cybercriminals exploit remote control system (HPE Integrated Lights-Out). After this, they mount malicious ISO image into computers, by opening which, the encryption process is activated.

How to remove STOP Ransomware and recover .STOP, .SUSPENDED, .WAITING files

5/5 (2)

STOP is the name of the virus that encodes files on the infected computer thus making them unavailable for users. Combination of AES and RSA-1024 encryption algorithms are used for this purpose. During encryption, it appends STOP (or .SUSPENDED, .WAITING) extension to all infected files and creates TXT file (!!!YourDataRestore!!!.txt) that contains ransom-demanding message.

How to remove Spartacus Ransomware and recover .Spartacus files

5/5 (2)

Spartacus is a cryptovirus that demands a ransom in exchange for your files. The malware spreads mostly via spam emails with attached SF.exe file and if you accidentally launch executable file, virus will start to infect your system. It scans your system to find more sensitive files like documents, photos, videos and so on. All sensitive files is encoded and gets .Spartacus or [MastersRecovery@protonmail.com].Spartacus extension, for instance, “mydoc.doc” will turn into “mydoc.doc.Spartacus”.

How to remove Tron Ransomware and recover .tron files

5/5 (2)

Tron is a virus that instantly encrypts files once it gets on victim’s computer. Notably, the malware only targets computers outside Russia, suggesting that Tron is yet another offspring of Russian hackers. During the encryption procedure, each infected file gets .tron extension, for instance, “mydoc.doc” will turn into “mydoc.doc.tron”. Then, it displays a lock screen containing information about the amount of ransom.

How to remove Java NotDharma Ransomware and recover .java files

5/5 (2)

Java NotDharma is a cryptovirus, the activity of which took place at the mid-April 2018. The malware got its name due to the similarity to infamous Dharma Ransomware, incidentally, many computer experts initially thought it’s just a new version of Dharma, however, this was not confirmed later. While encrypting, virus adds .java extension to all infected files. For example, “mydoc.doc” will turn into “mydoc.doc.java”.

How to remove Iron Unlocker Ransomware and decrypt .encry files

5/5 (4)

Iron Unlocker Ransomware is a modified version of infamous Maktub ransomware that, like a previous one, makes files on victim’s computer unavailable. While encrypting, virus adds .encry extension to all infected files. For example, “mydoc.doc” will turn into “mydoc.doc.encry”. To get files back, a user is offered to pay ransom as described in the ransom note (!HELP_YOUR_FILES.HTML) which a virus creates upon completion.

How to remove Dont_Worry Ransomware and decrypt files

5/5 (3)

Dont_Worry is a new cryptovirus aimed at Russian-speaking users, however, that does not prevent it to spread around the world. Once infiltrated, Dont_Worry encodes all personal files and at the same time adds a new extension in accordance with “.[email_ransom]-[random_ID{16}]” pattern. Next, it places ransom note Dont_Worry.txt in each folder with the encrypted file.