Ahihi Ransomware might be inactive for now, but it does not mean you cannot encounter it anymore. The malicious program should encrypt various documents found on the infected computer and then show a ransom note. At the time the malware was active, its note claimed the user can decrypt his files if he only writes to the threat’s developers. However, after some time the infection lost connection to its server and it became impossible to decrypt any files affected by it. If you continue reading our report, we will explain why the hackers might be unable to decrypt your data anymore, which is why we do not advise writing to them. What our researchers at Anti-spyware-101.com recommend is erasing Ahihi Ransomware from the computer with the instructions available below or a legitimate antimalware tool of your choice. Also, users who have more questions about the threat can leave us their messages at the end of the article. Read more »
Monthly Archives: February 2019 - Page 4
Blackware Ransomware
A message saying “Attention user! Your computer has been locked by Blackware Ransomware Version 1.0,” can only mean you have encountered a threat called Blackware Ransomware. It locks the user’s screen and shows a warning that besides the already mentioned statement claims the user has to pay 0.057 Us dollars to regain his valuable data. Such a sum is extremely tiny compared to prices usually asked by cybercriminals, and the account for transferring the money appears to be fake. Therefore, we believe this malware might be still in development. If you continue reading our article, we will tell you more about it, including where it could come from and how it works. Also, users who wish to erase Blackware Ransomware manually can find manual deletion instructions prepared by our specialists at the end of this text. Read more »
Project57 Ransomware
Project57 Ransomware is a rather unusual ransomware application since it is compiled while using a tool known as Php2Exe, which is why it can work only with the help of a specific .dll file that it creates right after entering the system. Another thing we find odd about it is it displays a ransom note providing a Bitcoin wallet address for transferring the money, but the message says the user should pay zero Bitcoins. It is difficult to say whether this is a mistake or intentional, as the malware could be still in development mode. In any case, what we recommend for users who encounter it is to restore the files encrypted by the malware with backup copies. Of course, it would be safest to remove Project57 Ransomware first, which is why at the end of the text you will instructions explaining how to get rid of it manually. Read more »
DataWait Ransomware
Your files are in grave danger if DataWait Ransomware has encrypted them. The infection uses an algorithm that cannot be cracked that easily. Using this algorithm, the data of the files is changed, and the files become unreadable. Additionally, the “.DATAWAIT” extension is added to the original names, and that is how you might identify the corrupted files. Otherwise, you can try to open them, but you will see that that is not possible. Unfortunately, once files are encrypted, they might be unrecoverable. In the best case scenario, all of your personal files are backed up, and you can easily replace the corrupted files with backup copies after deleting DataWait Ransomware. If you want to review your backups, do NOT do that using the infected machine. Remove the threat first and then connect to other devices or cloud accounts. What about the private key that, allegedly, should restore your files? Do not pay for it, or you will lose your files and your money. Read more »