Monthly Archives: July 2017 - Page 8

Random6 Ransomware, also known as Johnie Ransomware, is an application designed to encrypt files. If your computer is unprotected, then it can enter it by stealth and encrypt many of your files. Its developers will probably want you to purchase a decryption tool that may not come cheap and might not be worth your files. Therefore, you may want to remove it instead. It is a rather simple and primitive ransomware but, nevertheless, effective as it can render your files useless. Therefore, it is paramount that you protect your PC from infections like it. However, if you were unfortunate to get Random6 Ransomware, then you may want to find out more about it. Everything you need to know about it is provided below. Read more »

If your files with .txt, .sql, .cpp, .html, .java, .mdb, and .ruby extensions can no longer be opened and contain a new extension .ipygh, Karo Ransomware is the one that should be blamed for encrypting them, you should know. It is a malicious application, also known as a crypto-threat, which illegally enters users’ PCs and locks some files seeking to extract money from computer users. It encrypts the above-listed extensions not without reason as well. Cyber criminals know well that users consider these files the most valuable, and, consequently, they believe that it might be easier to obtain money from users by locking them. Even though the encryption of files is the major activity this malicious application performs on users’ computers, it is not the only one. For example, research conducted by experts at anti-spyware-101.com has revealed that this ransomware infection connects to the Internet, communicates with its C&C server, checks the version of the OS used, and tries to find out some technical information, for example, how many processors the machine has and whether it uses Virtual Box (a virtual machine). What is more, it downloads TOR on users’ PCs without their permission and, finally, issues several commands, e.g. cmd.exe /c taskkill.exe /f /im sqlwriter.exe to terminate certain processes. Judging from all these activities it performs on those affected PCs, it is a serious malicious application. Fortunately, it does not mean that it is impossible to delete it from the system, so remove it the second you discover this infection on your computer. Read more »

Although Whycry Ransomware is supposed to be a ransomware infection that takes your important files hostage, including your photos, videos, audio files, archives, documents, and even .exe files, you seem to be in the luck this time. As a matter of fact, our malware specialists at anti-spyware-101.com say that this first version of this threat seems to be unfinished and it actually crashes before it could start encrypting your files. This is certainly good news right now but it does not stop the authors of this malicious threat to come out with a new version that actually works. This can happen any time in the near future; and, if that hits you, it is quite likely that you will lose all your files if you do not save a backup to a safe place like cloud storage or a portable drive. Let this infection be a big warning that your PC's protection may not be the most effective. We advise you to remove Whycry Ransomware immediately to make sure that you can recover your system so that you can use your computer as this infection locks your screen. For further details on how this ransomware may sneak onto your system and what it could do, please read our full report. Read more »

ViaCrypt Ransomware is a threat first detected at the end of June, 2017 by malware analysts. It enters computers to encrypt files and then tells users to enter a decryption key to restore them. Unfortunately, it is not so easy to get this key, but it seems that ViaCrypt Ransomware does not act like other ransomware-type infections do. That is, it does not demand money in exchange for the decryption key. Well, at least the version analyzed by specialists at anti-spyware-101.com does not even mention a ransom. To be frank, we cannot guarantee that all the users who encounter ViaCrypt Ransomware will need to go to unlock their files. It seems that there is a version that does not encrypt a single file after the entrance, so you should first check files stored on your PC first before taking action. If you encounter the version that does not lock personal data, all you need to do is to remove the ransomware infection from the system. That is, you do not even need to go to acquire the decryption key. You will find more about the removal of this ransomware infection at the end of this article. Read more »

We are usually dealing with ransomware programs that allow us or should allow us to restore the affected files to some extent. However, Petna Ransomware just tries to pass for a ransomware program, while in fact it is a so-called “wiper” that can successfully wipe out most of your files. Therefore, there is no way to decrypt the affected files, and the only thing you can do about Petna Ransomware is remove it. And even for that, we would recommend contacting professional computer security specialists because by having this infection on your computer you have become a victim of a global malware attack. Read more »

Cyber security experts at Anti-spyware-101.com have recently come across a new ransomware-type computer infection called SkullLocker Screenlocker. Apparently, this application was designed to lock the screen of your PC and, thus, prevent you from using it. While this application has been classified as ransomware, testing has shown that this program does not demand that you send its creators money to unlock your PC’s screen. Hence, it locks your PC for the sake of locking it, and you are left to deal with it somehow on your own. Luckily, this program is very primitive, and you can bypass its lock screen and remove without too much effort. We have a guide on how to get rid of it below, but if you want to find out more about it, please read this whole article. Read more »

Cryptodark Ransomware is a recently detected malicious application. Unlike ransomware infections previously analyzed by researchers working at anti-spyware-101.com, it does not encrypt files at the time of writing; however, despite this finding, it has still been classified as ransomware because it demands money. Have you encountered this threat too? If so, do not send a cent to the cyber criminals’ Bitcoin address despite the fact that a window with a ransom note has covered your Desktop because it can be easily removed and, additionally, it is very likely that none of your files have been locked. What you should do instead is to remove the ransomware infection from your system fully. Before you take action, you need to close the window opened on your screen by Cryptodark Ransomware so that it would be possible to remove all its components. This can be done by right-clicking on the icon of the ransomware infection located on the Taskbar and selecting “Close window.” Also, since this threat does not automatically start with the Windows OS, it should be enough to restart the computer to be able to access Desktop freely. Read more »