Author Archives: Lisa Blanc - Page 20

Anti-Spyware-101.com research team is warning Windows users about a new threat called Pponce.lorena@aol.com Ransomware that comes from the GlobeImposter Ransomware family. This version of the well-known infection adds the “.[ponce.lorena@aol.com]” extension to the files that are corrupted by it, and so if you have discovered corrupted files with this extension, we suggest that you read this report. Hopefully, you will be able to recover your files, but that is unlikely to happen if you choose to follow the lead of the cybercriminals who control this malware. Since this threat is part of a larger family of malware, a free decryptor already exists. We cannot guarantee that the GlobeImposter Decryptor will be able to restore all files corrupted by the threat, but this might be the best option you have. Alternatively, you might be able to use backups to replace the corrupted files, but all of this should be done after deleting Pponce.lorena@aol.com Ransomware. Do you want to learn more about the removal of this malware? Continue reading if you do. Read more »

You do not need to guess whether or not GlobeImposter Ransomware (.Horriblemorning variation) has invaded your operating system. All you need to do is look at your files and see if “.Horriblemorning” has been attached to their names. If this extension is added, the malicious ransomware has encrypted your personal files, and you need to take immediate action. Sadly, files cannot be restored by removing the threat, but there are solutions that might help you with that. For one, the GlobeImposter Decryptor created by malware experts might assist in some cases. Alternatively, some victims might be able to replace the corrupted files using copies stored online, on external drives, or other secure locations. Of course, before any replacements can be made, it is necessary to delete GlobeImposter Ransomware (.Horriblemorning variation). Whether you identify it as GlobeImposter Ransomware or Horriblemorning Ransomware, you need to figure out a way to get rid of this malware ASAP. Read more »

MZP Ransomware is a sneaky threat that might appear on a system after opening a suspicious file received or downloaded from the Internet. It can encrypt various documents and picture formats. As a result, its affected files should become locked. While such data can be unlocked, the tools needed for this task might be impossible to get. We explain this as well as other things related to this malicious application further in this article. Thus, if you wish to learn more, we invite you to read our full text. Also, have in mind that should you choose to erase MZP Ransomware manually, you could use our removal instructions placed at the end of this article. There is a comments section too that we encourage you to use if you have any questions about this malware. Read more »

Gesd Ransomware is a dangerous program that will surely slither into your system behind your back. Since it is a ransomware program, we know already what it wants from you – money. You should do your best to resist its threats and remove Gesd Ransomware from your computer as soon as possible. Although there are the manual removal instructions below this description, you should seriously consider scanning your computer with a licensed antispyware tool that would help you delete all the malicious programs automatically. Consequently, you would also protect your computer from other similar threats. Read more »

MarioLocker Ransomware is an infection that might have been abandoned by its creator already. That is what we have to think about because one of the most important files that belong to this malware can no longer be downloaded onto the infected systems. Perhaps this is just a temporary glitch, and perhaps the file will become downloadable again. If that happens, the Anti-Spyware-101.com research team will report back to you as soon as possible. For now, it looks like we are dealing with something that might be obsolete already. That being said, it is always possible that the threat could be spread even if parts of it are dysfunctional. In most cases, ransomware is spread using spam emails or bundled downloaders, and you could always open spam emails much later on, and bundled downloaders could float around with dysfunctional malware for a long time. Whatever the case, whether or not your files were encrypted, you need to remove MarioLocker Ransomware if it got in. Continue reading, and you will learn how to delete this threat. Read more »

Odveta Ransomware locks personal victims’ files and marks them with the .odveta extension. Such data can only be opened if it is decrypted first. Unfortunately, the malicious application’s developers do not provide decryption tools free of charge. In exchange, they should ask to receive a particular sum in Bitcoins. The malware’s ransom note does not say how much cybercriminals wish to get, but whatever the sum could be, we advise thinking carefully before deciding if you should pay it or not. There is always a risk that hackers may not hold on to their end of the deal. Before you choose anything, we advise getting to know this malware better by reading our full article. Also, if you decide you want to remove Odveta Ransomware manually, we recommend checking the deletion steps available below this text. Read more »

Afrodita Ransomware is a rather obscure ransomware infection that enters target computers to extort money from their victims. Getting infected by a ransomware can be a devastating experience because not all programs have public decryption tools. Therefore, the best remedy against a ransomware infection is a file back-up. You need to regularly make copies of your data and then back it on either on an external hard drive or a cloud drive.

As for Afrodita Ransomware, this program deletes itself once the file encryption is complete, but there are some leftover files you need to terminate. For that, please scroll to the bottom of this description for manual removal guidelines. Read more »

New file-encrypting threats keep emerging, and TurkStatik Ransomware is one of them. This infection was created with Turkish-speaking Windows users in mind because the message that the attackers introduce to their victims is in Turkish. Does that mean that the infection is likely to be spread via Turkish websites? That is a possibility, but it is most likely that it would be sent via email or by exploiting the existing system or software vulnerabilities. Without a doubt, whenever you are warned that the email you received is spam, you want to be very careful with it. If you can immediately tell that it was sent to you by someone you do not know, you should remove this message without hesitation. However, note that cybercriminals might hijack legitimate accounts to spread malware too. You also want to install all updates in time. Hopefully, you can still protect yourself against the dangerous infection, but if you need to delete TurkStatik Ransomware from your operating system, you should not hesitate to do it as soon as possible. The most important thing is that you do not pay attention to the attackers’ demands. Read more »

The invasion of DeathRansom Ransomware might lead to the pseudo death of your personal files. This threat is capable of employing a unique algorithm to encrypt personal files, after which they are no longer readable. Although the creator of the infection does not seem to care about the files that are encrypted – in a sense that they do not read them or try to leak them online – they take the files hostage. After encryption, demands for a ransom payment are introduced to the victims, and it is claimed that victims can recover their files only if the ransom is paid. Unfortunately, there is no proof that files would be decrypted if the ransom was paid, and so Anti-Spyware-101.com researchers do not advise paying the ransom. If you did the opposite, it is likely that your files would go to waste. If you are ready to delete DeathRansom Ransomware from your operating system, check out the last section of the report that discusses the removal of this threat. If you want to learn more, continue reading. Read more »