Author Archives: Lisa Blanc - Page 88

The devious Azer Ransomware slithers in without your notice and immediately initiates the encryption of your personal files. Have you noticed that many of your files have been removed and replaced with suspicious files with random names? In reality, your personal files were not eliminated, and they were only encrypted. The names are changed so that you would have a harder time understanding which files were corrupted, but, of course, you should be able to figure things out. Another thing that the threat does is that it appends the “-email-[webmafia@asia.com].AZER” extension to all encrypted photos, documents, and other files. Needless to say, the name of the ransomware derives from this extension. As you can see it also includes an email address, and we discuss that further in the report. The infection, as you must know already, was created to make money, and it can do that by pushing their victims into paying ransoms in return of file-decryption. The thing is, a decryptor is unlikely to be given. Whatever happens, you must delete Azer Ransomware, and the tips in this report should help you. Read more »

Has Unikey Ransomware invaded your operating system and corrupted your personal files? It is unlikely that it has because this infection is not currently spread in the wild. The sample our Anti-spyware-101.com researchers got their hands on is not fully functional, and even though it can encrypt files, it does so in one specific folder only, %USERPROFILE%\Desktop\test. This is also where the ransom note file is found, and that makes no sense. Furthermore, the ransom note is useless as it does not provide the victim with any useful information. That being said, it is possible that the developer of this strange infection will make it much more powerful, and that could happen very fast. If that does not happen, it is likely that the creator of the ransomware will use the knowledge gained to create more powerful threats. If that happens, we will inform you about it as soon as possible. For now, all we can do is discuss the potential of this malicious ransomware, ways to prevent its infiltration, and, of course, how to delete Unikey Ransomware in case it attacks. Read more »

If you find out the Gansta Ransomware has attacked your computer, you should not start panicking because this version seems to be an innocent and semi-working sample of a ransomware program. Our malware researchers at anti-spyware-101.com say that this ransomware may still be under development but it is also possible that its server has been shut down because it fails to encrypt your files. But this is not the only strange thing about this malware because we have seen lately a couple of ransomware infections that did not actually encrypt anything even though they claimed so. This vicious-wanna-be program does not even ask for a ransom fee. The authors claim that you can get the decryption key for free; not that you need it anyway. Of course, we have to mention that this may easily change soon and a working copy may hit the web or the server could be switched back on. So you should not really take even this threat too lightly. In fact, we advise you to take action and remove Gansta Ransomware from your system right away. Please read on to find out how you can prevent similar infections from happening. Read more »

Random6 Ransomware, also known as Johnie Ransomware, is an application designed to encrypt files. If your computer is unprotected, then it can enter it by stealth and encrypt many of your files. Its developers will probably want you to purchase a decryption tool that may not come cheap and might not be worth your files. Therefore, you may want to remove it instead. It is a rather simple and primitive ransomware but, nevertheless, effective as it can render your files useless. Therefore, it is paramount that you protect your PC from infections like it. However, if you were unfortunate to get Random6 Ransomware, then you may want to find out more about it. Everything you need to know about it is provided below. Read more »

If your files with .txt, .sql, .cpp, .html, .java, .mdb, and .ruby extensions can no longer be opened and contain a new extension .ipygh, Karo Ransomware is the one that should be blamed for encrypting them, you should know. It is a malicious application, also known as a crypto-threat, which illegally enters users’ PCs and locks some files seeking to extract money from computer users. It encrypts the above-listed extensions not without reason as well. Cyber criminals know well that users consider these files the most valuable, and, consequently, they believe that it might be easier to obtain money from users by locking them. Even though the encryption of files is the major activity this malicious application performs on users’ computers, it is not the only one. For example, research conducted by experts at anti-spyware-101.com has revealed that this ransomware infection connects to the Internet, communicates with its C&C server, checks the version of the OS used, and tries to find out some technical information, for example, how many processors the machine has and whether it uses Virtual Box (a virtual machine). What is more, it downloads TOR on users’ PCs without their permission and, finally, issues several commands, e.g. cmd.exe /c taskkill.exe /f /im sqlwriter.exe to terminate certain processes. Judging from all these activities it performs on those affected PCs, it is a serious malicious application. Fortunately, it does not mean that it is impossible to delete it from the system, so remove it the second you discover this infection on your computer. Read more »