Author Archives: Max Lehmann - Page 25

No doubt Scarab-Apple Ransomware belongs to the Scarab Ransomware family. Same as other threats from it, the malware encrypts user’s files and shows a note with instructions on how to receive a decryptor. This version has its own extension called .apple, which means data that get affected should be marked with it, for example, picture.jpg.apple. It is true the decryption tool the hackers may have should be able to unlock enciphered files, but there are no guarantees they will deliver it even if you meet all of their demands. In other words, paying the ransom could leave you not only with encrypted data but also with a lighter wallet. Therefore, we do not recommend contacting the malicious application’s developers if you do not want to take any risks. To clean the system and stop it from showing the threat’s ransom note after each restart, we advise deleting Scarab-Apple Ransomware with the instructions available below or your chosen antimalware tool. Read more »

FilesLocker Ransomware is a threat that enciphers files and places .[fileslocker@pm.me] extension at the end of each damaged file’s title. Unfortunately, even if you remove the extensions, the data will still be unreadable. The safest way to restore it is to replace locked files with backup copies. It is true, the hackers behind the malware offer their decryption tools in exchange for a payment, but needless to say, you cannot be sure they will keep up to their promises. Because of this, we advise not to take any chances and get rid of FilesLocker Ransomware. If you think it is the best course of action too, we encourage you to erase the malicious program with the instructions located at the end of the article or a legitimate antimalware tool of your choice. Read more »

QP Ransomware is one of those threats that can create a big old mess. This infection is programmed to encrypt files, after which, they become unreadable. That is the main goal of this infection. Afterward, attackers can demand a hefty ransom payment in return for a decryptor that, allegedly, can help. Even if this decryptor exists – and we cannot know for sure – there is little to no chance of you receiving it. That is something our Anti-Spyware-101.com research team would like every Windows user to know and understand. Just because someone you do not know is promising you something that you need does not mean that their intentions are good or that their promises are truthful. We suggest that you pay no attention to the ransom demands and, instead, remove QP Ransomware. But what about the files? We are sure that you value them very much, but if backups do not exist, and you do not find a way to decrypt them, you are likely to lose them. If fact, you have lost them already, and the only thing left for you to do is to delete the infection that attacked you. Read more »

Sometimes when we get infected with malware, there isn’t much we can do about it. For example, Unit09 Ransomware is a malicious infection that looks like it wants you to pay a ransom fee in order to restore your files, but the program cannot do that because it is essentially a wiper. It means that it destroys your files, and you basically need to start anew.

Before you do that, however, please make sure that you remove Unit09 Ransomware from your system. If you need any assistance with that, do not hesitate to invest in a legitimate antispyware tool. Read more »

Project57 Ransomware is a rather unusual ransomware application since it is compiled while using a tool known as Php2Exe, which is why it can work only with the help of a specific .dll file that it creates right after entering the system. Another thing we find odd about it is it displays a ransom note providing a Bitcoin wallet address for transferring the money, but the message says the user should pay zero Bitcoins. It is difficult to say whether this is a mistake or intentional, as the malware could be still in development mode. In any case, what we recommend for users who encounter it is to restore the files encrypted by the malware with backup copies. Of course, it would be safest to remove Project57 Ransomware first, which is why at the end of the text you will instructions explaining how to get rid of it manually. Read more »

Do not leave your Windows operating system vulnerable to the malicious InducVirus Ransomware, also known as Delphi Ransomware. This dangerous infection relies on unprotected systems with security backdoors, and when it invades, the victim is not alarmed at all. The encryption process is silent, and the infection is capable of encrypting files in the %USERPROFILE% directory without any notice. Once they are encrypted, the “.FilGZmsp” extension is added to the names, which should help you see which files were corrupted faster. If you are prepared, your personal files are backed up, and there is nothing you need to worry about. Delete InducVirus Ransomware and then use your backups to access files. If files are not backed up, you might be thinking about contacting cyber criminals – something we discuss in this report – but that is dangerous. In any case, whatever moves you make, you must remove the infection, and the information Anti-Spyware-101.com research team provides will help you with the process. Read more »

Did CuteRansom Ransomware attack your operating system? If it did, your personal files must be encrypted and renamed, and you must have been introduced to a message indicating that files were corrupted using YuAlock. This is an alternative name, but both are equally as valid. This malware works like your regular file-encryptor (e.g., XARCryptor Ransomware or BooM Ransomware), but it is not a cookie-cutter. At the time of research, this infection did not ask for a payment in return for a decryption key or program. In fact, the message created by the treat asked to send an email. This is bizarre, and, unfortunately, it is unlikely that anything can be done to decrypt files. Once they are corrupted, they are practically lost. The situation is not so hopeless if your files are backed up. If they are, you need to delete CuteRansom Ransomware and then figure out how to ensure that this threat – or any other – invades your operating system in the future. Read more »

Anti-Spyware-101.com research team is warning about Filefuck Trojan. It is not clear if this malicious threat is actively spreading across the web, but we know for a fact that this threat exists. Our team has managed to obtain a sample and test it in our internal lab. The findings are pretty interesting. First of all, it was found that the Trojan was built using the infamous Hidden Tear source code, the same one that has been used by the creators of SnowPicnic Ransomware, EnybenyCrypt Ransomware, SymmyWare Ransomware, and a bunch of other file-encrypting threats. The strange thing is, however, that this Trojan does NOT encrypt files and it does NOT demand a ransom. Instead, it removes files completely, and then it simply informs the victims that they are screwed. Was this malware created as a joke? Was it created to educate victims in a cruel way? Whatever the case it, the outcome is not good because the files cannot be recovered. If the infection attacks, the only thing you might be able to do is to delete Filefuck Trojan. Read more »