Author Archives: Sarah Stewart - Page 36

If your files became unrecognizable and they now have a .tron extension at the end, you most likely came across a malicious program known as Autotron Ransomware. The threat is capable of locking different file types with a secure cryptosystem. Unfortunately, the only way to restore such data is with a decryption tool and a unique decryption key. The bad news is that if there is anyone who has a decryptor, it is the malware’s developers, and according to the ransom note they leave behind they want money in return for providing it. Sadly, even if they claim they will not trick you and will deliver the tool as promised, in the end, there are no reassurances they will hold on to their end of the deal. Knowing this we would advise against paying a ransom; no matter how important your data might be. For more details about Autotron Ransomware we invite you to read our report, and if you decide it would be best to get rid of it, you could use the deletion instructions located at the end of this page. Read more »

Assembly Ransomware is a new danger that can threaten your files. Although this ransomware program may have been written by a noob based on the code, it can still encrypt all your important files and demand a rather high ransom note for the decryption. Our malware experts at anti-spyware-101.com say that this badly written malware infection is actually built on the well-known Hidden Tear Ransomware, which is an open-source infection originally used for educational purposes only. However, rookies as well as pro hackers started to use this open-source code for creating their own versions of a ransomware threat and this is how dozens of new variants have seen the light of day, such as Cyberresearcher Ransomware and Horros Ransomware. But even if this particular ransomware is not the most professional job we have ever seen, you need to take it seriously since there is a chance that you may lose all your important files. Hopefully, though, you have a recently saved backup on a removable hard disk or in cloud because you may not be able to decrypt all your files using a general Hidden Tear decryptor. All in all, we advise you to act immediately and remove Assembly Ransomware from your computer. Read more »

When a program is called Blackheart Ransomware, it is probably clear that you cannot expect anything good from it. As you can probably tell, this program is part of the ongoing ransomware epidemic, and it comes forth to profit from your demise. In a sense, the damage of this infection might be smaller if it were to affect individual user’s computers. However, we have seen that over the last year, ransomware usually targets small business. And that is the main reason computer security experts maintain that everyone should keep a backup of their data. Because removing Blackheart Ransomware would not get your files back. Read more »

Iron Ransomware is a dangerous malware infection that you need to take seriously since it can cause the loss of all your important files. This malicious program can target hundreds of file extensions to encrypt them in order to extort money from you for the decryption. Our malware experts at anti-spyware-101.com say that this new ransomware threat belongs to the infamous Maktub Ransomware family. It can appear on your system without your knowledge and by the time you realize what has hit you, it will be too late to do anything. Well, there is one thing that you must do actually if you want to use and restore your PC. We recommend that you remove Iron Ransomware from your computer immediately. Of course, you may wrongly believe that paying the ransom fee can get your files back. But let us remind you that in most cases this is not so, unfortunately. It is your choice, though. Please read our full article to figure out how this beast may have entered your computer and how you can remove this vicious ransomware without possibly leaving leftovers. Read more »

Researchers working at anti-spyware-101.com have detected a new ransomware-type infection Nmcrypt Ransomware in the wild. It has turned out that this infection is not exactly a brand new threat since it seems to be a new version of an older crypto-threat NM4 Ransomware. The main thing that distinguishes it from the older version of this ransomware infection is the filename extension it uses. While the previous version used the .NM4 extension to mark encrypted files, Nmcrypt Ransomware appends .nmcrypt to all those files it affects, but there is no doubt that they share the same goal. Cyber criminals develop ransomware infections because they want to obtain money from users, and since they know that it is not so easy to make them send money, they usually set these malicious applications to lock the most valuable files they have. In other words, if the user ever gets infected with crypto-malware, the chances are high that he/she will find all documents, pictures, videos, and many other files encrypted. In such a case, you have only two choices. First, send money to cyber criminals expecting that they will unlock files for you or give you the decryption tool. Second, delete the ransomware infection from your system fully and then restore those affected files from a backup. The choice is yours, so choose wisely. Read more »

Scorpionlocker Ransomware is also known as H34rtbl33d Ransomware. The researchers who encountered the threat for the first time noticed it encrypts files and appends .H34rtBl33d extension at the end of their titles, which is why they decided to name the malware after it. Nevertheless, after some time it appeared that the malicious application could append different extensions, and it was decided it would be best to call it differently. The name Scorpionlocker Ransomware comes from a particular server URL address (h34rtbl33d.scorpionlocker.xyz) used by the cybercriminals who created the infection. If you continue reading our article, we will tell you more important information about the malicious applications, such as its working manner, possible distribution methods, etc. At the end of this page, we will also add manual removal instructions for users who decide to get rid of the infection instead of paying the ransom and putting their savings at risk, so if you need any assistance with its deletion feel free to use these steps. Read more »

Skyfile Ransomware is a newly-discovered ransomware infection our specialists have detected while looking for new malicious applications. Since it has been detected only recently and is still new crypto-malware, we believe that it is not distributed very actively yet. Of course, it does not mean that it cannot infiltrate your computer and cause you problems one day. Ransomware infections are quite sneaky threats, so the majority of users do not even notice when they infiltrate their computers. They find out about the entrance of crypto-malware when it is already too late, i.e. when they find their files locked. Users who do not want to end up with ransomware infections cannot leave their systems unprotected. If it is already too late for prevention in your case, we want to encourage you to delete Skyfile Ransomware from your system fully right away, especially if you are not going to send money to its author for the decryption of files. Yes, ransomware infections try to obtain money from victims. If it stays and continues working on your PC, all new files you create will be encrypted in no time as well. We cannot promise that you will delete Skyfile Ransomware from your system very easily because this infection drops a bunch of new files, disables Task Manager, and makes changes in the system registry on affected computers, so we recommend reading this report first before you go to remove this ransomware infection from your system. Read more »