Anti-spyware 101

Ahihi Ransomware might be inactive for now, but it does not mean you cannot encounter it anymore. The malicious program should encrypt various documents found on the infected computer and then show a ransom note. At the time the malware was active, its note claimed the user can decrypt his files if he only writes to the threat’s developers. However, after some time the infection lost connection to its server and it became impossible to decrypt any files affected by it. If you continue reading our report, we will explain why the hackers might be unable to decrypt your data anymore, which is why we do not advise writing to them. What our researchers at Anti-spyware-101.com recommend is erasing Ahihi Ransomware from the computer with the instructions available below or a legitimate antimalware tool of your choice. Also, users who have more questions about the threat can leave us their messages at the end of the article. Read more »

A message saying “Attention user!  Your computer has been locked by Blackware Ransomware Version 1.0,” can only mean you have encountered a threat called Blackware Ransomware. It locks the user’s screen and shows a warning that besides the already mentioned statement claims the user has to pay 0.057 Us dollars to regain his valuable data. Such a sum is extremely tiny compared to prices usually asked by cybercriminals, and the account for transferring the money appears to be fake. Therefore, we believe this malware might be still in development. If you continue reading our article, we will tell you more about it, including where it could come from and how it works. Also, users who wish to erase Blackware Ransomware manually can find manual deletion instructions prepared by our specialists at the end of this text. Read more »

Project57 Ransomware is a rather unusual ransomware application since it is compiled while using a tool known as Php2Exe, which is why it can work only with the help of a specific .dll file that it creates right after entering the system. Another thing we find odd about it is it displays a ransom note providing a Bitcoin wallet address for transferring the money, but the message says the user should pay zero Bitcoins. It is difficult to say whether this is a mistake or intentional, as the malware could be still in development mode. In any case, what we recommend for users who encounter it is to restore the files encrypted by the malware with backup copies. Of course, it would be safest to remove Project57 Ransomware first, which is why at the end of the text you will instructions explaining how to get rid of it manually. Read more »

Your files are in grave danger if DataWait Ransomware has encrypted them. The infection uses an algorithm that cannot be cracked that easily. Using this algorithm, the data of the files is changed, and the files become unreadable. Additionally, the “.DATAWAIT” extension is added to the original names, and that is how you might identify the corrupted files. Otherwise, you can try to open them, but you will see that that is not possible. Unfortunately, once files are encrypted, they might be unrecoverable. In the best case scenario, all of your personal files are backed up, and you can easily replace the corrupted files with backup copies after deleting DataWait Ransomware. If you want to review your backups, do NOT do that using the infected machine. Remove the threat first and then connect to other devices or cloud accounts. What about the private key that, allegedly, should restore your files? Do not pay for it, or you will lose your files and your money. Read more »

Do not leave your Windows operating system vulnerable to the malicious InducVirus Ransomware, also known as Delphi Ransomware. This dangerous infection relies on unprotected systems with security backdoors, and when it invades, the victim is not alarmed at all. The encryption process is silent, and the infection is capable of encrypting files in the %USERPROFILE% directory without any notice. Once they are encrypted, the “.FilGZmsp” extension is added to the names, which should help you see which files were corrupted faster. If you are prepared, your personal files are backed up, and there is nothing you need to worry about. Delete InducVirus Ransomware and then use your backups to access files. If files are not backed up, you might be thinking about contacting cyber criminals – something we discuss in this report – but that is dangerous. In any case, whatever moves you make, you must remove the infection, and the information Anti-Spyware-101.com research team provides will help you with the process. Read more »

Venom Ransomware displays a black window with links to articles about Bitcoins and instructions on how to pay for decryption tool. In exchange, the hackers behind the malware offer a decryptor that is said to recover files encrypted by the threat. The affected files are those that have .venom extension, for example, picture.jpg.venom. Another way to restore these files is to replace them with backup copies from cloud storage, removable media devices, and so on. If you have such an option, we recommend deleting Venom Ransomware right away. In fact, we would advise removing it even if you cannot restore your data, as putting up with the hackers’ demands could be hazardous. If you need instructions on how to eliminate the malicious application, you should check the steps available below. Naturally, to find out more details about the infection, we invite you to read our full article. Read more »

XCry Ransomware is a malicious program that locks private files and marks them with .xcry7684 extension. Such records become unusable without particular decryption tools. Sadly, they are in the hands of hackers who developed the malware, and they demand to be paid before providing them. Needless to say, there are no reassurances these people will hold on to their word, and if you do not want to be tricked, we advise not to put up with any demands. Our researchers think it would be safer to remove XCry Ransomware at once since it can restart with the system, which means it might be able to encrypt new files. To eliminate it manually you should follow the instructions placed at the end of this report. Read more »

ANATOVA Ransomware encrypts user’s data and drops a note called ANATOVA.txt. Inside of this note, the victim should find a text saying the files can be decrypted for 10 Dash. Currently, it is about 658 US dollars. It is a rather high price considering there are no guarantees the user will get what he pays for. Therefore, for those who come across this malicious application, we would advise not to make any rash decisions. It is best to learn more about the threat and only then decide what to do. Our recommended course of action is ANATOVA Ransomware’s deletion. It does not restore encrypted files, but it cleans up the system, and as a result, it becomes safe to transfer backup copies, create new data, and so on. If you decide you want to remove the malware instead of putting up with any demands, we invite you to take a look at the deletion instructions located below. Naturally, for more information about the threat, you should continue reading our report. Read more »