Crypton Ransomware is a new infection that will not miss a chance to encrypt your files if it ever successfully infiltrates your computer. At the time of writing, its C&C server seems to be down; however, this malicious application is still working properly, so there is no doubt that it can cause harm. It is evident that Crypton Ransomware targets users speaking Russian and English because the ransom note it leaves after encrypting files is both in Russian and English. Read more »
Researchers have recently detected a very interesting ransomware infection. It is called Karma Ransomware. Unlike other similar threats that used to be quite prevalent (e.g. Cerber Ransomware and Locky Ransomware), it pretends to be a Windows optimization application Windows-TuneUp. Since it tries to convince users that it is a beneficial program for cleaning the computer and boosting its performance, it has a very convincing interface. Even though it does not differ much from legitimate applications the way it looks, users notice quickly that it does not work. It only keeps showing a pop-up window saying “This feature will be available soon in the next update” when users try to enable any of its options. Karma Ransomware displays an interface of Windows-TuneUp not without reason. Once it is opened, it starts encrypting files stored on the computer silently. It does that using AES, which is known to be one of the strongest encryption algorithms, so that it would be very hard or even impossible to unlock those files without the special key. Fortunately, the C&C servers of Karma Ransomware are down at the time of writing, so it is very likely that it does not work anymore and will not affect more users; however, if this threat has already encrypted your files, you should go to delete it from your system as soon as possible. Paying money to cyber criminals is not encouraged. Read more »
Angela Merkel Ransomware is a dangerous threat targeting users’ personal files. Of course, Angela Merkel has nothing to do with it. This infection has been called like this only because it uses a picture of this political figure. According to experts working at anti-spyware-101.com, it is very likely that Angela Merkel Ransomware is not exactly new even though it has been detected recently. Specialists say that it might be very true that this computer infection is based on the engine of Exotic Ransomware, which was quite prevalent some time ago. At the time of writing, it seems that Angela Merkel Ransomware is still in development because it does not work properly. Unfortunately, it does not mean that it will leave your files unencrypted. It is not so hard to understand why file-encrypting ransomware infections act the way they do – they are tools that help cyber criminals extort money from users. In the case of Angela Merkel Ransomware, users cannot send the required money even if they want to because cyber criminals have forgotten to leave their Bitcoin address. In other words, it is impossible to make a payment. Of course, you might be reading this article because you have encountered a new fixed version of Angela Merkel Ransomware. In such a case, you should not spend your money on an expensive decryption key cyber criminals might not even have too. Read more »
HappyLocker Ransomware is a malicious program that appends an extension called .happy to its encrypted files. As our researchers at Anti-spyware-101.com report, the malware can encipher a broad range of file types, although it does not seem to affect any program data. If you suspect your computer could be infected with this particular threat, we advise you to carefully read through all the rest of the article and find more details about it. Also, if you would like to get rid of HappyLocker Ransomware manually, but do not know how we could offer our deletion instructions placed at the end of the article. As for not so experienced users, it might be easier to install a legitimate antimalware tool and let it remove the malware. Read more »
GPCode Ransomware is very similar to already existing ransomware infections encrypting files the way it acts; however, unlike the majority of older threats, it targets Windows Servers primarily. Once this infection is inside the system, it starts encrypting files the same second. It affects files located in different directories on the computer, but, luckily, it leaves the %WINDIR% directory containing system files alone. It means that the OS running on the computer will not be ruined. Even though you could reach your Desktop, you will find your programs and browsers (Mozilla Firefox and Google Chrome) encrypted next to personal data as well. Unfortunately, GPCode Ransomware uses a strong encryption algorithm (AES for personal files and RSA for the key), so it will be impossible to unlock those files without paying money for cyber criminals. Yes, you will be asked to pay a ransom after sending an email to gpcode@gp2mail.com, as told in the ransom note left on Desktop, folders containing encrypted files, and %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup (the ransom note is placed there so that it will be opened automatically for users on the startup of the system). Read more »
The entrance of a malicious application iRansom Ransomware means that a bunch of personal files stored on the computer will become unusable. Even though this infection was first detected at the beginning of November 2016 and is quite new, it also encrypts files like older ransomware infections. Just like these other threats, it does that so that it would give users a reason to pay money cyber crooks want from them. If you have got infected with this ransomware infection too, do not transfer money to cyber criminals even though it is said that purchasing the private key “stored on a hidden Internet database” is the only way to unlock files. What you should do instead of buying the key is to fully delete the ransomware infection from the system. Even though these personal files will stay encrypted, iRansom Ransomware could not encrypt new files you create in the %USERPROFILE% directory again. Also, the blue window with a ransom note will no longer be visible on Desktop. Read more »
Telecrypt Ransomware is a malicious threat that targets your personal files to encrypt them and, eventually, demand a ransom in return for their release. This devious infection is targeted at users who live in Russia (possibly the neighboring countries where Russian is spoken as well), and, of course, all information it provides is in Russian. The primary source of communication for this threat is a three-part notification that is represented via a pop-up window. It does not lock the screen, and you can easily close it by clicking the “X” button on the top-right corner. According to the information in this notification, you need to pay a ransom to have your files back, and we will discuss this notification in depth further in this report. Right now, we need to tell you that you must focus on this threat completely. The longer you postpone dealing with it, the more trouble you might get yourself into. You can read this report to learn if you can delete Telecrypt Ransomware from your operating system yourself, as well as what you can do to potentially retrieve your personal files. Read more »
Sharecash Screenlocker is a Trojan infection that displays a fake Windows warning. After this notification appears, the malicious application locks user's screen and does not allow to use the computer normally. Moreover, the fictitious Windows alert says the operating system is not genuine and demands to insert a Product key to activate it. Our researchers at Anti-spyware-101.com suspect that the malware’s creators might be trying to steal original Product Key numbers from their victims. Therefore, if you see Sharecash Screenlocker’s fake Windows alert, you should eliminate the Trojan as soon as possible. Since the threat is serious, we would advise you to use a reliable antimalware tool, although if you are experienced enough, you may try to erase it manually with the instructions placed below the article. Read more »
Malware experts working at our internal have come along yet another ransomware program. It goes by the name of Hollycrypt Ransomware. This particular category of infections is hugely popular nowadays as a lot of their developers can profit illegally employing them in an elaborate manner. Usually, a ransomware application is designed to encrypt personal or otherwise important data without any authorization whatsoever. It should be obvious that this type of program must be avoided at all times. To have a deeper understanding of how a ransomware in question works, make sure to read the rest of our report since it includes information discovered during its in-depth analysis. Also, we present a few simple yet valuable virtual security tips that will help you establish a fully secure system. If, unfortunately, your personal computer is already affected by Hollycrypt Ransomware, do not hesitate to use our detailed removal guide as soon as possible. Read more »
CLock.Win32 Ransomware is yet another malware infection that, similarly to Onyx Ransomware, does not actually encrypt your files as it claims. What’s more, this malicious program also feels like it is the work of an amateur. Our malware specialists at Anti-Spyware-101.com say that it might also be a test run because it would not be the first time that such a version hits the web. But even if this ransomware does not really take your files hostage, it can still cause a bit of headache because it blocks some of the main system functions, which makes it more difficult to put an end to this infection. The good news is that you do not need to send any money to these criminals to unlock your computer because we are here with the solution and will show you shortly how you can remove CLock.Win32 Ransomware from your computer. But before you jump to the end, let us tell you how you can infect your system with this ransomware because this is the key for you to protect your machine from more dangerous infections as well. Read more »
