Author: Antario Phelps

Files encrypted by Vari Ransomware (DJVU Ransomware’s variants): Is there any solution? Vari Ransomware is another crypto-malware belongs to DJVU Ransomware family. Like other DJVU Ransomware’s variant, this harmful malware is capable of locking/encrypting all types of files stored in your computer. During the encryption process, it renames all files with .vari File Extension. For example, a file named something like “1.png” would appear as “1.png.vari” after encryption. In other word, we can say that you can’t open or use your personal files anymore due to its dubious behaviors. If your System has detected this malware, then you should try to remove Vari Ransomware from machine immediately. After encryption process is complete, ransom note as “_readme.txt” are dropped in affected folders that claims the only way to decrypt or recover your encrypted files is to purchase & use its decryption tools/keys. It also claims that in order to rename locked Read more

What is Fonix ransomware? Fonix ransomware or otherwise called FonixCrypter virus is a newly detected virus. The credit for this discovery goes to Michael Gillespie. This deadly infection is quarantined by 54 out of 74 AV engines. However, having AV tools inside the device does not mean that the ransomware payload will be blocked on your computer as its initial expression does not show it as malicious. Unfortunately, the payload can spread in camouflage with fake emails or brute-forced into targeted device via unprotected RDPs. Once the payload is launched, the ransomware installs in and performs all its functions.  As per researchers, the pattern used by this virus for encryption is reminiscent of that used by ouroboros ransomware. The Fonix ransomware encodes files using SAlSa20 and RSA 2048 ciphers and appends the files with .FONIX extension. After the files encoded, they become inaccessible on the compromised device. The users are Read more

What is MOBA ransomware? MOBA ransomware is a cryptovirus that intrudes in via pirated software installers and affects the non-system files like documents, pictures, audio files, archives, and appends them with .moba extension. The encryption allows the crooks behind it to demand ransom from the victims by claiming that nobody except them can help them in recover the files. Soon after the encryption, a ransom note in a file named _readme.txt is shown that contain the information provided by the crooks behind it. The message within it pretty much the same like the note displayed by other DJVU variants – the hackers demand $490/$980 for the decryption tool that they have. The contact detail is different in this case- the users are asked to establish connection to the crooks via [email protected] email address. MOBA ransomware is the threat that manages to affect the system in various ways. Besides encryption, it Read more

What is Maas Ransomware? Maas Ransomware is a huge risk cyber-infection, categorized as ransomware. It locks personal files on the victims’ PC, making them inaccessible. Unfortunately, the encrypted data cannot be recovered that easily. The virus belongs to infamous DJVU/STOP ransomware family. All previously decryptable versions of this family are no longer active. This malware belongs to the new versions of this family that encode files using online keys that cannot be deciphered at the moment. If all the files inside your device are marked with .maas extension, your files are already affected and you need to take serious action. The crooks want you to pay for the decryption tool that they have. For this, they display ransom demanding message that clearly states that no tools except that they have can decrypt the files. They demand $980/$490 in bitcoin for exchange of the decryptor. However, the main task of them Read more

Proper guide to delete PGP Ransomware from system PGP Ransomware is also known as PGP virus that belongs to Dharma ransomware family and is just designed to prevent targeted users to access their own files using strong encryption algorithm. Through these ciphers, the files available on desktop are locked and users are enforced to buy a decryption tool or key from attackers. In the case of ransomware infection, this Cryptovirus use .pgp extension following encryption to mark files and drops a ransom note named FILES ENCRYPTED.txt which describe user with instruction regarding how to contact hackers and restore encrypted files. However, the experts never recommend people to contact hackers so it’s better to seek some effective methods or guidelines which can help users to sort out this critical issue. Detailed information about PGP Ransomware Speaking more about the ransom note, it basically appears on the screen whenever the victims try Read more

Proper guide to delete Professeur Ransomware immediately Professeur Ransomware is new deadly file encoding malware which tends to silently infiltrate the Windows PC without being noticed by the users and locks their crucial files and data stored inside the machine. This piece of malicious software belongs to Jigsaw ransomware family. This dubious malware is specifically designed to encrypt file, add their own extension and display a ransom note in pop-up window. Following successful encryption, it demands the users to pay hackers with a specified ransom fee in order to seek file decryption key or tool. After that, it retiled those data by appending the “.Professeur” extensions to the end of their filenames and makes it completely useless. Threat summary Name: Professeur Ransomware Type: Ransomware, Crypto Virus, Files locker Files extension: .Professeur Ransom demanding message: Text presented in the pop-up Description: all files are encrypted and become inaccessible. A ransom note Read more