Cryptolocker is initial version of ransomware-type virus. Although, this malware is no longer active, there are bunch of viruses based on it. And it’s no wonder why it motivated criminals to create similar projects. According to developers, their product got more than three million dollars from users who paid ransom. Today, we’ll consider one copycat form of it- Crypt0L0cker (TorrentLocker). Some newer variants even use initial name pretending to be original Cryptolocker ransomware. Following infiltration, it prevents access to your data using RSA-2048 encryption algorithm. All encrypted files are appended with .encrypted or .enc extensions.
Crypto1CoinBlocker is a ransomware that is very similar to Xorist, Erebus, HakunaMatata etc. First Crypto1CoinBlocker ransomware breaks into your system, then it encrypts most of personal files. After finishing encrypting process with RSA-2048 cryptography algorithm, this ransomware adds .1AcTiv7HDn82LmJHaUfqx9KGG55P9jCMyy file extension to the name of all the encrypted data.
Satan is a ransomware virus, having its own web service (Raas). Once infiltrated, it denies access to files using RSA-2048 and AES-256 encryption protocol. Each encrypted file is appended with .stn extension. Satan ransomware further places HELP_DECRYPT_FILES.html file on the desktop. The message reads, that victims must pay the ransom to decrypt data, otherwise they will be unavailable forever. At present, there is no tool capable of decrypting files affected with using RSA-2048.
What is Fanli90.cn? If the first thing you see when you open web browser is the web page with this address – Fanli90.cn – that means you’ve got infected with the virus, that’s why you need to remove Fanli90.cn redirect in order to prevent any further consequences. Fanli90.cn is a browser hijacker that is usually distributed through free software that average user may download on suspicious websites. This application will change your homepage to http://Fanli90.cn as well as spoil your browsing Read more […]
If you’re seeing the original extension of your files was changed to .ctb and .ctb2, that means the system is being infected with CTB-locker. CTB-locker is a ransomware which decrypts data on the victim’s computer. It uses RSA-2048 encryption, making it virtually impossible to restore files without special key. It is mentioned in note contained in three files: AllFilesAreLocked.bmp, DecryptAllFiles.txt and randomly named HTML file.