Anti-spyware 101

Malevich Ransomware is named this way because the malicious program changes user’s Desktop wallpaper with an image that contains the word “Malevich.” This picture should appear after the malware finishes encrypting user’s personal and program data. Besides, the new wallpaper, the user should also notice a text document created after the encryption. It is a ransom note left by the cyber criminals who developed the malware. Instead of giving detailed instructions, Malevich Ransomware’s creators want to be contacted via email. Thus, it is hard to tell what the price could be, as it might be different for each user or all the same to everyone. However, what we do know is that paying the ransom could be risky. As you continue reading the article, we will provide you with more information and most importantly we will place step by step deletion instructions below the article. Read more »

We have yet another ransomware based on the CrySIS Ransomware engine to report, and this one is called Ninja_gaiver@aol.com Ransomware. This malicious ransomware might have a unique name, but it is no different than Milarepa.lotos@aol.com Ransomware, Drugvokrug727@india.com Ransomware, and all other threats that belong to the same family. Unfortunately, at the moment, decryption tools that would be able to decrypt files corrupted by these ransomware infections do not exist. This means that you are completely in the hands of the cyber criminals who have developed the ransomware. If your files were corrupted by this malicious threat, there is very little you can do. If you have not encountered this threat yet, please reinforce protection immediately because you do not want to lose your files. Of course, if the ransomware is already active, make sure you delete it as soon as you read this report. We include instructions that will help you remove Ninja_gaiver@aol.com Ransomware manually. Read more »

Sitaram108 Ransomware is a computer threat targeted at users’ personal files. Once it is inside the computer, it scans it and then locks all the valuable files it manages to find. According to specialists who have carried out research, Sitaram108 Ransomware locks such files as pictures, documents, music, and even third-party applications. You will quickly notice that you cannot access them. On top of that, they will have the new filename extension, e.g. id.-(unique ID).{sitaram108@india.com}.xtbl or .id-(unique ID).{sitaram108@aol.com}.xtbl. Cyber criminals expect that many users will contact them and then pay the required amount of money for the decryption tool. We understand that you need your files back badly; however, we do not recommend transferring money to cyber criminals because you have no guarantees that you will receive the key or software to decrypt those files. Even though Sitaram108 Ransomware is based on the CrySiS Ransomware, and it is said that it is basically impossible to decrypt those files it touches, you should still download the free tool from the web to try to unlock files. If you find the free software useless, we suggest that you keep those encrypted files because specialists might develop the free tool in the future. Of course, it does not mean that you do not need to remove Sitaram108 Ransomware from your computer. Read more »

Milarepa.lotos@aol.com Ransomware might be the new release of the cyber criminals who developed such malicious programs as Vegclass@aol.com Ransomware, Meldonii@india.com Ransomware, Redshitline Ransomware, or other infections alike. Apparently, the threat was created while using the same CrySiS Ransomware engine. Since we have tested not only this particular malware but also lots of other similar ones, its working manner is well known to our researchers at Anti-spyware-101.com. For instance, we can tell you that the malicious application should encrypt all data on the computer except the one that belongs to the Windows operating system. As you continue reading the article, you will learn even more details about the infection. In addition, we are placing removal instructions below the text. Thus, if you were looking for a way to eliminate the malware manually, you came to the right place. Read more »

Makdonalds@india.com Ransomware is an oddly-named malware whose objective is to encrypt your files and demand that you pay a ransom in return for the decryption software. However, we suggest that you remove it instead of paying the ransom because the cyber crooks might not keep their word and send you the decryption tool. This ransomware has been discovered only recently, so a free decryptor has yet to be developed. To find out more about this malware, please read this whole description. Read more »

Malicious software is very prevalent these days. It can enter any computer with an Internet connection. GruzinRussian@aol.com Ransomware is one of the newest and most disturbing threats spreading through the web these days. Users can encounter it no matter where they live. It is clear that GruzinRussian@aol.com Ransomware, like other ransomware infections, including Redshitline Ransomware and Vegclass@aol.com Ransomware is targeted at users’ personal files. People who encounter this threat immediately notice that they cannot access any of their files because they are all encrypted. It has been found that GruzinRussian@aol.com Ransomware not only encrypts personal files, i.e. music, documents, and pictures, but also locks third-party applications. The threat uses the RSA-2048 encryption key to lock those files, so you cannot do much about that. Actually, you have only two options: pay money to cyber criminals for the decryptor or use free software. Read more »

Drugvokrug727@india.com Ransomware might have been created by Russians because the notification that this threat carries is in Russian. This message is also translated into English, but it is obvious that it was done by someone who does not know the language: “Decryptor files are available at post office: Drugvokrug727@india.com”. Obviously, the name of the ransomware derives from the email address representing its creator. This is the story behind the names of Opencode@india.com Ransomware, Meldonii@india.com Ransomware, Radxlove7@india.com, and many other infamous infections whose removal we have discussed in separate reports. This report was created based on the analysis by Anti-Spyware-101.com malware researchers, and it is all about the removal of Drugvokrug727@india.com Ransomware. Are you postponing the elimination of this threat because you think it will stop you from decrypting your precious files? Well, that is not exactly the truth. Read more »

Veracrypt Ransomware is a harmful application that was created to encrypt user’s data and later extort money for the decryption tools. It can lock your personal files such as photographs, documents, or videos. Plus, the malware might also encrypt third-party software. It means that all programs, which do not belong to Microsoft should stop working. Unfortunately, deleting Veracrypt Ransomware will not undo the damage that is already made. Still, keeping a malicious program on the system is not a good idea, so naturally, we advise you to get rid of it as soon as possible. If you want to try to remove it manually, you should slide below and check the instructions prepared by our researchers. Nonetheless, if the process seems a little complicated, users could use an antimalware tool to erase the malicious application. Read more »