Articles about ransomware – malware encrypting your personal files or stopping you from accessing your computer – and ways to remove it
SSPQ is a malicious program that encrypts frequently used files found on the victim’s computer. SSPQ virus finds important files, usually photos, videos, working documents, archives, and starts an infection algorithm to make files inaccessible. Such files receive the extension .sspq . Then, virus displays a message prompting you to decrypt the data if the payment is made in bitcoins _readme.txt :
Rookie Crypt is ransomware. Ransomware is viruses that sneak into the system in order to infect the device and lock files. Victims will not be able to use these files, so virus takes advantage of this situation and extorts money for decryption. The encryption process adds a unique identifier extension to the affected files, something like .943-A61-433 . After the encryption process is complete, Rookie Crypt virus displays a ransom note, which is placed in the folders with encrypted files. When the user opens such folders, a note from developers opens:
Exx is another computer pest designed to deceive money. First, Exx virus sneaks into the system, usually through some free application. Then, Exx virus finds files important for users (photos, videos, archives, working documents) and encrypts them using a special RSA-2048 cryptographic algorithm and adds extension .exx . When the encryption process is over, Exx ransomware creates a file HELP_RESTORE_FILES.txt , which displays a message when opening locked files
A new variant of STOP (Djvu) ransomware has appeared that changes the extension of the files it encrypts to .mppq. Mppq ransomware may get installed on a computer after a user opens a file downloaded from an untrustworthy source. After installation, the ransomware connects via Internet to its server where a unique pair of encryption and decryption keys is generated. The encryption key is sent back to the infected computer to encrypt files with. Mppq then encrypts files and drops ransom notes in folders with instructions on how to contact its developers and pay the ransom.
Pahd is a new variant of Djvu (STOP) ransomware. Pahd may end up on a PC after a user opens a file downloaded from an unverified source. Pahd encrypts files on the infected computer and leaves its ransom note called “_readme.txt” in folders with encrypted files, with decryption prices and ways to contact the ransomware developers. Unfortunately, there is little chance to decrypt .pahd files for free. You may try Emsisoft’s Decrypter that may work in rare cases. Otherwise, there are some methods of file recovery that may help you recover part of the files, though that is not a guarantee. This articles describes how you can remove Pahd ransomware from your computer and try to restore .pahd files.
Xdqd is a ransomware type of malware that restricts access to important files (documents, images, videos), in general, which users use most often. This virus adds the extension . [Xdatarecovery@msgsafe.io] .xdqd to every blocked file. Then it tries to extort money from victims by asking for a ransom in exchange for access to the data. This information is delivered via a note from Xdqd virus workers readme-warning.txt :
STOP is an old ransomware program that still infects browsers all over the world. This is an old virus, but every day scammers develop new versions of virus to increase their income. STOP encodes important files on the computer to prevent further use. Unavailable files have the extensions .STOP , .SUSPENDED , or .WAITING , which denote files that cannot be opened. Unfortunately, it is also impossible to remove the extension by renaming, because the developers use a powerful encryption code. After all files are encrypted, STOP will display the ransom note on the desktop and in the folders where the encrypted files are located:
Ekvf is a new variant in the Djvu (STOP) ransomware family. It encrypts users’ files, appends .ekvf extension to them and leaves ransom notes called _readme.txt in folders with encrypted files. Unfortunately, there is little chance of decrypting .ekvf file without paying the criminals. You may try Emsisoft’s Decrypter and see if it works. Otherwise, there are methods of file recovery usually used for deleted files, that you may try. In some cases they help users restore some of most of their lost files. This article provides you with ways to remove Ekvf ransomware virus and try to recover .ekvf files.
Reig is a new variant of STOP (Djvu) ransomware. It may get downloaded onto a computer together with a fake Flash Player update or with a software crack/pirated program. Reig will encrypt users’ files and add .reig extension to them, then leave ransom notes called _readme.txt in folders with encrypted files.
YGKZ is a new ransomware virus, that belongs to STOP/DJVU file-encryption-ransomware family. In the most cases, YGKZ ransomware spreads by the means of malicious executables and installers. Such files are usually promoted as free/cracked software and distributed through free-file sharing services and torrent trackers. However, criminals can easily infect computers remotely the means of remote access ports and terminals. When YGKZ gets into the operating system, it begins to modify registry folder and infects system processes. Then YGKZ virus begins the encryption process. As the result, your files get new “.YGKZ” extensions. At the same time YGKZ drops the ransom note called “_readme.txt”. By the means of such note criminals try to assure you, that the only way out is to pay them. We strongly recommend you to avoid any contact with them, because there is no any guarantee, that they will decrypt the files. Moreover, it’s easy for them to make the situation much worse. So, if you need to remove YGKZ ransomware and decrypt “.YGKZ” files, you’d better use our guide!