What is Arena ransomware
At least two ransomware variants use .arena extension for encrypted files: Arena from Crysis (Dharma) ransomware family and Arena from CryptoMix family. Crysis’s Arena usually infects computers through Remote Desktop Services (RDP). It encrypts files using strong encryption algorithm that is considered unbreakable and upends .id-[your-id].[contact-email].arena to file names. From the information we gathered, users are asked to pay 0.5 bitcoins in the first 24 hours and 1 bitcoin later. This Arena will launch automatically every time you login to Windows and will encrypt new files that were created since its last run. Crysis’s Arena will create ransom notes called info.hta and FILES ENCRYPTED.txt (with a short text “all your data has been locked us You want to return? write email [contact-email]”).
CryptoMix’s Arena modifies names of encrypted files into hexadecimal strings and upends .arena extension. Its ransom note is named _HELP_INSTRUCTION.TXT.
Unfortunately, both Arena versions don’t have free decrypters as of now. However, you may try some other methods of recovering encrypted files.