And every year more and more new ones appear ... more interesting and more interesting. The most popular recent virus (Trojan-Ransom.Win32.Rector), which encrypts all your files (*.mp3, *.doc, *.docx, *.iso, *.pdf, *.jpg, *.rar, etc.) .d.). The problem is that it is extremely difficult and time-consuming to decrypt such files, depending on the type of encryption, decryption can take weeks, months or even years. In my opinion this virus is this moment, the apogee in danger among other viruses. It is especially dangerous for home computers / laptops, since most users do not backup their data and when they encrypt files, they lose all data. For organizations, this virus is less dangerous because they make backups important data and in case of infection, they simply restore them, of course, after removing the virus. I met this virus several times, I will describe how it happened and what it led to.

The first time I got acquainted with a virus that encrypts files was at the beginning of 2014. An administrator from another city contacted me and told me the most unpleasant news - All files on the file server are encrypted! The infection happened in an elementary way - a letter came to the accounting department with the attachment "Act something there.pdf.exe" as you understand, they opened this EXE file and the process went... it encrypted all the personal files on the computer and went to file server(it was mapped by a network drive). Together with the administrator, we began to dig information on the Internet ... at that time there was no solution ... everyone wrote that there was such a virus, it was not known how to treat it, it was not possible to decrypt the files, perhaps sending files to Kaspersky, Dr Web or Nod32 would help. You can send them only if you use their anti-virus programs (there are licenses). We sent the files to Dr Web and Nod32, the results were 0, I don’t remember what they said in Dr Web, but in Nod 32 they were completely silent and I didn’t wait for any response from them. In general, everything was sad and we never found a solution, some of the files were restored from a backup.

The second story - just the other day (mid-October 2014) I got a call from the organization asking me to solve the problem with the virus, as you understand, all the files on the computer were encrypted. Here is an example of what it looked like.

As you can see, *.AES256 extension has been added to each file. In each folder there was a file "Attention_open-me.txt" in which there were contacts for communication.

When trying to open these files, a program with contacts was opened to contact the authors of the virus to pay for the decryption. Of course, I don’t recommend contacting them, and paying for the code too, since you will only support them financially and it’s not a fact that you will receive a decryption key.

The infection occurred during the installation of a program downloaded from the Internet. The most surprising thing was that when they noticed that the files had changed (icons and file extensions had changed), they did nothing and continued to work, and in the meantime the ransomware continued to encrypt all files.

Attention!!! If you notice file encryption on your computer (changing icons, changing the extension), immediately turn off your computer / laptop, and look for a solution from another device (from another computer / laptop, phone, tablet) or contact IT specialists. The longer your computer/laptop is left on, the more files he encrypts.

In general, I already wanted to refuse to help them, but I decided to surf the Internet, maybe there is already a solution for this problem. As a result of the searches, I read a lot of information that it cannot be decrypted, that you need to send files to anti-virus companies (Kaspersky, Dr Web or Nod32) - thanks, it was an experience.
I came across a utility from Kaspersky - RectorDecryptor. And lo and behold, the files were decrypted. Well, first things first...

The first step is to stop the ransomware. You will not be found on antiviruses, because the installed Dr Web did not find anything. First of all, I went into autoloads and disabled all autoloads (except antivirus). Rebooted the computer. Then he began to look at what kind of files were in startup.

As you can see, in the "Command" field it is indicated where the file is located, special attention is required to remove applications without a signature (Manufacturer - No data). In general, I found and removed malware and files that were not yet clear to me. After that, I cleaned the temporary folders and browser caches, it is best to use the program for these purposes CCleaner .

Then I proceeded to decrypt the files, for this I downloaded decryption program RectorDecryptor . Launched and saw a rather ascetic utility interface.

I clicked "Start Check", indicated the extension that all modified files had.

And indicated the encrypted file. In newer versions of RectorDecryptor, you can simply specify the encrypted file. Click the "Open" button.

Tada-a-a-am!!! A miracle happened and the file was decrypted.

After that, the utility automatically checks all computer files + files on the connected network drive and decrypts them. The decryption process may take several hours (depending on the number of encrypted files and the speed of your computer).

As a result, all encrypted files were successfully decrypted into the same directory where they were originally located.

It remains to delete all files with the .AES256 extension, this could be done by checking the "Delete encrypted files after successful decryption" checkbox if you clicked "Change verification settings" in the RectorDecryptor window.

But remember that it is better not to check this box, because in case of unsuccessful decryption of files, they will be deleted and in order to try to decrypt them again, you will have to start them reestablish .

When trying to delete all encrypted files with standard search and removal, I came across freezes and extremely slow computer performance.

Therefore, to remove it, it is best to use the command line, run it and write del"<диск>:\*.<расширение зашифрованного файла>"/f/s. In my case del "d:\*.AES256" /f /s.

Do not forget to delete the "Attention_open-me.txt" files, for this, in command line use the command del"<диск>:\*.<имя файла>"/f/s, for example
del "d:\Attention_open-me.txt" /f /s

Thus, the virus was defeated and the files restored. I want to warn you that this method will not help everyone, the thing is that Kapersky in this utility collected all the known keys for decryption (from those files that were sent by those infected with the virus) and selects the keys and decrypts by brute force. Those. if your files are encrypted by a virus with a key that is not yet known, then this method will not help... you will have to send infected files to anti-virus companies - Kaspersky, Dr Web or Nod32 to decrypt them.

These viruses may differ slightly, but in general, their actions are always the same:

• install on a computer;
• encrypt all files that may have at least some value (documents, photos);
• when trying to open these files, require the user to deposit a certain amount to the wallet or account of the attacker, otherwise access to the content will never be opened.

Virus encrypted files in xtbl

Currently, a virus has become quite widespread, capable of encrypting files and changing their extension to .xtbl, as well as replacing their name with completely random characters.

In addition, in a conspicuous place is created special file with instructions readme.txt. In it, the attacker puts the user in front of the fact that all his important data was encrypted and now they can’t be opened so easily, supplementing this with the fact that in order to return everything to its previous state, it is necessary to perform certain actions related to the transfer of money to the fraudster (usually, before that, you need to send a certain code to one of the proposed addresses Email). Often such messages are also supplemented with a note that if you try to decrypt all your files yourself, you risk losing them forever.

Unfortunately, at the moment, officially no one has been able to decrypt .xtbl, if a working method appears, we will definitely report about it in the article. Among the users there are those who had a similar experience with this virus and they paid the scammers the required amount, receiving in return the decryption of their documents. But this is an extremely risky step, because among the attackers there are those who don’t particularly bother with the promised decryption, in the end it will be money down the drain.

What to do then, you ask? We offer a few tips that will help you get all your data back and at the same time, you will not be led by scammers and give them your money. And so what needs to be done:

1. If you know how to work in the Task Manager, then immediately interrupt file encryption by stopping the suspicious process. At the same time, disconnect your computer from the Internet - many ransomware needs a network connection.
2. Take a piece of paper and write down on it the code proposed for sending to the mail to attackers (a piece of paper because the file you will write to may also become unreadable).
3. With help anti-virus tools Malwarebytes Antimalware, trial antivirus Kaspersky IS or CureIt, uninstall malware. For greater reliability, it is better to consistently use all the proposed means. Although Kaspersky Anti-Virus can not be installed if the system already has one main anti-virus, otherwise software conflicts may occur. All other utilities can be used in any situation.
4. Wait until one of the anti-virus companies develops a working decryptor for such files. Kaspersky Lab copes most quickly.
5. Additionally, you can send to [email protected] a copy of the file that was encrypted with the required code and, if any, the same file in its original form. It is quite possible that this could speed up the development of a file decryption method.

Do not under any circumstances:

• renaming these documents;
• changing their extension;
• deleting files.

These Trojans also encrypt users' files and then extort them. At the same time, encrypted files can have the following extensions:

• .locked
• .crypto
• .kraken
• .AES256 (not necessarily this trojan, there are others that install the same extension).
• [email protected] _com
• .oshit
• And others.

Fortunately, a special decryption utility has already been created - RakhniDecryptor. You can download it from the official site.

On the same site, you can find instructions that show in detail and clearly how to use the utility to decrypt all the files that the Trojan has worked on. In principle, for greater reliability, it is worth excluding the item for deleting encrypted files. But most likely, the developers did a good job of creating the utility and nothing threatens data integrity.

Those who use licensed Dr.Web anti-virus have free access to decryption from developers http://support.drweb.com/new/free_unlocker/.

Other types of ransomware viruses

Sometimes other viruses can also come across that encrypt important files and extort payment for returning everything to its original form. We offer a small list with utilities to deal with the consequences of the most common viruses. There you can also get acquainted with the main features by which you can distinguish one or another Trojan program.

Besides, in a good way will scan your PC with Kaspersky antivirus, which will detect an intruder and give it a name. By this name, you can already search for a decoder for it.

• Trojan-Ransom.Win32.Rector- a typical extortionist encoder that requires you to send SMS or perform other actions of this kind, we take the decryptor from this link.
• Trojan-Ransom.Win32.Xorist- a variation of the previous Trojan, you can get a decryptor with a guide to its use.
• Trojan-Ransom.Win32.Rannoh, Trojan-Ransom.Win32.Fury- for these guys there is also a special utility, look at

Viruses by themselves today are almost no surprise to anyone. If earlier they affected the entire system as a whole, today there are various types of viruses. One of these varieties is a ransomware virus. The effect of a penetrating threat concerns more user information. However, it can be more dangerous than destructive executables and spy applets. What is an encryption virus? The code itself, which is written in a self-copying virus, involves the encryption of all user information with special cryptographic algorithms that do not affect system files the operating system itself.

The logic of the impact of the virus may not be clear to everyone. Everything became clear when the hackers who developed these applets began to demand some amount for restoring the original structure of the files. At the same time, the ransomware that has entered the system does not allow decrypting the files. This will require a special decoder, or in other words a special algorithm with which you can restore the content.

Ransomware: the principle of penetration into systems and the operation of the virus

Picking up such an infection on the Internet is usually quite difficult. Mostly given type viruses are transmitted by e-mail at the level of clients installed on one computer terminal, such as the Bat, Outlook, Thunderbird. It should be noted right away that this does not apply to Internet mail servers, since they have quite a high degree protection. Access to user information is carried out only at the level cloud storage information. An application on a specific computer terminal is quite another matter.

The field of activity for the development of viruses is so wide that it is difficult to imagine. However, a small caveat needs to be made here. In most cases, viruses target large organizations and companies that will be able to pay a significant amount to decrypt personal information. It is clear, because computer terminals and servers of computer companies store confidential information and files in single copy which should not be deleted under any circumstances. In this case, decrypting files after the action of the ransomware virus can be quite problematic. Of course, an ordinary user can also be subjected to such an attack, although this is unlikely, especially if the user follows the simplest recommendations for working with attachments of an unknown type.

Even if mail client detects attachments, for example, as files with the extension .jpg or other graphic extension, it is best to check first given file standard antivirus used in the system. If you do not do this, then after opening the attachment file by double-clicking, the activation of the code may start and the encryption process will begin. After that, it will be impossible to remove the ransomware itself and restore files after the threat is eliminated.

General consequences of exposure to a ransomware virus

As mentioned earlier, most viruses enter the system through e-mail. Suppose a large organization receives a letter with content like “The contract has been changed, a scan is attached to the letter” or “You have been sent an invoice for the shipment of goods.” An unsuspecting employee of the company simply opens the attached file and after that all user files are instantly encrypted. These are all files, from office documents to archives and multimedia. All important data is encrypted, and if the computer terminal is connected to local network, then the virus can be transmitted further, while encrypting data on other machines.

The execution of this process can be seen by the slowdown and freezing of programs running on the computer terminal at the moment. When the encryption process is completed, the virus sends a kind of report, after which the organization will receive a message stating that a threat has entered the system, and in order to decrypt the files, you need to contact the virus developer. As a rule, this applies to the virus [email protected] Next, the requirement to pay for decryption services will be given. The user will be prompted to send some encrypted files to an email that is most likely bogus.

Damage from exposure to the virus

If you have not yet fully understood the essence of the problem, then it should be noted that decrypting files after the action of the encryption virus is a rather laborious process. If the user does not follow the requirements of the attackers, but instead tries to use state structures to combat computer crimes, nothing sensible will come of it. If you try to delete all data from the computer, and then perform a system restore and copy the original information from removable media, then all the information will still be re-encrypted. So don't get too carried away about this. Also, when inserting a flash drive into USB port the user will not even notice that the virus will encrypt all the data on it. Then there will be even more problems.

First ransomware virus

Consider what the first encryption virus was. At the time of its appearance, no one thought how it was possible to cure or decrypt files after exposure to the executable code that was enclosed in an email attachment. Only with time came the realization of the full scale of the disaster. The first ransomware virus had the rather romantic name "I Love You". The user, who did not suspect anything, simply opened the attachment in the letter that came by e-mail and as a result received completely unplayable multimedia files (video, graphics and audio). Such actions looked more destructive, but no one demanded money for decrypting the data at that time.

The latest modifications

The evolution of technology has become quite a lucrative business, especially when you consider the fact that many leaders of large firms are in a hurry to pay the required amount to attackers as soon as possible, without even thinking about the fact that they may be left without money and without necessary information. Do not believe all these leftist posts on the Internet, like "I paid the required amount, they sent me a decryptor, and all the information was restored." All this is nonsense. Basically, such reviews are written by the virus developers themselves in order to attract potential victims. By the standards of ordinary users, the amounts that attackers demand for decrypting data are quite serious. It can reach several thousand dollars or euros. Now let's take a look at the features latest viruses of this type. All of them are similar to each other and can belong not only to the category of ransomware viruses, but also to the so-called ransomware category. In some cases, they act quite correctly, sending messages to the user that someone wants to take care of the safety of the organization's or user's information. With its messages, such a ransomware virus simply misleads users. However, if the user pays the required amount, he will simply be “divorced”.

XTBL virus

The XTBL virus, which appeared relatively recently, can be attributed to the classic version of ransomware viruses. Such objects, as a rule, penetrate the system through messages transmitted by e-mail. Messages may contain file attachments with the .scr extension. This extension is standard for the Windows screensaver. The user thinks that everything is in order and activates the view or saves this attachment. This operation can lead to rather unfortunate consequences. File names are converted to a simple set of characters. The combination .xtbl is added to the main file extension. After that, a message is sent to the desired address about the possibility of decryption after paying a certain amount.

This type of virus can also be classified as a classic ransomware. It appears in the system after opening email attachments. This virus also renames the user's files and adds a combination like .perfect and .nonchance at the end of the extension. Decryption of this type of encryption virus, unfortunately, is not possible. After completing all the steps, it simply self-destructs. Even such a universal tool as RectorDecryptor does not help. The user receives an email demanding payment. The user has two days to pay.

Breaking_Bad virus

This type of threat works according to the already familiar pattern. It renames the user's files by adding the .breaking_bad combination to the extension. But the matter is not limited to this. Unlike other ransomware, this virus can create another .Heisenberg extension. Therefore, it is quite difficult to find all infected files. It is also worth saying that the Breaking_Bad virus is a rather serious threat. There are cases when even the licensed anti-virus program Kaspersky_Endpoint Security misses such a threat.

Virus [email protected]

Virus [email protected] is another rather serious threat, which is mostly aimed at large commercial organizations. Usually, some department of the company receives an email containing a .jpg or .js file. How can this type of virus be decoded? Judging by the fact that the RSA-1024 algorithm is used there, no way. Based on the name of the algorithm, we can assume that it uses a 1024-bit encryption system. To date, the 256-bit system is considered the most advanced.

Ransomware Virus: Can Antivirus Software Decrypt Files?

No way to decrypt files after the action of such threats has yet been found. Even such recognized masters in the field antivirus protection, as Dr Web, Kaspersky, Eset cannot find the key to solving the problem. How to cure files in this case? As a rule, the user is prompted to send an official request to the website of the anti-virus program developer. In this case, you must attach several encrypted files and their originals, if any. Few users today store on removable media copies of the data. The problem of their absence can only exacerbate an already unpleasant situation.

Manual removal of a threat: possible methods

In some cases, scanning with conventional anti-virus programs identifies such malicious objects and even eliminates these threats. But what to do with encrypted information? Some users try to use decryption programs. It should be noted right away that these actions will not lead to anything good. In the case of the Breaking_Bad virus, this can even be harmful. The fact is that the attackers who create such viruses are trying to protect themselves and teach others a lesson. When using decryption utilities, a virus can react in such a way that the entire operating system crashes and at the same time completely destroys all information stored on logical partitions and hard drives. Hope only for official anti-virus laboratories.

Radical ways

If things are really bad, then you can format HDD, including virtual partitions, and then reinstall operating system. Unfortunately, there is no other way out. Rolling back the system to a specific restore point will not help fix the situation. As a result, the virus may disappear, but the files will still remain encrypted.

Modern technologies allow hackers to constantly improve the ways of fraud in relation to ordinary users. As a rule, virus software that penetrates a computer is used for these purposes. Encryption viruses are considered especially dangerous. The threat lies in the fact that the virus spreads very quickly, encrypting files (the user simply cannot open any document). And if it is quite simple, then it is much more difficult to decrypt the data.

What to do if a virus has encrypted files on your computer

Everyone can be attacked by a ransomware, even users who have powerful antivirus software are not insured. File encryptor trojans are represented by different code, which may be beyond the power of the antivirus. Hackers even manage to attack in this way large companies that have not taken care of the necessary protection of their information. So, having “picked up” a ransomware program online, you need to take a number of measures.

The main signs of infection are the slow operation of the computer and the change in the names of documents (you can see it on the desktop).

1. Restart your computer to stop encryption. When enabled, do not confirm the launch of unknown programs.
2. Run the antivirus if it has not been attacked by ransomware.
3. In some cases, shadow copies will help restore information. To find them, open the "Properties" of the encrypted document. This method works with the encrypted data of the Vault extension, which has information on the portal.
4. Download the utility latest version to combat ransomware viruses. The most effective ones are offered by Kaspersky Lab.

Encryption viruses in 2016: examples

When fighting any virus attack, it is important to understand that the code changes very often, supplemented new protection from antiviruses. Of course, protection programs need some time until the developer updates the databases. We have selected the most dangerous encryption viruses of recent times.

Ishtar ransomware

Ishtar is a ransomware that extorts money from the user. The virus was noticed in the autumn of 2016, infecting a huge number of computers of users from Russia and a number of other countries. It is distributed using email distribution, which contains attached documents (installers, documents, etc.). Data infected with the Ishtar ransomware gets the prefix "ISHTAR" in the name. The process creates a test document that indicates where to go to get the password. The attackers demand from 3,000 to 15,000 rubles for it.

The danger of the Ishtar virus is that today there is no decryptor that would help users. Antivirus software companies need time to decipher all the code. Now we can only isolate important information(if they are of particular importance) to a separate medium, waiting for the release of a utility capable of decrypting documents. It is recommended to reinstall the operating system.

Neitrino

The Neitrino ransomware appeared on the Internet in 2015. By the principle of attack, it is similar to other viruses of this category. Changes the names of folders and files by adding "Neitrino" or "Neutrino". The virus is difficult to decipher - far from all representatives of antivirus companies undertake this, referring to a very complex code. Restoring a shadow copy may help some users. To do this, click right click click on the encrypted document, go to "Properties", tab "Previous Versions", click "Restore". It would not be superfluous to use free utility from Kaspersky Lab.

Wallet or .wallet.

The Wallet encryption virus appeared at the end of 2016. During the infection process, it changes the name of the data to "Name..wallet" or similar. Like most ransomware viruses, it enters the system through email attachments sent by hackers. Since the threat appeared quite recently, antivirus programs do not notice it. After encryption, it creates a document in which the fraudster specifies the mail for communication. Currently, anti-virus software developers are working on decrypting the code of the ransomware virus. [email protected] Attacked users can only wait. If the data is important, it is recommended to save it on external drive by clearing the system.

Enigma

Enigma ransomware virus started infecting computers of Russian users at the end of April 2016. It uses the AES-RSA encryption model, which is found in most ransomware today. The virus penetrates the computer using a script that the user himself runs by opening files from a suspicious email. There is still no universal remedy for dealing with the Enigma cipher. Users who have a license for an antivirus can ask for help on the official website of the developer. A small "loophole" was also found - Windows UAC. If the user clicks "No" in the window that appears during the virus infection, they can later restore information using shadow copies.

Granite

New ransomware virus Granit appeared on the Web in the fall of 2016. Infection occurs according to the following scenario: the user launches an installer that infects and encrypts all data on the PC and connected drives. Fighting the virus is difficult. To remove, you can use special utilities from Kaspersky, but the code has not yet been decrypted. Restoring previous versions of the data may help. In addition, a specialist who has extensive experience can decrypt, but the service is expensive.

Tyson

Was seen recently. It is an extension of the already well-known no_more_ransom ransomware, which you can learn about on our website. Gets to personal computers from e-mail. Many corporate PCs have been attacked. Virus creates Text Document with instructions to unlock, offering to pay a "ransom". The Tyson ransomware has recently appeared, so there is no unlock key yet. The only way to recover information is to return previous versions unless they have been removed by a virus. You can, of course, take a risk by transferring money to the account indicated by the attackers, but there is no guarantee that you will receive the password.

Spora

In early 2017, a number of users fell victim to the new Spora ransomware. According to the principle of operation, it does not differ much from its counterparts, but boasts a more professional performance: instructions for obtaining a password are better written, the website looks prettier. Created Spora ransomware in C language, uses a combination of RSA and AES to encrypt victim data. As a rule, the computers that are actively used are attacked. accounting program 1C. The virus, hiding under the guise of a simple invoice in .pdf format, forces company employees to launch it. No cure has been found yet.

1C.Drop.1

This encryption virus for 1C appeared in the summer of 2016, disrupting the work of many accounting departments. Designed specifically for computers that use software 1C. Getting through a file in an email to a PC, it prompts the owner to update the program. Whichever button the user presses, the virus will start encrypting files. Dr.Web specialists are working on decryption tools, but so far no solution has been found. This is due to the complex code, which can be in several modifications. The only protection against 1C.Drop.1 is the vigilance of users and the regular archiving of important documents.

da_vinci_code

A new ransomware with an unusual name. The virus appeared in the spring of 2016. It differs from its predecessors by improved code and strong encryption mode. da_vinci_code infects a computer thanks to an executable application (usually attached to an email), which the user independently launches. The da Vinci coder (da vinci code) copies the body to the system directory and registry, ensuring that it starts automatically when Windows is turned on. Each victim's computer is assigned a unique ID (helps to get the password). It is almost impossible to decrypt the data. You can pay money to attackers, but no one guarantees that you will receive the password.

[email protected] / [email protected]

Two email addresses that often accompanied ransomware in 2016. They serve to connect the victim with the attacker. Addresses were attached to a variety of types of viruses: da_vinci_code, no_more_ransom, and so on. It is highly not recommended to contact, as well as transfer money to scammers. Users in most cases remain without passwords. Thus, showing that attackers ransomware works, generating income.

Breaking Bad

Appeared at the beginning of 2015, but actively spread only a year later. The principle of infection is identical to other ransomware: installation of a file from an email, data encryption. Conventional antiviruses usually do not notice the Breaking Bad virus. Some code cannot bypass Windows UAC, so the user is still able to restore previous versions of documents. The decoder has not yet been presented by any company developing anti-virus software.

XTBL

A very common ransomware that has caused trouble for many users. Once on a PC, the virus changes the file extension to .xtbl in a matter of minutes. A document is created in which the attacker extorts money. Some varieties XTBL virus cannot destroy files to restore the system, which allows you to return important documents. The virus itself can be removed by many programs, but it is very difficult to decrypt documents. If you own a licensed antivirus, use technical support by attaching samples of infected data.

Kukaracha

The Kukaracha cipher was spotted in December 2016. A virus with an interesting name hides user files using the RSA-2048 algorithm, which is highly resistant. Kaspersky Anti-Virus identified it as Trojan-Ransom.Win32.Scatter.lb. Kukaracha can be removed from the computer so that other documents are not infected. However, infected ones are almost impossible to decrypt today (a very powerful algorithm).

How ransomware works

There are a huge number of ransomware, but they all work on a similar principle.

1. Hit on Personal Computer. As a rule, thanks to the attached file to the e-mail. The installation is initiated by the user himself by opening the document.
2. File infection. Almost all types of files are encrypted (depending on the virus). A text document is created that contains contacts for communication with intruders.
3. All. The user cannot access any document.

Remedies from popular laboratories

The widespread use of ransomware, which is recognized as the most dangerous threat to user data, has become an impetus for many antivirus labs. Every popular company provides its users with programs that help them fight ransomware. In addition, many of them help with the decryption of documents protected by the system.

Kaspersky and encryption viruses

One of the most famous anti-virus laboratories in Russia and the world today offers the most effective means to combat ransomware viruses. The first obstacle for the ransomware virus will be Kaspersky Endpoint Security 10s latest updates. The anti-virus simply will not allow the threat to enter the computer (however, new versions may not be stopped). To decrypt information, the developer presents several free utilities at once: XoristDecryptor, RakhniDecryptor and Ransomware Decryptor. They help to find the virus and pick up the password.

Dr. Web and ransomware

This lab recommends using them antivirus program, main feature which was file backup. The storage with copies of documents is also protected from unauthorized access by intruders. The owners of the licensed product Dr. Web, a call for help function is available in technical support. True, even experienced specialists cannot always resist this type of threat.

ESET Nod 32 and ransomware

This company did not stand aside either, providing its users with good protection against viruses entering the computer. In addition, the laboratory has recently released free utility with current databases - Eset Crysis Decryptor. The developers claim that it will help in the fight against even the newest ransomware.