"Encryption viruses" - instructions for women in accounting. Wanna Cry file encryptor virus - how to protect yourself and steal data How to protect yourself from WannaCry

• Over 200,000 computers have already been infected!

The main targets of the attack were directed at the corporate sector, which also included telecommunications companies in Spain, Portugal, China and England.

• The heaviest blow fell on Russian traders and companies. This includes Megafon, RZ and, for unconfirmed information, the Investigative Committee and the Ministry of Internal Affairs. Oschadbank and the Ministry of Health also reported attacks on their systems.

For deciphering the data, the criminals demand a ransom of 300 to 600 dollars in bitcoins (about 17,000-34,000 rubles).

How to install official Windows ISO image 10 without wiki media creation tool

Interactive infection map (CLICK ON MAP)
Vikno with a high price
Encrypts files in the latest extensions

Regardless of the targeting of the virus by attacks in the corporate sector, the average consumer is also not immune to WannaCry penetration and possible loss of access to files.

• Instructions for protecting your computer and data from a new type of infection:

1. Complete the installation using Kaspersky System Watcher, which is equipped with a built-in function to recover changes that were released from the encryptor, which managed to bypass the protection.

2. Antivirus users from Kaspersky Lab are advised to check that the System Monitoring function is enabled.

3. Antivirus users in ESET NOD32 for Windows 10 have been provided with the function of checking for new available OS updates. If you picked it up from afar and it was turned on, then everything you need is new Windows Update will be installed and your system will be completely protected from the WannaCryptor virus and other similar attacks.

4. Also, ESET NOD32 products have a function in the program that detects unknown threats. This method is based on the use of behavioral, heuristic technologies.

If a virus behaves like a virus, it is more likely that it is a virus.

The technology of the ESET LiveGrid security system with version 12 successfully repelled all attacks against this virus, and all this was done even before updating the signature databases.

5. ESET technologies protect a wide range of devices running the latest Windows XP, Windows 8 and Windows Server 2003 systems ( We recommend that you use data recovery from these older systems). Due to the high level of threat to the OS, Microsoft has decided to release an update. Entice them.

6. To reduce to a minimum the threat of damage to your PC, it is necessary to update your Windows versions 10: Start - Settings - Updates and Security - Check if updates are available (in other cases: Start - All Programs - Windows Update - Search for Updates - Download and Install).

7. Install the official patch (MS17-010) from Microsoft, which fixes the SMB server, through which a virus can penetrate. This server activities in this attack.

8. Make sure that all relevant security tools are running and running on your computer.

9. Check the viruses of your entire system. In case of a naked, mischievous attack under the name MEM: Trojan.Win64.EquationDrug.gen, restart the system.

Once again I recommend that you check to ensure that patches MS17-010 are installed.

Currently, Kaspersky Lab, ESET NOD32 and other anti-virus products are actively working on writing programs for decrypting files that will help investigators of infected PCs to improve access to files.

It continues its oppressive course through Merezha, infecting computers and encrypting important data. How to protect yourself from an encryptor, how to protect Windows from a wiper - what patches and patches have been released to decrypt and disable files?

New encryption virus 2017 Wanna Cry continues to infect corporate and private PCs. U Damages from the virus attack amount to 1 billion dollars. Over the past 2 years, the encryption virus has infected the least 300 thousand computers no matter what, come in without worry.

Encryption virus 2017, what is it- As a rule, you can “subscribe”, it would seem, on some of the most advanced sites, for example, bank servers with bank account access. Having spent on hard drive victims, the encryption tool “settles” in system dad System32. The program immediately turns on the antivirus and goes to “Autostart”" After skin re-infection, encryption program runs before the registry starting your black on the right. The encryptor begins to attract similar copies of programs like Ransom and Trojan. It also often happens self-replication of the encryptor. This process can be a mitigation, or it can be ongoing - until the victim is considered unkind.

The encryption tool often disguises itself as original pictures and text files, Ale essence is always the same - These are concatenated files with extensions.exe, .drv, .xvd; Inodes – libraries.dll. Most often the file carries a completely innocent name, for example “ document. doc", or " picture.jpg", the extension is written manually, and true type of log file.

After the encryption is completed, the computer replaces known files by typing “random” characters in the middle of the name, and changing the extension to something unknown - .NO_MORE_RANSOM, .xdata and others.

Encryption virus 2017 Wanna Cry - how to get caught. I would like to immediately point out that Wanna Cry is a collective term for all encryption viruses and hackers, which still infect computers most often. Ozhe, mova pіde pro s protect from Ransom Ware encryption tools, such as: Breaking.dad, NO_MORE_RANSOM, Xdata, XTBL, Wanna Cry.

How to steal Windows from encryption. – EternalBlue via SMB port protocol.

Windows protection against encryption 2017 – basic rules:

• Windows update, current transition to a licensed OS (note: the XP version is not updated)
• updating anti-virus databases and firewalls as needed
• there is a limiting respect for any files that are possessed (kick miles can result in the loss of all data)
• Back up important information to a replacement device.

Encryption virus 2017: how to corrupt and decrypt files.

By relying on antivirus software, you can forget about the decryptor for an hour. In the laboratories Kaspersky, Dr. Web, Avast! and other antiviruses for now no solution found to clean up infected files. on Narazi It is possible to detect the virus using an additional antivirus, but there are still no algorithms to turn everything back to normal.

Activities can be used to create decryptors using the RectorDecryptor utility type., but I can’t help you: the algorithm for decrypting new viruses is not yet complete. It is also absolutely unknown how the virus will behave, since it will not be seen again after the cessation of such programs. Often this can result in the erasure of all files - for science, those who do not want to pay the evildoers, the authors of the virus.

For a moment ourselves in an efficient way the spent tributes were turned back - the whole money was spent until now. support for anti-virus programs if you are a vikorist. For this purpose, send a sheet, or quickly use a form for the call of the bell on the virobnik website. The attachment is obligated to add file encryption, as it is a copy of the original. This will help programmers develop an algorithm. Unfortunately, for the rich, the virus attack is a complete disaster, and there are no copies, which makes the situation much more complicated.

Cardiac methods for disinfecting Windows using encryption. Unfortunately, sometimes it is necessary to completely format the hard drive, which requires another change of the OS. If there is a significant decline in the idea of ​​updating the system, if you don’t let the virus escape, then the files will still be unencrypted.

Close to a decade or two ago, a worm virus of current virus makers appeared, which encrypts all the files of the client. Soon I’ll look at how to disable your computer after an encryption virus encrypted000007 and update encrypted files. In this edition, nothing new or unique has appeared, just a modification of the previous version.

Decryption of files is guaranteed after an encryptor virus - dr-shifro.ru. Details of the work and the scheme of interaction with the assistant are below in the article or on the website in the section “Procedure of work”.

Description of the encryption virus CRYPTED000007

The CRYPTED000007 encryption tool is in no way different from its predecessors. The situation is practically one on one. However, there are still a number of nuances that raise concerns. Let's talk about everything in order.

Arrive here, like its analogues, by mail. Adopt social engineering techniques so that pros will immediately click on the page and open it. My entry in the sheet included information about which court and important information on the right side of the insert. After launching the account account, an Orda document with a certificate from the Moscow Arbitration Court is opened.

At the same time, file encryption starts from the document’s password. It begins to gradually collect information from the Windows cloud storage control system.

In case of need with the proposition, then backup copies of files from shadow copies of Windows will be visible and updating information will be even more difficult. Obviously, it is impossible to wait with the proposition every time. Whose encryptor should you ask to dig out gradually, one by one, and don’t stop, it’s really worth it and delete the backup copies. This is superior to previous modifications of encryptors. I haven’t tried this yet, so I need to drink it to see shadow copies went without a hitch. Call, after 5-10 propositions the stench began to kick in.

I will give you a quick recommendation for next month. It is very common for people to turn on advanced data control systems. There is no need for any timidity. This mechanism can really help against common viruses. The friend is obviously pleased - don’t constantly work under cloud record computer administrator, as there is no need for it. In this case, the virus cannot be very harmful. You will have a better chance of standing up to the youma.

If you have consistently responded negatively to the encryptor’s input, all your data is already encrypted. Once the encryption process is complete, you will see a picture on your desktop.

At the same time, there will be no text files on your desktop with this very place.

Your files are encrypted. To decrypt ux, you need to enter the code: 329D54752553ED978F94|0 to your email address [email protected]. Then you will follow all the necessary instructions. We won’t be able to decipher the jokes on our own except for the irrevocable number of information. If you still want to try it, then make backup copies of files more than once, otherwise you will end up with decryption that costs no effort. If you haven’t made a tax return at the specified address for 48 years (and even in this situation!), please use the form of the return card. This can be done in two ways: 1) Download and launch Tor Browser as instructed: https://www.torproject.org/download/download-easy.html.en.onion/ and press the Enter key. The side with the shape of the collar is emphasized. 2) In any browser you do not register at one address: http://cryptsen7fo43rr6.onion.to/ To write files, you must read the following code: 329D54752553ED978F94|0 before email address [email protected]. Then you will receive all necessary instructions. All aspects of your business will result in no waste of your data. If you want to ask them, you can quickly make sure that you do not make any changes in the middle of the files. If you do not receive notifications from e-mail messages for more than 48 years (and just in that case!), please contact Vikorist. You can do it in two ways: 1) Download Tor Browser from here: https://www.torproject.org/download/download-easy.html.en Install it and type following address in address bar: http:/ /cryptsen7fo43rr6.onion / Press the Enter key and on the page with the backback form will be loaded. 2) Go to one of the following addresses in any browser: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/

Postal addresses are subject to change. I have also collected the following addresses:

• [email protected]
• [email protected]

Addresses are constantly updated, so they may be completely different.

As soon as you have discovered that the files are encrypted, immediately shut down your computer. This needs to be done to interrupt the encryption process. local computer, and on edged disks. An encryption virus can encrypt all the information it can reach, including on interconnected disks. If there is a great need for information there, then I need an important time for it. Sometimes, within a couple of years, the encryptor could encrypt everything on a storage disk with a capacity of approximately 100 gigabytes.

Then you need to think carefully, like in life. If you need information on your computer and you don’t have backup copies, then it’s best to turn to the fakers at this point. Not obligatory for pennies from any company. We just need people who are kind enough to understand information systems. It is necessary to assess the scale of the disaster, remove the virus, collect all available information about the situation in order to understand what happened next.

Incorrect actions at this stage can significantly complicate the process of decrypting and updating files. A severe seizure can make it difficult for you. So don’t rush, be careful and consistent.

How the virus virus CRYPTED000007 encrypts files

Once your virus is running and has completed its activity, all the original files will be encrypted and renamed expanded.crypted000007. Moreover, not only the file extension will be replaced, but also the file name, so you don’t know exactly what kind of files you have, since you don’t remember. The picture will look something like this.

In such a situation, it will be important to assess the scale of the tragedy, because you will not be able to guess what was in your various folders until the end. This was done specifically to beat the people out of the pantelik and sponucate them before paying for decryption of the files.

And if you have encrypted temporary folders and do not have additional backups, then you may end up ruining the work of your entire organization. You won’t immediately understand what has been wasted in order to begin renewal.

How to use your computer and view the file CRYPTED000007

The virus CRYPTED000007 is already on the computer. The first and the most smut food- how to disable a computer and how to remove a virus from it in order to prevent further encryption if it has not yet been completed. I have great respect for those that once you start doing things on your computer, the chances of decrypting the data will change. If you need to update files, don’t scrape your computer, but immediately turn to professionals. We will tell you more about them and send the message to the website and describe the scheme of their work.

In the meantime, continue to clean your computer and remove the virus yourself. Traditionally, encryption programs are easily removed from the computer, since the virus has no chance of being lost on the computer. After completely encrypting the files, it is best to log out and log in so that it is more important to investigate the initiative and decrypt the files.

Describe hand-made It’s important to the virus that I want to work before, but I know that most often it’s stupid. The names of the files and the routes where the virus is located are constantly changing. Those that I learned are no longer relevant in a week or two. If viruses are sent by mail, there will soon be a new modification that is not yet detected by antiviruses. Additional universal functions are available, such as checking autorun and detecting suspicious activity in system folders.

To detect the CRYPTED000007 virus, you can quickly use the following programs:

1. Kaspersky Virus Removal Tool - a utility from Kaspersky http://www.kaspersky.ru/antivirus-removal-tool.
2. Dr.Web CureIt! - Similar product in the same way. web http://free.drweb.ru/cureit
3. If the first two utilities do not help, try MALWAREBYTES 3.0 - https://ua.malwarebytes.com.

You can pay for everything you can do from these products to clean your computer using the CRYPTED000007 encryption tool. If you are so busy that the stench cannot be helped, try removing the virus manually. I have shown the technique in the application and you can admire it there. To put it briefly, the steps required are as follows:

1. We can see the list of processes that were previously added by the task manager.
2. We know the process of the virus, we open the folder, then sit and delete it.
3. Clearly the mystery about the virus process on the file name in the registry.
4. It can be reinstalled and rebuilt, but the CRYPTED000007 virus is not on the list of running processes.

De enchant decryptor CRYPTED000007

The power supply of a simple and reliable decryptor comes to us first, if there is an encrypting virus on the right. First, whatever I please, please use the service https://www.nomoreransom.org. And they will have a decryptor for your version of the encryptor CRYPTED000007. I’ll tell you right away that your chances are slim, unless you try it won’t fail. On the main page click Yes:

Then grab a couple of encrypted files and press Go! Find out:

At the time of writing, there was no decoder on the site.

Perhaps you could be spared more. You can also check out the list of decryptors for encryption on the other page - https://www.nomoreransom.org/decryption-tools.html. Perhaps, there will be some beautiful ones there. If the virus is still fresh, there is little chance of it, but it may appear sooner rather than later. Yes, if decryptors have appeared before any modifications of the encryption machines. This application is on the indicated page.

Where else you can find a decoder, I don’t know. It is unlikely that it is really possible to understand the particularities of the work of current encryption tools. A full-fledged decryptor may be lost from the authors of the virus.

How to decrypt and update files after a virus CRYPTED000007

What should you do if the CRYPTED000007 virus encrypts your files? The technical implementation of encryption does not allow decrypting files without a key or a decryptor, which is only available from the author of the encryptor. There may be another way to remove it, but I don’t have such information. We no longer have to try to update the files manually. Before these:

• Tool shadow copies windows.
• Program for updating deleted data

First, let's check that we have dark copies enabled. This tool works in Windows 7 and above, as long as you have not enabled it manually. To check the power of the computer, go to the system protection section.

If at the time of infection you did not confirm the UAC request for remote files in shadow copies, you will lose your data there. The report on this will prompt me to find out about the germ of the virus if I know about the virus.

To manually update files from shadow copies, I use the speedy method cost-free program for whom - ShadowExplorer. Loot the archives, unzip the program and run it.

The remaining copy of the files and the root of drive C will be displayed. In the top left corner, you can select the backup copy that you have. Check different copies for clarity required files. Check the dates for the latest version. The application below has 2 files on the desktop that are three months old, if they were edited.

I was able to update these files. For which I have chosen, pressed right button by selecting Export and specifying the folder where to export them.

You can update folders using the same principle. If you have made dark copies and have not deleted them, you have a good chance of recovering all or even all files encrypted with a virus. Perhaps some of them will be larger old version, we would like it less, but it’s not less, it’s better, it’s nothing.

If for any reason you do not have shadow copies of files, you lose the only chance to remove what you want from encrypted files - update them using additional update methods from deleted files. For this reason, I encourage you to quickly use the cost-free Photorec program.

Launch the program and select the disk on which you will save the files. Launching the graphical version of the program and compiling the file qphotorec_win.exe. It is necessary to select the folder where the found files will be located. In short, because this folder is located on the wrong drive, where we think. Connect the flash drive or externally harsh disk for someone.

The process of searching is trivatime for a long time. For example, you will get more statistics. Now you can go to the previously designated folder and see what you find there. There will be a lot more files, and most of them will be corrupted, either system or internal files. In this list you can find some of the original files. There are no longer any guarantees here; whatever you find, you will find. The most beautiful, as a rule, are the images.

If you are not satisfied with the result, then you can also use programs to update deleted files. Below is a list of programs that I can call vikorist if you need to maximize the number of files:

• R.saver
• Starus File Recovery
• JPEG Recovery Pro
• Active File Recovery Professional

The programs are not costless, so I do not send any instructions. Thankfully, you can find them yourself on the Internet.

The entire process of updating files shows detailed information about videos, such as statistics.

Kaspersky, eset nod32 and others in the fight against the Filecoder.ED encryptor

Popular antivirus software means CRYPTED000007 encryption code Filecoder.ED And further there may be some other designations. I went through the forums of the main antiviruses and didn’t find anything useful there. Unfortunately, as in the past, antiviruses turned out to be unprepared for the advent of a new wave of encryptors. Information about the Kaspersky forum.

Antiviruses traditionally miss new modifications of encryption Trojans. I recommend that you try them out. Luckily for you, you receive an encryptor in your mail not the first time you get infected, but later, there is a chance that the antivirus will help you. Everything is working hard behind the evildoers. A new version of the virus is released, antivirus software does not react to it. As more material accumulates to track the new virus, antivirus software releases updates and begins to respond to the new virus.

It is not clear to me that it is important for antiviruses to react promptly to any encryption process in the system. It is possible that there is a technical nuance on this topic that does not allow us to adequately respond to and avoid encryption of client files. I think you might want to talk about what is encrypting your files and start the process.

Where to go for guaranteed decryption

I had the chance to meet one company that actually decrypts data after the work of various encryption viruses, including CRYPTED000007. Here are the addresses - http://www.dr-shifro.ru. Payment only after complete decryption and verification. Zrazkov axis robot diagram:

1. The company's representative will come to your office or wake-up call and sign an agreement with you, which states your work responsibilities.
2. Launches the decryptor and decrypts all files.
3. You will be redirected to the fact that all files will be opened and you will sign the act of delivery/receipt of these robots.
4. Payment is blaming for the fact of successful decryption result.

I’ll be honest, I don’t know how to stop the stench, but you’re not risking anything. Payment only after demonstration of the decoder robot. Please write a review about your relationship with this company.

Methods to protect against the virus CRYPTED000007

How can you protect yourself from the work of the encryptor and get by without material and moral problems? A bunch of simple and effective joys:

1. Backup! A backup copy of all important data. And not just a backup, but a backup without any permanent access. Otherwise, the virus can infect both your documents and backup copies.
2. Licensed antivirus. I don't want to give a 100% guarantee, otherwise the chances of breaking the encryption will increase. The stinks are most often not ready for new versions of the encryptor, but after 3-4 days they begin to react. This improves your chances of avoiding infection if you haven’t used the new modification of the encryptor in the first place.
3. Do not open suspicious mailboxes. There is nothing to comment on here. In all my knowledge, the coders reached the merchants through the post office. Moreover, new tricks are immediately being invented to fool the victim.
4. Do not mindlessly open messages sent to you from your friends through social measures chi messenger. This is how viruses spread in the same way.
5. Remove from windows image file extension This is easy to find on the Internet. This allows you to mark the file extension on the virus. Most often it will be .exe, .vbs, .src. In everyday work with documents, you are unlikely to encounter such file extensions.

Having tried to complement what I wrote earlier in the article about the encryption virus. In the meantime, I say goodbye. I will be very respectful for the article and the encryption virus CRYPTED000007 in general.

Video with decryption and updating of files

Here is an example of an advanced modification of the virus, but the video is also relevant for CRYPTED000007.

A new series of attacks against the encrypting virus was unleashed, among the victims of Russian snakes and Ukrainian companies. In Russia, Interfax was damaged by the virus, but the attack reached only a part of the agency, fragments of its IT services were able to turn on part of the critically important infrastructure, according to the source. Russian company Group-IB. They named the virus BadRabbit.

The deputy director of the agency, Yuriy Pogoriliy, spoke about the unprecedented virus attack on Interfax on his Facebook page. Two satellites to Interfax confirmed to Vidomosti that the computers were connected. Following the words of one of them, the blocked screen visually predicts the result of the action of the Petya virus. Having attacked Interfax, the virus is ahead of the curve, so it is not possible to manage to decrypt the files on its own, and requires paying a ransom of 0.05 Bitcoin ($285 at yesterday's rate), for which it requests a special site from the Tor network. The virus gives the encrypted computer a personal identification code.

As a result of the encryption virus, Interfax suffered from two more Russian snakes, one of which was from the St. Petersburg-based Fontanka, as Group-IB knows.

The chief editor of Fontanka, Oleksandr Gorshkov, told Vedomosti that the Fontanka servers were attacked by invisible criminals. Ale Gorshkov sings that there is no mention of an encrypting virus attack on Fontanka: the computers of the Russian editorial office are functioning, the server that was responsible for the operation of the site was hacked.

They supported “Interfax” in Great Britain, Azerbaijan, Belarus and Ukraine, as well as the “Interfax-religion” website to continue to work, telling “Vedomosti” Pogorily. It’s not a zrosumil, the cause of the cluser did not stick out the same pieszdiliv, it is possible, it is possible to say the Topology “iznterfax”, the Tim, de Teriferially expected to be server, and the operational system, Yaka was risen on them, to say VIN.

The Ukrainian Interfax reported on Tuesday about a hacker attack on the Odessa international airport. The airport on its side advised passengers “for the benefit of longer service hours,” but, judging by its online scoreboard, it still continued to fly and accept flights.

I also reported about the cyber attack to my Facebook account of the Kiev metro - there were problems with paying the fare with bank cards. Front News reported that the metro was under attack by an encryption virus.

Group-IB is working on the new epidemic. Over the past few months, two rounds of encryption virus attacks have taken place: on June 12, the WannaCry virus appeared, and on June 27, Petya virus(also known as NotPetya and ExPetr). The stench penetrated the computer from the operating room Windows system, where updates were not installed, they were encrypted instead hard disks they got $300 for decryption. As was explained earlier, Petya did not even think about decrypting the victims’ computers. The first attack hit hundreds of thousands of computers in more than 150 countries, and another – 12,500 computers in 65 countries. Russians also became victims of the attacks. Megaphone », Evraz , « Gazprom"ta" Rosneft" Even before the virus, Invitro medical centers suffered because they did not take tests from patients for many days.

Petya may have collected just over $18,000 in the second month. One of its victims is the Danish logistics giant Moller-Maersk, estimating the loss of revenue from a cyber attack at $200-300 million.

Among the Moller-Maersk subsidiaries, the main blow fell on the Maersk Line, which is engaged in the sea transportation of containers (in 2016, Maersk Line earned $20.7 billion in revenue, the subsidiary has 31,900 employees).

Business came quickly after the attack, but companies and regulators lost their guard. So, in case of a possible cyber attack, the encryptor was ahead of the directors of its branches, the Federal Intermediate Company ES (which operates the Trans-Russian electrical grid), and after a few days, Russian banks withdrew a similar advance from Fin CERT (the structure of the Central Bank that deals with cybersecurity).

The new encrypting virus attack was also flagged by Kaspersky Lab, due to fears that most of the victims of the attack are in Russia, and even those infected are in Ukraine, Turkey and Germany. All signs indicate that this is a direct attack on corporate networks.

And on the thought of antivirus Eset company, Encryptor is still a relative of Petya. I was vikorist in the attack Discount program Diskcoder.D – price of a new modification of the encoder.

Pogoriliy informed that Interfax had Symantec antivirus installed on its computers. Representatives of Symantec did not approve the interview with Vidomosti.

Today's technologies allow hackers to constantly develop ways to cheat hundreds of thousands of people. As a rule, for these purposes, vikorist is a virus program that penetrates the computer. Encryption viruses are especially dangerous. The threat lies in the fact that the virus will quickly spread everywhere, encrypting files (the user simply cannot open the document). And if it’s easy to get data, it’s much more difficult to decipher the data.

What to do if a virus encrypts files on your computer

It is possible for those who have high security anti-virus software to succumb to an encryptor attack. Trojan file encryptors are represented by different codes, which may not be effective for an antivirus. Hackers still manage to attack great companies in this way because they have not been careful about the necessary protection of their information. Also, having purchased an encryption program online, you need to go through a series of steps.

The main signs of infection are cleaning the computer and changing the names of documents (can be marked on the desktop).

1. Restart your computer to break the encryption. Before you wake up, do not confirm the launch of unknown programs.
2. Launch the antivirus if you are unaware of the encryption attack.
3. Shadow copies can help you update information in some cases. To find them, open the “Authorities” of the encrypted document. This method uses encrypted data from the Vault extension, which is information on the portal.
4. Pretend the utility remaining version to fight encryption viruses. The most effective ones are presented by Kaspersky Lab.

Encryption viruses in 2016: applications

When fighting against any virus attack, it is important to understand that the code is often changed, updated new zahist type of antivirus. Of course, the protection programs will need every hour until the software update the base. We have selected the most secure encryption viruses at all times.

Ishtar Ransomware

Ishtar is a coder who extracts pennies from the merchant. The virus appeared in the spring of 2016, infecting a large number of computers in Russia and other countries. It expands with the help of an email feeder, which contains documents (installers, documents, etc.). Infected with the Ishtar encryptor, the name has the prefix “ISHTAR”. In the process, a test document is created, where it is determined where to go to retrieve the password. The criminals extort between 3,000 and 15,000 rubles for new ones.

The problem with the Ishtar virus is that today there is no decoder that would help the hackers. Companies that develop antivirus software need an hour to decipher the entire code. The infection can be limited to the isolation of important information (especially important) on the whole nose, waiting for the output of the utility to decrypt documents. It is recommended to reinstall operating system.

Neitrino

The Neitrino encryption tool appeared in the vastness of Merezha in 2015. The principle of the attack is similar to other viruses of a similar category. Change the naming of folders and files to "Neitrino" or "Neutrino". Decrypting a virus is important - not all representatives of anti-virus companies undertake this task, relying on a very complex code. Current clients can get help from updating their dark copy. To do this, right-click on the document to encrypt the document, go to “Authorities”, the “Later Versions” tab, click “Updates”. We will not say that the utility from Kaspersky Lab will be fast and cost-free.

Wallet or .wallet.

The Wallet encryption virus appeared at the end of 2016. During the infection process, the name of the data is changed to “My wallet” or something similar. Like most encrypting viruses, they reach the system through attachments in electronic sheets, which the criminals spread. Remnants of the virus threat have only recently appeared, and antivirus programs do not detect it. After encryption, a document is created in which the shakhray indicates the postage for communication. Currently, anti-virus software developers are working on decrypting the code of the encrypting virus [email protected] Koristuvachs who recognized the attacks will lose their check. Since this data is important, it is recommended to save it for a new storage by cleaning the system.

Enigma

The Enigma encryption virus began to infect the computers of Russian investors around the end of 2016. The AES-RSA encryption model is being exploited, which is common among most viruses these days. The virus penetrates the computer through a script that is launched by the user who opens files from a suspicious email. There is no universal way to combat the Enigma encryption program. Customers who hold an antivirus license can ask for help on the vendor's official website. A small "trap" was also discovered - Windows UAC. If you are aware of the “No” stamp at the end that appears during the virus infection process, you may want to update the information using shadow copies.

Granit

The new Granit encryption virus appeared in Merezhi in the spring of 2016. The infection occurs in the following scenario: the user launches the installer, which infects and encrypts all data on the PC, as well as connected storage devices. Fighting the virus is difficult. To do this, you can quickly use special Kaspersky utilities, but you have not yet been able to decrypt the code. It may be possible to help by updating previous versions of these data. By the way, you can decipher the fake, which is a great evidence, but service comes at a high price.

Tyson

I've been tagged recently. Є extensions of the already known encryption tool no_more_ransom, which you can find out about on our website. Appears on personal computers by e-mail. A lot of corporate PCs were affected by the attack. The virus creates text document with instructions for unlocking and then paying the ransom. The Tyson encryption tool has recently appeared, and there is still no key to unlock it. The only way to update information is to turn previous versions, as the stench did not recognize the virus. You can, of course, lose money by transferring money to the scammers, but there is no guarantee that you will revoke the password.

Spora

At the beginning of 2017, Nizka Koristuvachiv became a victim of the new Spora encryption tool. In terms of its operating principle, it is not much different from its counterparts, but it can boast of professional wikis: the password recovery instructions are simpler, the website looks beautiful. The Spora encryption virus was created on MOV C, using RSA and AES encryption to encrypt the victim’s data. The attack was discovered, as a rule, by computers that are actively engaged in vikorism accounting program 1C. The virus, disguised as a simple file in the .pdf format, is threatening the company's employees to launch it. Likuvannya has not yet been found.

1C.Drop.1

This encrypting virus for 1C appeared in 2016, destroying the work of a large number of accounting departments. Developed specifically for computers on which vikors are used security software 1C. After following the additional file on the electronic sheet to the PC, he tells the owner to update the program. If you don’t press the button, the virus will continue to encrypt your files. The Dr.Web scammers are working on decryption tools, but no solution has been found yet. The reason for this is the folding code, which can be in several modifications. The benefit of 1C.Drop.1 is to eliminate the need for correspondents and regularly archive important documents.

da_vinci_code

A new encryption tool with a unique name. The virus appeared in the spring of 2016. The forwarders are distinguished by a shortened code and a strong encryption mode. da_vinci_code infects the computer directly with the Windows add-on (usually up to electronic sheet), which koristuvach independently launches. The “da Vinci code” encryption tool copies the body to the system directory and registry, securing automatic start at the hour of Windows shutdown. The victim's computer is given a unique ID (this helps to recover the password). It is practically impossible to decipher the data. You can pay pennies to the scammers, but no one can guarantee that your password will be removed.

[email protected] / [email protected]

Two email addresses that were often used by encryption viruses in 2016. The stench itself serves to bind the victim to the evildoer. Addresses were given to them different species viruses: da_vinci_code, no_more_ransom and so on. It is not recommended to get involved, or transfer money to shahrays. Customers of great deprivation will be deprived of passwords. In this manner, they show that the cipher operators of the evildoers work, bringing in income.

Breaking Bad

Having already appeared at the beginning of 2015, it has actively expanded beyond the river. The infection principle is identical to other encryptors: installation of a file from an electronic sheet, encrypting the data. Most antiviruses do not detect the Breaking Bad virus. This code cannot bypass Windows UAC, so you may be able to update the latest versions of documents. The same company has not yet presented a decryptor, as it dismantles the antivirus software.

XTBL

Even more expansions are made by the encryptor, who is in charge of inconveniences for the rich koristuvachs. Once infected on a PC, the virus will change the file extension to .xtbl. A document is being created from which the evildoer extracts money. Some versions of XTBL cannot protect files for system updates that allow you to return important documents. The virus itself can be removed using a variety of programs, but documents can be decrypted even more easily. If you are the owner of a licensed antivirus, get some technical support by adding signs of infected data.

Kukaracha

The “Cucaracha” cipher was first marked in 2016. The virus with the following name enters client files using the RSA-2048 algorithm, which is highly resistant. Kaspersky Antivirus has marked it as Trojan-Ransom.Win32.Scatter.lb. Kukaracha can be removed from the computer so that the infection does not recognize other documents. Today it is practically impossible to decrypt prote infections (even a very difficult algorithm).

How does an encryption virus work?

It is obvious that there are no encryption tools, but they work on a similar principle.

1. Got on personal computer. As a rule, the attached file is closed to the electronic sheet. The installation is initiated by the client himself, who opens the document.
2. Infected files. All types of files can be encrypted (they are susceptible to viruses). A text document is created in which contacts with the criminals are indicated.
3. That's it. Koristuvach cannot grant access to the required document.

Methods of control in popular laboratories

The wide range of encryption tools, which are considered to be the most dangerous threats for these companies, has become a staple for rich anti-virus laboratories. A very popular company provides its clients with programs to help them fight against encryptors. In addition, many of them help with decrypting documents using system protection.

Kaspersky and encryption viruses

One of the most famous anti-virus laboratories in Russia and the world demonstrates today's most effective methods for combating malicious viruses. The first update for the encryption virus is Kaspersky Endpoint Security 10 the remaining updates. The antivirus simply does not allow a threat to enter your computer (although new versions may not be detected). To decrypt information, the decryptor presents a number of software-free utilities: XoristDecryptor, RakhniDecryptor and Ransomware Decryptor. They help you detect the virus and select a password.

Dr. Web and encryption tools

This laboratory recommends using them antivirus program The main feature of this was the backup of files in the Storage with copies of documents that were stolen from unauthorized access by criminals. To the owners of the licensed product Dr. Web function available for additional help technical support. True, and the evidence of the fahivists will not be able to withstand this type of threat.

ESET Nod 32 and encryption tools

This company has not lost its way by ensuring its employees are protected from the penetration of viruses onto the computer. In addition, the laboratory recently released cost-free utility From current databases - Eset Crysis Decryptor. Researchers claim that they will help in the fight against the latest encryptors.