How to decrypt files encrypted by Sarut ransomware

If you are infected with Sarut ransomware you can try to follow this guide to recover your files that were encrypted.
  1. Upload a sample encrypted file, possible email addresses used for ransom contacts and readme file HERE.
  2. Download STOPDecrypter tool (latest version HERE).
  3. Right click on it and run it as “Administrator”, then you should see this window:

4.  Click on “Select Directory”.

Select your folder(s) in which you have your encrypted file(s).
5.  Click on “Decrypt”.
6.  And then you can recover your files.
NOTE: The decryption of files depends on ransomware variant and on the type of the key used for the encryption. Usually when the files are encrypted with an offline key by Sarut ransomware is possible to decrypt them, instead with an online key, best is to backup your encrypted files and wait for others solutions in future. It is NOT guaranteed that you have your files back if you pay the ransom!

Progression from Stealth to Damage and Disruption

A decade or two ago, hackers were infiltrating the targeted network silently; they were waiting for the perfect moment to act and exit with no evidence left behind them. Thus, their attacks were unnoticeable and even the target companies hardly noticed that they were the victims of a cyber espionage or cyber-attacks. Hackers were lurking in the shadows…

However, during the last decade hackers changed their tactics. They started performing their malicious activities publicly. They no longer cared whether their identity would be revealed or not. In fact, some of them leave traces behind on purpose to be linked back to their activity.

The Most Famous Cyber-Attack Gone Public

It is the most feared cyber-attack so far and still an active threat – the notorious WannaCry ransomware.

wannacry-ransomware

Photo by zephyr_p/Fotolia

It created a big deal of chaos around the world and increased its reputation when it encrypted files of many businesses and asked for a ransom in cryptocurrency. Even though the ransom was paid, most victims could not access their files or they ended up being a victim again.

The WannaCry ransomware emerged when North Korea – according to accusations of UK and USA – took advantage of EternalBlue. As former U.S. National Security Agency employees affirmed, EtrenalBlue was NSA’s hacking tool. EternalBlue was used to increase infection rate of the WannaCry ransomware attack.

The motivation behind the attack is still a mystery: making money or showing North Korea’s cyber force…

Weeks Later Another Attack Occurred

Initially, NotPetya targeted Ukraine but it was spread across the world very quickly. It created around $10 billion of damage. NotPetya was working as a ransomware but it had no intention to restore the files on the infected computers. Any ransom paid by the victims were useless because there was no key created for decryption. Once again, USA, UK and other countries accused Russian hackers, who are supported by their state, for this cyber-attack.

Petya-ransomware

 

Both North Korea and Russia…

… deny and reject involvement with Wannacry and NotPetya attacks. In the past, hackers remained in stealth mode. Now, scaring people and creating chaos became a part of cyber-attacks. This also created a new arena for less powerful states, who compete with economically or militarily more powerful states, to show off their cyber skills.

At the state level, cyber-attacks may not aim your credit cards or personal details but your city’s infrastructure. Such attacks have already happened. The most known example is Stuxnet malware that targeted Iran’s nuclear plant. There is also TRITON malware that targeted Saudi Arabia’s oil and gas petrochemical plant. Lastly, the attack that occurred in Ukraine in December 2016. It took down the power grids and created darkness in people’s lives and took their heating during the harsh winter conditions.

Cyber-attacks whose aim are damage and disruption will most likely become a trend in the near future.

WannaCry: Still Threatening To Make You Cry

One and a half year later, WannaCry ransomware is still considered as one of the most serious threats in cyber world as well as the most widespread in the ransomware family. According to statistics, it has attacked 74,621 users worldwide.

Biggest Ransomware Epidemic in History

In May 2017, WannaCry caused one of the biggest ransomware epidemics in history and left devastating consequences. Its target were mostly businesses, factories and hospitals. WannaCry was unique because this was the first large ransomware attack targeted at the healthcare vertical and affected not only computers, but also many medical devices like MRI machines.

Unfortunately, latest data shows that it is still spreading uncontrollably.

WannaCry spreads via the use of the EternalBlue exploit, a leaked NSA hacking tool with worm-like capabilities.

Microsoft released a patch to protect systems from the exploit almost two months before WannaCry hit, but unfortunately, many organizations still hadn’t applied the update, leaving their network vulnerable.

Attackers know the power of EternalBlue, and still regularly deploy it to help spread trojans, cryptocurrency miners and other malware campaigns.

wannacryyyy

Created by Jemastock – Freepik.com

Continuing Threat

The ending is not near. EternalBlue is still threatening unpatched and unprotected systems.

Many security experts are now concerned that the original version of WannaCry might not be the most urgent threat. It is rather the ability of hackers to reengineer and refine the malicious piece of software.

Many firms are still struggling to act a year after WannaCry, with IT security employees saying that their companies are more exposed than it was a year ago. It seems that there was panic immediately after the WannaCry attack, but nothing has changed since.

According to one of the studies, 62% of UK companies responded immediately after the attack and 38% redefined the process for reacting to security incidents. However, many businesses are still struggling with basic systems management tasks, such as patching, which are critical to preventing future attacks.

Lack of Awareness

One of the most crucial factors in enabling ransomware or any other type of malware to spread is lack of awareness. Senior leadership teams fail to realize how exposed their companies are to cyber threats. They also often fail in educating their employees about the dangers of cyber threats and ways to protect themselves.

Another crucial factor is that companies still don’t have backups of their critical data.

Companies should not let their guard down. They need to plan ahead to tackle the newest threats, making it difficult for attackers to be successful at their job.

Antivirus and Antimalware Protection is a Must

Even though, the situation is serious there is no need to panic. You are safe with Zemana AntiMalware and Zemana AntiLogger. Both products are designed to protect you from all types of ransomware, including WannaCry.

Years of careful ransomware character investigation helped Zemana in developing the best possible anti-ransomware tool. For that, Zemana AntiMalware has been rated as the best ransomware protection for years by MRG Effitas.

In case you are not yet a user of Zemana products, just go here, download any of Zemana products and stay ransomware free. Get the proactive protection that will make your mind worry free.

A Leading Media Company, Media Prima Attacked by Ransomware

Ransomware Hits Again

It seems the situation is not getting any better because there are more and more major companies and networks reporting to have been victims of ransomware attacks.

The most recent one is Malaysia’s leading media company, Media Prima, a company that runs TV, radio channels, newspapers and digital media. In the past four days, its computer systems have been breached and infected with ransomware. The attackers are demanding 1 000 bitcoins, which is around US$6.45 million.

How Does Ransomware Work?

When a ransomware attacks occurs, it encrypts all your system and your files until you pay the ransom. You get instructions on the screen on how to do it. The payment is done in Bitcoin. Many pay he ransom in hopes of retreating their data.

However, usually there is a timer attached to the Ransomware lock that ticks down to when the files become lost forever. Yes, this happens too. Ransomware can start destroying all the keys required for decryption if you don’t pay the ransom by given deadline.

Aside from offsite backups, there are no alternatives available today to recover the files without paying the ransom – and once the keys are destroyed, the files are gone forever.

Latest News

Latest information show that this attack was most probably designed specially to target Media Prima. We don’t have the exact information on whether Media Prima’s data has been breached, and whether the media group would be suffering financial losses due to the ransomware attack.

Some sources claim that Media Prima’s office email has been affected but that the company has migrated the email to another system. For now, Media Prima is not considering paying the ransom.

Businesses: Ransomware’s New Target

Ransomware attacks are getting more agile, complex and widespread. They have increasingly started targeting businesses of all sizes in all sectors, rather than consumers.

One of the attackers’ most common and favorite ways to spread ransomware is by sending malicious emails to employees of the company. Once they open the email or sometimes even click on the link in the email, the ransomware starts automatically downloading in the background.

The ease with which it can be shared, and spread is precisely one of the reasons why ransomware is becoming more and more popular among cyber criminals. Attacks have been spread to mobile devices through the help of different banking Trojans.

We cannot emphasize and highlight enough the importance of individual companies educating their own employees on how to identify a ransomware attack before becoming a victim.

Luck is not something you should rely on when it comes to ransomware because it can happen to any company. The consequences can be potentially catastrophic, because such an attack could destroy business if offline backups haven’t been stored.

Ransomware Turning Into a Business

The ransomware distribution techniques are running like a business today. Developing, buying, selling, trading and distributing different ransomware variants enabled hackers to create micro-economies that turned into a global network. The main reason for this is the fact that hackers realized they can get huge sums of money this way.

This image was designed by Vectorpocket and can be found at https://www.freepik.com

Created by Vectorpocket – Freepik.com

Protect Yourself in Time

The most important thing to keep in mind is that you should not wait for ransomware to attack you or your business. Protect your corporate network as well as your home devices in time. Install a necessary antivirus solution and enhance your protection with an anti-malware solution, that will serve as an additional layer of your protection.

Together, they will detect any suspicious behavior on your devices and block it immediately, keeping your data safe from anyone who wants to invade your privacy and keeping you from becoming another victim.

All You Need to Know About Cerber Ransomware

What is Cerber ransomware?

Cerber is one of the most active kinds of ransomware. It encrypts the files of its victims and demands money in exchange for giving access to their files back. It works even if you are not connected to the Internet, so you can’t stop it by unplugging your PC.

Just like any other type of ransomware, Cerber virus generally attacks via phishing emails and exploit kits. Once your PC is fully infected and your files encrypted, you are met with a message that gives instructions on how to decrypt them. The ransom is demanded in bitcoins with the promise you will gain access to your files once you pay the fee.

In July 2016, active Cerber ransomware campaigns delivered via exploit kits successfully infected roughly 150,000 users worldwide.

How Does it Work?

Earlier version of Cerber renamed encrypted files with a .cerber extension. Newer versions now add a random file extension. Cerber finds its way inside your system by employing the help of a Trojan horse virus. It is most commonly distributed via emails.

Usually, you would receive an email in your inbox with either some form of attachment or a link to some website in it. The Trojan virus will typically be inside the attached file – this could even be a Word file – and will proceed to download the ransomware, as soon as you have opened the said file. Same goes for the link, if that has been the case – it will redirect you to a website from which Cerber may be downloaded from.

What Is So Special About Cerber?

Cerber doesn’t target all countries. Countries such as Armenia, Azerbaijan, Belarus, Georgia, Kyrgyzstan, Kazakhstan, Moldova, Russia, Turkmenistan, Tajikistan, Ukraine and Uzbekistan are safe from this ransomware because if the computer appears to be from any of the following countries, it will terminate itself and not encrypt the computer.

Cerber virus works based on Ransomware-as-a-Service business model, which means that affiliates can join in order to distribute the ransomware, while the Cerber developers earn commission from each ransom payment.

Will I Get My Data Back If I Pay The Ransom?

To ensure victims can make the payment, attackers provide you with instructions on how to make the payment in Bitcoin.

There is this possibility of paying the ransom to the hackers. But there’s no guarantee it will work, because cyber-criminals aren’t exactly the most trustworthy group of people.

Also, paying the ransom may encourage these bad guys to continue and even expand their operations. We strongly suggest that you do not send any money to these cyber criminals, and instead address to the law enforcement agency in your country to report this attack.

Designed by Vectorpouch and can be found at https://www.freepik.com

Created by Vectorpouch – Freepik.com

How To Prevent Cerber Ransomware From Infecting My PC?

To prevent Cerber or any other type of malware from infecting your PC, it is crucial to have an antivirus software installed on your PC as a basic protection together with an antimalware protection that will serve as an additional layer of protection. Also, you need to have backup for your personal documents.

Cerber Removal

Unfortunately, once your PC has been infected and your data encrypted, you cannot recover them. Hackers behind the Cerber ransomware claim you will get your data back once you pay the ransom but noone can guarantee this will happen.

Antivirus and antimalware software can only remove the infection from your PC or they can block it/prevent it from infecting your PC if you were wise enough to have them installed on time. However, they cannot recover your encrypted files. Therefore, it is highly important to protect your files on time.

If you are using Zemana AntiMalware premium version (which comes with 15-days free trial), it will protect you by blocking the Cerber ransomware on time. This way, it will prevent it from infecting your PC.

However, if you decide to continue using the Trial and do not wish to purchase the Premium subscription at the end of the trial, your Zemana AntiMalware program will disable premium features. All other (basic) features will remain unchanged. This means that you will no longer be protected from Cerber, but you will still be able to scan your PC with Zemana AntiMalware, which will detect Cerber and block it.

Therefore, the best prevention against Cerber virus is installing the right protection solution even before you get infected.

Zemana AntiMalware As A Cerber Removal Tool

According to MRG Effitas, Zemana AntiMalware has proved to be the best anti-ransomware software on the market.

If you are looking for a solution that will help you in removing Cerber, it is important to note that Zemana AntiMalware is compatible with any antivirus software that you might have on your PC and will run alongside it without any conflicts.

Below you can find a guide on how to detect and remove this ransomware with Zemana AntiMalware.

STEP 1: Download Zemana AntiMalware here.

STEP 2: Once download, install the software on your PC. You can do this by double-clicking on ZAM program icon on your desktop or in your download files.

STEP 3: Press the ”Scan” button.

zma english UI

STEP 4: When the scan is complete, click “Next”.

STEP 5: Restart your computer if you are prompted to do so.

 

What is GoldenEye Ransomware?

GoldenEye has often been referred to as the king of ransomware, because it is considered as probably the worst ransomware ever created.

GoldenEye is a variant of the notorious Petya ransomware that also takes advantage of the same EternalBlue exploit to spread from one device to another. It encrypts the entire hard disk drive and denies you access to your computer.

How Does It Work?

GoldenEye encrypts certain files on your computer as well as the hard drive itself.

GoldenEye variant goes one step further than Petya ransomware because it has two layers of encryption. One of them individually encrypts target files on the computer, and the other one encrypts NTFS structures, preventing victim PCs from being booted up and retreiving stored information or samples.

GoldenEye is distributed using a spam email message. It takes place after a victim opens an infected email and enables macro settings.

If you get infected you will see the following image of a skull on a yellow background. Under the skull, there is a short text that says: ”Press any key!”

Untitled

If you press any key, the text with instructions on how to pay the ransom and retrieve your data will appear on your screen:

What Is So Special About GoldenEye?

The latest version of this ransomware was detected to be the German version. While Petya was designed to encrypt the data, GoldenEye was specifically designed to destroy them.

The user is unable to access the Windows operating system until the ransom is paid via the TOR Browser. The TOR page requires a CAPTCHA to access, the user is then presented with a page in which the personal identifier must be entered.

After the encryption process has been completed, the ransomware has a specialized routine that forcefully crashes the computer to trigger a reboot that renders the computer unustable until you pay the ransom of $300.

It has had its biggest impact on companies in Ukraine.

Will I Get My Data Back If I Pay The Ransom?

There is a possibility of paying the ransom to the hackers. But does not mean you will get your data back, because GoldenEye was specifically created to destroy all data.

How To Prevent GoldenEye Ransomware From Infecting My PC?

To prevent Petya, GoldenEye or any other type of malware from infecting your PC, it is crucial to have an antivirus software installed on your PC as a basic protection together with an antimalware protection that will serve as an additional layer of protection. Also, you need to have backup for your personal documents.

GoldenEye Removal

Unfortunately, once your PC has been infected and your data encrypted, you cannot recover them. Antivirus and antimalware software can only remove the infection from your PC or they can block it/prevent it from infecting your PC if you were wise enough to have them installed on time. However, they cannot recover your encrypted files. Therefore, it is highly important to protect your files on time.

If you are using Zemana AntiMalware premium version (which comes with 15-days free trial), it will protect you by blocking the Cryptolocker ransomware on time. This way, it will prevent it from infecting your PC.

However, if you decide to continue using the Trial and do not wish to purchase the Premium subscription at the end of the trial, your Zemana AntiMalware program will disable premium features. All other (basic) features will remain unchanged. This means that you will no longer be protected from Petya, but you will still be able to scan your PC with Zemana AntiMalware, which will detect Petya and block it.

Therefore, the best prevention against Petya virus is installing the right protection solution even before you get infected.

Zemana AntiMalware as a GoldenEye Removal Tool

 According to MRG Effitas, Zemana AntiMalware has proved to be the best anti-ransomware software on the market and the most efficient in blocking Petya and Petya variants on your PC:

 petya_

 If you are looking for a solution that will help you in removing GoldenEye, it is important to note that Zemana AntiMalware is compatible with any antivirus software that you might have on your PC and will run alongside it without any conflicts.

Below you can find a guide on how to detect and remove this ransomware with Zemana AntiMalware.

STEP 1: Download Zemana AntiMalware here.

STEP 2: Once download, install the software on your PC. You can do this by double-clicking on ZAM program icon on your desktop or in your download files.

STEP 3: Press the ”Scan” button.

ffff

STEP 4: When the scan is complete, click “Next”.

STEP 5: Restart your computer if you are prompted to do so.

 

Interested in Petya ransomware? Learn more here.

What is Alpha Crypt Virus?

Alpha Crypt is a file-encrypting ransomware program that targets all version of Windows. It is a variant of Tesla Crypt ransomware. It was first released at the end of April 2015.

Alpha Crypt usually targets different video games. Some of the targets are: RPG Maker, Call of Duty, Dragon Age, StarCraft, MineCraft, World of Warcraft, World of Tanks, and Steam.  However, you should keep in mind that Alpha Crypt can also encrypt your documents and images as well.

 How Does It Work?

After the successful infiltration, Alpha Crypt encrypts files found on the victim’s computer using the AES CBC 256-bit encryption algorithm. It spreads via the Angler exploit kit and creates a randomly named executable file in the %AppData% folder, after which it performs a scan for all available drives, including removable media, network shares, and DropBox mappings. Once all drives are located, it begins locking files using AES encryption and deletes Shadow Volume Copies to prevent data restoration.

What Is So Special About Alpha Crypt Virus?

When a file is encrypted by Alpha Crypt ransomware it will change the file extension to .ezz. Victims will not be able to access files encrypted by the Alpha Crypt virus. The ransomware may also delete Shadow Volume Copies of files so that victims won’t be able to recover encrypted files.

When the encryption has finished, you will receive a note with information on how to pay the ransom and decrypt your files.

Will I Get My Data Back If I Pay The Ransom?

There is a possibility of paying the ransom to the hackers. But there’s no guarantee it will work, because cyber-criminals aren’t exactly the most trustworthy group of people. Also, paying the ransom may encourage these bad guys to continue and even expand their operations. We strongly suggest that you do not send any money to these cyber criminals, and instead address to the law enforcement agency in your country to report this attack.

How Did I Get Infected With Alpha Crypt Virus?

You can get infected from prohibited torrent files, malicious advertisements, and on websites that host malware. However, Alpha Crypt ransomware is usually distributed through fraudulent email message content and email attachments.

What you need to keep in mind is that if you open the attachment which is being distributed through the Angler Exploit Kit you will trigger Alpha Crypt ransomware simply by running the .exe file which will then install it.

How To Remove Alpha Crypt From a PC?

According to MRG Effitas reports, one of the best anti-ransomware tools is Zemana AntiMalware and you can download it for free (it comes with 15-days free trial). It will successfully detect Alpha Crypt on your PC and remove it.

However, if you decide to continue using the Trial and do not wish to purchase the Premium subscription at the end of the trial, your Zemana AntiMalware program will disable premium features. All other (basic) features will remain unchanged.

Zemana AntiMalware as an Alpha Crypt Removal Tool For Your PC

You have to remove this malware permanently. Zemana AntiMalware will effectively detect and completely remove this malware from your computer.

To do so, please follow the steps below:

STEP 1: Download and run Zemana Antimalware.

STEP 2: Once download, install the software on your PC. You can do this by double-clicking on ZAM program icon on your desktop or in your download files.

STEP 3: Press the “Scan” button.

STEP 4: When the scan is complete, click “Next”.

STEP 5: Restart your computer if you are prompted to do so.

zma english UI