Windows 10: New Variant for STOP ransomware with a different extension of .igvm?

Split from this thread.i got the same problem with a different extension of .igvm wahat shoul i do????????

:)

 

Osiris Ransomware belongs to a batch of variants of the Locky Ransomware

Any files that are encrypted with the Locky (.OSIRIS) ransomware variant will be renamed with random alpha-numerical characters and have the
.osiris extension appended to the end of the encrypted data filename (i.e. 11111111--1111--1111--FC8BB0BA--5FE9D9C2B69A.osiris) and leave files (ransom notes) named DesktopOSIRIS.bmp, DesktopOSIRIS.htm, OSIRIS-[4_numbers].htm, OSIRIS-[4_numbers].htm
as explained
here.

Most crypto malware ransomware is typically programmed to automatically remove itself...the malicious files responsible for the infection...after the encrypting is done since they are no longer needed. That explains why many security scanners
do not find anything after the fact. The encrypted files do not contain malicious code so they are safe. Unfortunately, most victims do not realize they have been infected until the ransomware displays the ransom note and the files have already
been encrypted. In some cases there may be no ransom note and discovery only occurs at a later time when attempting to open an encrypted file. As such, they don't know how long the malware was on the system before being alerted or if
other malware was downloaded and installed along with the ransomware. If other malware was involved it could still be present so be sure to perform full scans with your anti-virus.

If your antivirus did not detect and remove anything, additional scans should be performed with other security programs like

Malwarebytes 3.0,
HitmanPro and
Emsisoft Anti-Malware. You can also supplement your anti-virus or get a second opinion by performing an

Online Virus Scan...ESET is one of the more effective online scanners.

Note: Disinfection will not help with decryption of any files affected by the ransomware.

Unfortunately, there is no known way at this time to decrypt files encrypted by any Locky variants regardless of the extension without paying the ransom...see this

Locky Ransomware FAQ.

There is an ongoing discussion in this topic where victims can post comments, ask questions and seek further assistance. Other victims have been directed there to share information, experiences and suggestions.

• Locky Ransomware (Zepto) Support and Help Topic - _HELP_instructions.html

When or if a solution is found, that information will be provided in this support topic and you will receive notification if subscribed to it.

 

Files encrypted by Extension (.ghfghfghfgh) ransomware

Globe Ransomware will leave files (ransom notes) named How to restore files.hta but it uses a different extension so you may be dealing with a new variant or something entirely new.

I suggest you read and follow these instructions...How to Post a Topic Asking for Help With
Ransomware

Samples of any encrypted files, ransom notes or suspicious executables (installer, malicious files, attachments) that you suspect were involved in causing the infection can be submitted
here with a link to the new topic you start asking for assistance. Doing that will be helpful with
analyzing and investigating by our crypto experts.

These are some
common folder variable locations malicious executables and .dlls hide:

%SystemDrive%\ (C:\)

%SystemRoot%\ (C:\Windows, %WinDir%\)

%Temp%\

%AllUserProfile%\

%UserProfile%\

%AppData%\

%LocalAppData%\

%ProgramData%\

 

Files encrypted by TeslaCrypt (.vvv extension) ransomware

You're computer is infected with a newer variant of
TeslaCrypt/Alpha Crypt.

The following is a copy/paste of another reply of quietman7 MS MVP in another Bleeping Computer thread:

http://www.bleepingcomputer.com/forums/t/598923/cryptolocker-telsadecoder/

QUOTE

You are dealing with a newer variant of
TeslaCrypt/Alpha Crypt. TeslaCrypt includes several known versions with various extensions for encrypted files to include: .ecc, .ezz, .exx, .zzz, .xyz, .aaa, .abc, .ccc., .vvv...as described

here. Some of the new variants are
disguised as CryptoWall.

Any files that are encrypted with the newer variant of TeslaCrypt will have the
.exx, .xyz, .zzz, .aaa,
.abc, .ccc or .vvv extension appended to the end of the filename. The .aaa/.abc/.ccc/.vvv variants leave .html, .txt, files (ransom notes) with names like RECOVERY_FILE_*****.txt, restore_files_*****.txt, recover_file_*****.txt,
HOWTO_RESTORE_FILES_*****.txt, howto_recover_file_*****.txt, _how_recover_*****.txt, how_recover+***.txt (where * are random characters). More information in these BC news articles:

• New TeslaCrypt version adds .VVV extension to encrypted filenames.
• New TeslaCrypt version with .CCC extension Released

A repository of all current knowledge regarding TeslaCrypt,
Alpha Crypt and newer variants is provided by
Grinler (aka
Lawrence Abrams), in this topic:
TeslaCrypt and Alpha Crypt Ransomware Information Guide and FAQ

Information about and support for decrypting files affected by Alpha Crypt & TeslaCrypt ransomware can be found in this topic:

• TeslaDecoder released to decrypt .EXX, .EZZ, .ECC files
  encrypted by TeslaCrypt

There is an ongoing discussion in this topic where you can ask questions and seek further assistance.

• New TeslaCrypt version that uses the .EXX extension Support & Discussion

Rather than have everyone start individual topics, it would be best (and more manageable for staff) if you posted any questions, comments or requests for assistance in that topic discussion. Doing that will also ensure you receive proper assistance from
our crypto malware experts since they may not see this thread.

UNQUOTE

===================================================================

Also please see the replies of
RickCP

here:
http://answers.microsoft.com/en-us/protect/forum/protect_defender-protect_scanning/files-encrypted-by-teslacrypt-ransomware/77b05496-fb09-4e01-ab36-db92213dd825?page=2&msgId=c26b605a-420f-40bc-9541-584492bab180

and

here:
http://answers.microsoft.com/en-us/protect/forum/mse-protect_scanning/ransomhtmltescryptd/163bb48e-4932-4296-bc0c-18e25732e2a8?msgId=db3497db-8c32-4241-9c9c-4e08bf793457

Cheers,

J

Later EDIT: Pls see RickCP's UPDATED INFO (January 2016) here:
http://answers.microsoft.com/en-us/protect/forum/protect_defender-protect_scanning/files-encrypted-by-teslacrypt-vvv-extension/77b05496-fb09-4e01-ab36-db92213dd825?page=2&msgId=0c010b83-a5a8-441f-8950-a268dd83ea18