Losers ransomware

Losers ransomware is a recently discovered file-encrypting malware that uses a sophisticated encoding algorithm to lock various types of files stored on the affected computer. In order to prevent users from opening and using files, crypto-malware appends .losers file extension. Malware executable has been noticed spreading via free DVD burning software called Burn4Free. However, other distribution channels might be used as well. Apart from encrypting files, Losers might also create several system changes, modify Windows Registry, create new files or download other malicious content. It might use lots of RAM and CPU too. Thus, the computer becomes sluggish, programs might not work properly, and browser might open suspicious websites.

Just like other ransomware-type infections, Losers malware also delivers data recovery instructions and demands to pay the ransom. Currently, the virus downloads the HOWTODECRYPTFILES.txt file. Once the malicious Losers ransomware payloads are on the computer, it initiates the infection process. The ransomware ensures its sustainable presence on the PC by creating files and accessing different system libraries that allow it to perform various functions. The Losers ransomware associated files may plague essential Windows OS folders like:


Afterward, it initiates scanning process and encrypts all files set as its target utilizing the AES-256 encryption algorithm. The encrypted files are marked with the malicious extension .losers at the end of their names. Crypto viruses like Losers usually target commonly used and important file types – various multimedia files (audio, video, and photos), backup images, configuration files, office documents and more. Some of the captured samples were shown to encrypt a generic list of file type extensions.

The note of the Losers ransomware states that your files are encrypted and a ransom of 500 US dollars in the Bitcoin cryptocurrency should be paid to retrieve the decryption key. However, it is better to avoid any payments to criminals and try to recover encrypted files via alternative methods such as recovering from back up provided in total security products such as Max Total Security. There is no guarantee that criminals will send a working solution after the payment is transferred.

Kerkoporta Ransomware

The Kerkoporta Ransomware campaign relies on spam emails to deliver the threat payload. The Kerkoporta Ransomware is a dysfunctional file locker, which originates from Greece and is not capable of encrypting any files on the victim’s computer currently. However, according to code, the threat will modify the files by appending the ‘.encryptedsadly’ extension to their names. Although this might make some files a tad more difficult to access, it is an issue that can be resolved quickly by getting rid of the ‘.encryptedsadly’ extension and restoring the file’s original name.

After the Kerkoporta Ransomware renames all suitable files, it will spawn a ransom note, which urges the victim to pay a ransom sum of $100 by using either a Paysafecard or an Amazon Gift Card. The message of the attackers is seen in a new program window, and it is written in Greek, but also can be translated into English. Below the ransom message, the users will find a field to enter the code from the Amazon Card or Paysafecard, and that will unlock their computers supposedly.

Kerkoporta Ransomware uses numerous ways to extort money from innocent user and even scare user by saying, non payment of money may leads to severe data loss or even corrupt your system too. You will notice complete changes in entire system’s appearance and will even modify or delete valuable info and data. Beside that, it will mix up its code in the boot sector aiming to get added every time when ever PC get rebooted. Apart from encrypting data files it also cases several other issues in your computer. It makes your system very slow and also causes security issues by opening a backdoor for other viruses.

You may want to know that the Kerkoporta Ransomware is not a simple screen locker as it includes remote access capabilities, which means that a threat actor can access data, run and terminate programs on compromised machines. Computer users who might encounter the Kerkoporta Screen Locker are advised to sever access to the Internet and use an up-to-date anti-malware suite such as Max Total Security that can eliminate the Kerkoporta Ransomware.