Ransomware   

If you have found yourself unfortunate enough to be hit by a virus that demands payment to deencrypt your files, I can help.  Email ransomware@shaunoconnor.co.uk with your situation, and I will reply with a cost for recovering your files remotely.  Below are some of the ransomware virus I have dealt with in the past successfully, without having to pay the culprits.

The fix comes in two parts, firstly remove the virus in its entirety, and then decrypt your files.  I can also show you how to backup in such a way that if you are ever hit again, you never have to pay anyone again (either the bandits who wrote the malware, or someone like me to help you regain your precious data)

Virus Name
 
How to identify
ApocalypseVM If your files have been encrypted and renamed to *.encrypted or *.locked with ransom notes named *.How_To_Decrypt.txt, *.README.txt or *.How_To_Get_Back.txt created for each encrypted file. The ransom note asks you to contact "decryptionservice@inbox.ru" or "decryptdata@inbox.ru" and contains a personal ID.
 
Apocalypse If your files have been encrypted and renamed to *.encrypted with ransom notes named *.How_To_Decrypt.txt created for each encrypted file. The ransom note asks you to contact "decryptionservice@mail.ru".
 
AutoLocky if your files have been encrypted and renamed to *.locky, but the file base name is still unchanged, and you find a ransom note named info.txt or info.html on your Desktop.
 
BadBlock If your files have been encrypted but not renamed. The malware identifies itself as BadBlock both in the red ransomware screen as well as in the ransomnote "Help Decrypt.html" that can be found on the Desktop.
 
CryptoDefense If the malware identifies itself as CryptoDefense and leaves ransom notes named HOW_DECRYPT.txt behind
 
CryptInfinite if your files have been encrypted and renamed to *.CRINF.
 
DMALocker if your files have been encrypted but not renamed. The malware identifies itself as DMA Locker and the ID is "DMALOCK 41:55:16:13:51:76:67:99".
 
DMALocker2  If your files have been encrypted but not renamed. The malware identifies itself as DMA Locker and the ID is "DMALOCK 43:41:90:35:25:13:61:92"
.
Gomasom If files have been encrypted, renamed to *.crypt and the file name contains an email address to contact.
 
Harasom If your files have been converted into *.html files and the ransom note pretends to originate either from Spamhaus or the US Department of Justice.
 
HydraCrypt If your files have been encrypted and renamed to either *.hydracrypt* or *.umbrecrypt*.
 
KeyBTC if you find a ransom note called DECRYPT_YOUR_FILES.txt on your system that asks you to contact keybtc@inbox.com for decryption.
 
LeChiffre If your files have been encrypted and renamed to *.LeChiffre and the ransom note asks you to contact decrypt.my.files@gmail.com via email.
 
Nemucod If your files have been renamed to *.crypted and you find a ransomnote named DECRYPT.txt on your desktop.
 
PClock If your files have been encrypted without a change in file extension, the malware identifies itself as "CryptoLocker" and you find a "enc_files.txt" in your user profile directory.
 
Radamant If your files have been encrypted and renamed to either *.rdm or *.rrk.
 
Xorist If your files have been encrypted by the Xorist ransomware. Typical extensions used by Xorist include *.EnCiPhErEd, *.0JELvV, *.p5tkjw, *.6FKR8d, *.UslJ6m, *.n1wLp0, *.5vypSa and *.YNhlv1. The ransom note can usually be found on the Desktop with the name "HOW TO DECRYPT FILES.txt".
 
777 If your files have been encrypted and renamed to *.777.