Tutorials

An e-mail message that tries to convince recipients that they need to "Reconfirm Shipping Documents" is likely a phishing letter that should be avoided and not interacted with. Note that such spam campaigns can send phishing messages with varying content and deceiving techniques. However, the one that got under our examination showed "SWIFT PAYMENT" in the subject line and urged victims into opening two attached HTML files (PAYMENT SLIP.HTML and PAYMENT SLIP2.HTML). After opening, both attachments required users to enter their credentials (often e-mails & passwords) for alleged confirmation purposes. Please note that all the claimed information in this message is fake and the attachments are phishing. This means they are capable of recording the data upon its input without the consent of users. If entered credentials are correct, they can therefore be abused for accessing related accounts (such as in social media). As a result, cybercriminals can exploit the accessed accounts to scam other people or distribute malicious links/files. Apart from the "Reconfirm Shipping Documents" e-mail spam, a plethora of other spam campaigns exist on the web. While some of them are designed to steal personal information (e.g., credit card details, e-mails, passwords, etc.), others can spread malicious attachments that install a virus (like ransomware). Never trust suspiciously-looking messages, and do not download files from shady and unknown senders. If you become a victim of "Reconfirm Shipping Documents" e-mail spam, make sure to change your login credentials and scan your system with an anti-malware tool from our guide below. Read our guide below to learn how to keep your e-mail protected and spam-free.

SethLocker is a recently-discovered ransomware infection. Cybercriminals use it to run encryption of potentially important files and then urge victims into paying money for their decryption. As opposed to many other similar infections that add their own extension to the end of filenames, SethLocker does run any visual alterations and leaves all files and icons in their original look. Despite this, the data is nonetheless encrypted and victims are prevented from accessing it. To return the blocked data, threat actors have written instructions in a text note called HOW_DECRYPT_FILES.txt. It says all essential files have been encrypted due to a vulnerability within the system. In order to redo the malicious changes, victims are obliged to contact the swindlers via one of their e-mail addresses and pay money for decryption. The price for decryption is not disclosed in the message, however, cybercriminals claim it to be "too small". In addition, victims are also allowed to send one non-valuable file and get it decrypted for free. This way cyber-crooks show their ability to decrypt the files and additionally give extra motivation for paying the ransom. Note that paying the ransom is usually not recommended since some extortionists fool their victims and do not send any decryption tools after the payment.

DVN is a ransomware infection that runs strong encryption to hostage potentially important files until a ransom is paid. In addition to encryption, the virus also assigns the .devinn extension to highlight the blocked data; changes the desktop wallpapers; and create the unlock_here.txt text note with recovery instructions. Cybercriminals say they will provide the necessary decryption software only if victims pay 0.0077 BTC (around $200). It is stated the payment can be done only in Bitcoin and to the attached crypto address. Unlike many other ransomware infections, developers behind DVN Ransomware do not include any means of communication with them (e.g., e-mail, various messengers, etc.). Thus, it is very unclear how victims will communicate with the attackers in order to receive the promised decryption tool after making the payment. Paying the ransom is highly not recommended since there is a risk of not getting anything in return. Unfortunately, we have to note that cybercriminals are usually the only figures actually capable of fully decrypting access to data.

Fofd Ransomware (version of STOP Ransomware or DjVu Ransomware) is a high-risk widespread encryption virus, that first appeared near 5 year ago. It experienced several visual and technical changes throughout the time. In this tutorial, we will analyze recent versions of this dangerous malware. In the very end of April 2023, STOP Ransomware started to add following extensions to encrypted files: .fofd. It is because of that, it got the name "Fofd Ransomware" although it is just one of the varieties of STOP crypto-virus. The virus also modifies "hosts" file to block Windows updates, antivirus programs, and sites related to security news or offering security solutions. The process of infection also looks like installing Windows updates, malware shows the fake window, that imitates the update process. A new subtype of STOP Ransomware uses same e-mail addresses, as few previous generations: support@freshmail.top and datarestorehelp@airmail.cc. Fofd Ransomware creates _readme.txt ransom note file.

WannaCry (also referred to as Wcry, Wana Decrypt0r 2.0, WanaDecryptor, and WNCRY virus) is a ransomware infection that encrypts personal files using AES-128 algorithms and demands victims to pay for decryption. The virus was discovered by a security researcher S!Ri and there are a couple of known WannaCry variants. Depending on which variant attacked the system, files affected by encryption will be altered using the .wcry, .wncry, or WNCRYT (for encrypted .bmp files). For instance, a file like 1.pdf will change to 1.pdf.wcry or similarly depending on the ransomware version. Following this, the virus displays decryption instructions in a force-opened pop-up window. One of the variants changes the desktop wallpapers as well. The Wana Decrypt0r 2.0 variant also creates a separate ransom-demanding note called @Please_Read_Me@.txt.

If your files recently got .foty extensions, that means your PC is infected with an encryption virus called Foty Ransomware (part of STOP Ransomware or Djvu Ransomware family, called so because the first versions of the virus of this type appended .djvu extension). This is a very widespread and actively distributed malware. Ransomware initially used the AES-256 encryption algorithm, and there was no way for decryption. However, if during the encryption process the infected PC was out of the internet, or connection with a remote server of hackers was interrupted your files can be decrypted, using methods provided below. STOP Ransomware has a ransom note called _readme.txt. In this text file, malefactors give contact information and details on how to make a payment. The virus copies it on the desktop and in the folders with encrypted files. Hackers provide following contacts, e-mails: support@freshmail.top and datarestorehelp@airmail.cc.

Foza Ransomware is a devastating encryption virus from the series of STOP Ransomware (Djvu Ransomware). Foza Ransomware is a variant of the STOP/Djvu Ransomware family, which is known for using a combination of two encryption algorithms: RSA and AES. RSA is used to encrypt the symmetric AES key that is generated for each file. This means that each file has its own unique AES key, which is used to encrypt and decrypt the file's contents. The RSA key pair is generated by the ransomware on the victim's computer and the public key is sent to the attacker's server, which is then used to encrypt the symmetric AES key. It has got its name from .foza extension, that ransomware adds to the end of encrypted files. From a technical point of view, the virus remains the same as previous versions. Only thing that changes during past couple of years is contact details of malefactors.

Some users may encounter an App Store error saying Cannot Connect to App Store or Unable to connect to the App Store. As a result, this problem prevents iPhone/iPad owners from using the market, and downloading, re-installing, and updating apps. The reason why this error occurs is most often related to some connection or server issue. For example, users may not have the proper Internet connection, or App Store servers could be temporarily down as well. In some cases, it may also be a software issue when iPhone/iPad needs to be updated for the error to get resolved. Our guide below features multiple solutions that you can try to remove the error and get App Store back to working again. We advise you to follow each method in the sequence below until one of them eventually turns down the error.