Tutorials

Nigra is the name of a recently reported file encryptor that is considered to be a variant of Sojusz Ransomware. Cybercriminals behind the successful attack encrypt access to data and then attempt to extort money from victims for the decryption. Files encrypted by this infection will likely be altered according to this pattern [victim's ID>].[cybercriminals' e-mail address] or [victim's ID>].[filename] and the .nigra extension at the end. This means the affected file may appear like this .[9347652d51].[nigra@skiff.com].nigra or else wise. Note that the process of adding new extension to original filenames is only a visual formality and does not change the fact of file encryption in any way. Following complete encryption, the virus will leave a text file with decryption guidelines on a victim's desktop. The text note name by Nigra Ransomware has not been yet publicly disclosed, however, it is likely something same or similar to these examples -----README_WARNING-----.txt, #_README-WARNING_#.TXT, README_WARNING_.txt,!!!HOW_TO_DECRYPT!!!.txt, #HOW_TO_DECRYPT#.txt, #HOW_TO_DECRYPT#.txt.

Erqw Ransomware is a type of malware that encrypts the victim's files and demands a ransom payment in exchange for the decryption key. It belongs to the family of STOP Ransomware, that started its activity in 2017. This particular version appeared in the beginning of February 2023. The malware typically spreads through phishing emails, malicious software downloads, or exploiting vulnerabilities in the victim's computer or network. Once the malware infects a system, it will encrypt the victim's files and add the .erqw extension to the filenames. The attackers will then demand a ransom payment, often in the form of cryptocurrency, in exchange for the decryption key. Contact details and additional information is disclosed in ransom note file (_readme.txt). It is not recommended to pay the ransom as there is no guarantee that the attackers will actually provide the decryption key. Additionally, paying the ransom supports criminal activities and may make you a target for future attacks. Instead, victims of Erqw Ransomware should focus on removing the malware from their systems and restoring their files from a backup if possible. If you are unsure of how to do this, read this article from our team of trusted IT professionals and cybersecurity experts.

Notorious STOP Ransomware continues its distribution with minor modifications. Since the end of January 2023, new extension appeared: .assm. It encrypts victims' files the same way as hundreds of its predecessors. STOP Ransomware manages to infect tens of thousands of computers with each version, and new versions appear several times a week. At the same time, it distributes the AZORult trojan-stealer, which steals confidential information. It is capable of stealing various user data: information from files, browser history, passwords, cookies, online banking credentials, cryptocurrency wallets, and more. Virus modifies the hosts' file to block Windows updates, antivirus programs, and sites related to security news, selling antivirus software. This version of STOP Ransomware still uses the following e-mail addresses: support@freshmail.top and datarestorehelp@airmail.cc. Assm Ransomware creates _readme.txt ransom note file.

Sickfile Ransomware is a malicious infection that uses strong encryption to hold victims' data hostage and blackmail them into paying money for its decryption. If your files acquired the new .sickfile extension and lost their icons, then it is likely a sign indicating they have been encrypted successfully. The how_to_back_files.html file is where cybercriminals subsequently explain how to revert the effects of encryption – i.e., return access to data. Here is a full text presented within the note. Overall, threat actors say decryption is possible if victims contact the swindlers and pay for the special decryption software. The communication is to be established either through the attached link or one of the given e-mail addresses. In case victims fail to contact the cybercriminals within 72 hours, it is said the price for decryption will become higher. On top of that, extortionists threaten to leak the encrypted data to public resources or sell it to third-party figures in case no payment will be made eventually.

Qtumcoin.net is a fraudulent e-mail spam campaign targeting a large number of recipients worldwide. Its purpose is to trick inexperienced/unattentive users into opening a fake Qtum website and investing their money in it. The message's subject can display "Bitcoin Payment Successfull" (or a similar heading) and state an eye-catching text with information about a whopping amount of 85.7777 BTC that has been deposited to the user's Bitcoin wallet. To confirm the balance, threat actors say it is necessary to follow a link leading to the qtumcoin.net website. In fact, this webpage is fraudulent and should not be mistaken for the official Qtum cryptocurrency page - qtum.org. Scammers promoting this or similar fake pages use them to steal money from inexperienced users. E-mail is a very popular and cheap channel that gets constantly abused by cybercriminals to deliver countless fraudulent, unsolicited and even malicious letters. This is why it is important to be cautious when receiving e-mails from unknown and untrusted sources, especially if they contain requests for personal information or financial investments. Do not trust e-mail messages from unverified senders that contain flashy headlines and suspicious content offering to open or download something (be it attachments or links). Read our guide with useful tips on how to avoid such e-mail scam techniques and lower the chance of their delivery.

Bitenc is a new file encryptor originating from the Mallox ransomware family. Malware of this type is designed to encrypt victims' files and demand payment in exchange for the decryption key. Once Bitenc Ransomware infects a system, it will scan the system for potentially important file types (e.g., documents, images, videos, etc.) and write secure ciphers over the targeted data. In addition, the virus also appends its custom .bitenc extension. For instance, a file originally named 1.pdf will change to 1.pdf.bitenc and become no longer accessible. The appendance of new extensions is usually done to simply highlight the blocked data and make victims spot the effects of encryption. Following successful encryption, developers behind Bitenc Ransomware present their ransom demands within the FILE RECOVERY.txt text note which is created on the victim's desktop.

System UI not responding, "System UI isn't responding", "Unfortunately, System UI has stopped", and other similar UI-related error messages can unexpectedly appear on your Android device and prevent further interaction with it. UI stands for User Interface, and it is everything that involves interaction with device apps, features, content, and various functions. The issue when System UI stopped responding often appears in a pop-up window and prevents users from further display usage. As a result, your device will likely attempt to restart the System UI app itself in order to get your phone back to working properly. Unfortunately, while for some users this error appears only once due to a rare system glitch and does not come back, in other cases it may ring its presence again and interrupt users' experience continuously. This problem is regularly defined to be caused by corrupted cache or temporary files, lack of device memory, uninstalled updates, and even problematic third-party apps that create incompatibility issues. You can follow our guide with 5 potential solutions that will fix the "System UI isn't responding" error. Please note that the steps outlined in our instructions can look slightly different depending on your Android device.

Buddyransome is a ransomware virus that functions by encrypting access to data. Cybercriminals use its capabilities to restrict potentially important files and blackmail victims into paying money for full decryption. Victims can see the malicious change once targeted files get altered with the new .buddyransome extension – for instance, a file like 1.pdf will change to 1.pdf.buddyransome and reset its original icon after successful encryption. After this, a text note containing decryption instructions (HOW_TO_RECOVERY_FILES.txt) will be created. Victims are said all the significant data has been encrypted and is now at risk of being published to online resources. To prevent this and decrypt the blocked data, cybercriminals instruct to write an e-mail message to buddyransome@aol.com and include their personal ID by copy-pasting it from the generated note. After this, threat actors should respond with the price for decryption/non-disclosure of data and provide instructions on how to perform the payment.