Tutorials

Payroll Timetable is a malicious e-mail campaign designed to trick users into downloading a devastating trojan called TrickBot. Developers in charge of this campaign send thousands of identical messages representing fake information about some payroll timetable. By impersonating the name of a legitimate company named PricewaterhouseCoopers and pretending to be its employees, cybercriminals encourage users to review some "irregularities" by opening the attached file. Such text is usually random to users and simply meant to raise curiosity for opening a malicious attachment in .docx, .xls, or other MS Office formats. If you ever receive a message accompanied by some attachment, chances are, this is an attempt to deliver a virus infection. The distributed TrickBot trojan is meant to record sensitive information (e.g., passwords, usernames, e-mails, etc.) and use it for stealing related accounts. The scope of cybercriminals is especially towards various finance-related applications, such as pocket banks or crypto-wallets. Unfortunately, if you trusted the Payroll Timetable e-mail message and opened the attached document, then your system is more likely infected. Use our guide below to avert the damage by running complete deletion of the infection.

JiangLocker is a recent ransomware infection. Alike other malware of this type, it is designed to restrict access to potentially important pieces of data by running secure encryption. During this process, the virus assigns all blocked data with the .jiang extension. To illustrate, a file previously named 1.pdf will change to 1.pdf.jiang and reset its original icon. Following this, JiangLocker changes the desktop wallpapers, displays a pop-up window, and creates a text note called read.ini. The text note duplicates information given inside the pop-up window.

Cyberone is quite a recent ransomware infection that runs encryption of data and asks victims to pay 1 Bitcoin for its decryption. While blocking access to system-stored data, the virus assigns its own .cyberone extension, making all file icons blank. For instance, a file originally named 1.pdf will change to 1.pdf.cyberone and become no longer accessible. Note that most Cyberone versions we have observed can be decrypted for free with the help of a decryption tool released by Avast. You can find more information about it in the article below. After completing encryption, the last piece of the last to start blackmailing victims is the creation of ___RECOVER__FILES__.cyberone.txt and the display of a pop-up window containing decryption guidelines written by cybercriminals.

Diamond Ransomware is a malicious infection designed to encrypt system-stored data and blackmail victims into paying the ransom for its return. While running encryption, the virus renames all targeted files with the .diamond extension. This is simply a visual change meant to highlight the fact that users' system has been infected. Following this, ransomware developers create HOW TO RECOVER ENCRYPTED FILES.TXT - a text file containing decryption instructions.

Many users can receive various kinds of phishing e-mail letters that try to spread malware or steal account credentials. One of such e-mail scams can be a letter sent from a fake automated e-mail address ostensibly belonging to Dropbox. Developers behind this scam attempt to deceive inexperienced users into clicking on a highlighted hyperlink that represents a chain of links in multiple PDF documents. One of such links leads users to a forged Microsoft sign-in page. The opened scam page, therefore, asks users to enter their login credentials. If such details are given on a fake page, they will be easily recorded by scam developers and more likely used for stealing access to various Microsoft-associated accounts (examples are Office, Skype, Outlook, OneDrive, and so forth). Furthermore, in case the provided credentials were used for registering other accounts around the web, cybercriminals may try to fit them for accessing those accounts as well. If eventually became a victim of such or a similar scam, immediately change your password to prevent threat actors from exploiting your account. Note that Dropbox e-mail scams and other phishing letters may vary in the content they present, however, their purpose usually remains the same - to bait users into clicking on links/files and entering certain details. As an alternative, it can easily be a fake page asking you to enter your credit/debit card credentials. Beware of it and read our guide below to know the protection measures against such e-mails scams in the future.

Wizard is a ransomware virus that encrypts data with the help of AES-256 algorithms to blackmail users into paying the ransom. While restricting access to data, all affected files get renamed with the .wizard extension. For instance, a file previously titled 1.pdf will change to 1.pdf.wizard and reset its original icon. Following this, it was observed that the virus creates a text called decrypt_instructions.txt onto the desktop. This note contains information about what victims should do in order to return their encrypted files.

DataBankasi is the name of a ransomware program designed to extort money from victims off of data encryption. After the encryption occurs, all affected files get changed with the .databankasi extension becoming no longer accessible. To illustrate it with an example - a file previously named 1.pdf will change to 1.pdf.databankasi and lose its original icon as well. Following successful blockage of data, the virus creates a text file containing decryption guidelines (---BILGILENDIRME----NOTU---.txt). The text of decryption instructions is presented in the Turkish language.

TeamDarkAnon is a ransomware infection that encrypts system-stored data and extorts money from victims for its decryption. After successfully penetrating the system, TeamDarkAnon renames all encrypted files with the .anon extension. For instance, a previously working file called 1.pdf will change to 1.pdf.anon and reset its original icon. After the encryption of data is complete, the virus changes desktop wallpapers and creates a text file named HOW TO RECOVER ENCRYPTED FILES.TXT to illustrate decryption guidelines.