Tutorials

Cyber_Puffin is almost identical to another ransomware infection called Exploit6. Thus, it is very likely these two infections are promoted by the same group of developers. Likewise, Cyber_Puffin encrypts personal files and blackmails victims into paying money for their return. While restricting access to data, the virus assigns the custom .Cyber_Puffin extension to all affected files. For instance, a file previously named 1.pdf will experience a change to 1.pdf.Cyber_Puffin and become no longer accessible. Alike to Exploit6 Ransomware, the Cyber_Puffin variant creates a text file that displays decryption guidelines after successfully completing encryption. In addition, desktop wallpapers get replaced as well.

Exploit6 is a ransomware infection that encrypts personal files and blackmails victims into paying money for their return. During the encryption process, the file-encryptor changes the file appearance by adding the custom .exploit6 extension. To illustrate, a file previously titled 1.pdf will turn into 1.pdf.exploit6 and become no longer accessible. Alike in other malware of this kind, developers create a text file (READMI.txt) to explain decryption instructions. As said in this note, victims have to establish contact with cybercriminals by sending a message to their Telegram account (@root_exploit6). Although there is no further information about decryption inside the note, developers will more likely give it after reaching out to them. As a rule, collaborating with swindlers and paying money to them is not recommended - this is because there is a chance they will fool you and not give any decryption tool/codes even after completing the payment.

Polis is a recent ransomware infection. Alike other malware within this category, it renders files inaccessible and demands victims to pay a monetary ransom. During encryption, the virus assigns its own .polis extension to highlight the blocked data. For instance, an innocent file previously named 1.pdf will change its name to 1.pdf.polis and reset the original icon as well. Following this, Polis Ransomware creates a text note (Restore.txt) to instruct what victims should do. It is said victims have 2 days to establish contact with cybercriminals (via e-mail) and pay money to them for decryption. Otherwise, if the deadline will not be met, extortionists promise to publish the uploaded copies of locked data on special public domains. By posing such threats, cybercriminals try to make victims act immediately and follow what the guidelines say.

Moisha is a ransomware virus developed and promoted by the PT_MOISHA Hacking Team. This group of developers targets files of business-related users. After infiltrating the system and running strong encryption of data, the cybercriminals demand $10,000 in ransom for file decryption and a guarantee to not publish the collected information. All of this information is presented in more detail within the !!!READ TO RECOVER YOUR DATA!!! PT_MOISHA.html text note created after successful encryption. Unlike other ransomware infections, Moisha does not add any custom extensions to the affected files.

Last Warning: Upgrade Your Email To Avoid Shutting Down is a type of scam message that urges users to open a phishing website and enter their e-mail log-in credentials. The scam message claims it was sent by some e-mail administration team, which investigated your account and decided it has to be upgraded. For this, the letter says it is necessary to click on the "Continue Account Maintenance" button and log in on the redirected webpage with the user's e-mail and password. Unless this requirement is met, scammers promise to "shut down" or "block" the user's account.

If your files became no longer accessible and now appear with the new .MEOW extension (then .PUTIN, .KREMLIN and .RUSSIA extensions), then you are most likely infected with Meow Ransomware (a.k.a. MeowCorp2022 Ransomware and ContiStolen Ransomware). This file-encryptor blocks access to practically all types of system-stored data using the ChaCha20 algorithm and demands victims to establish contact with its developers (presumably to pay for decryption). In addition, it was also determined that this ransomware works on code stolen from another popular file-encryptor named Conti-2 Ransomware. Information about contacting swindlers can be found inside a text note called readme.txt, which the virus drops into each folder with encrypted files.

Loplup is a file-encrypting virus that was determined to be part of the ZEPPELIN ransomware family. While restricting access to system-stored data, it renames attacked files by adding the custom .loplup.[victim's_ID] extension. This means a file previously called 1.pdf will change to something like 1.pdf.loplup.312-A1A-FD7. Note that the victim's ID is variable so it can be different in your case. Following successful encryption of data, Loplup creates a text file (!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT) that contains decryption guidelines.

If you tried to run the WSReset.exe tool for restoring your Windows Store, there is a chance you received an error message with the following text - "ms-windows-store:PurgeCaches. The app didn’t start.". When running the previously-mentioned utility, Windows uses the ms-windows-store:PurgeCaches feature to get rid of locally stored cache accumulated in Windows Store folders. The reason why it results in failure is usually that there is a lack of certain permissions on the operating account. Below, we are going to show you what can be done in order to fix this issue and also show some methods to restore your Windows Store differently.