Tutorials

Being a dangerous ransomware virus, Rook targets data encryption and tries to blackmail users into paying the ransom. The virus is easy to distinguish from other versions as it assigns the .rook extension to all blocked data. This means a file like 1.pdf will change to 1.pdf.rook and reset its original icon upon successful encryption. Right after this, Rook Ransomware creates a text note named HowToRestoreYourFiles.txt showing users how they can recover the data. The text note content says you can restore access to the entire data only by contacting swindlers and paying the money ransom. Communication should be established by e-mail (rook@onionmail.org; securityRook@onionmail.org) or TOR browser link attached to the note. While writing a message to cyber criminals, victims are offered to send up to 3 files (no more than 1Mb) and have them decrypted for free. This way cybercriminals prove decryption abilities along with their trustworthiness to some extent. Also, if you contact extortionists within the given 3 days, cybercriminals will provide a 50% discount for the price of decryption. Unless you fit in this deadline, Rook developers will start leaking your files to their network to abuse them on darknet pages afterward. They also say no third-party instruments will help you recover the files.

HarpoonLocker is the name of a recent ransomware infection reported by users on malware forums. The virus runs encryption of data with AES-256 and RSA-1024 algorithms making all restricted data cryptographically secure. As a result of this configuration change, users will be no longer able to access their own data stored on infected devices. HarpoonLocker assigns the .locked extension, which is commonly used by many other ransomware infections. This makes it more generic and sometimes hard to differ from other infections like this. It also creates a text note (restore-files.txt) containing ransom instructions. Developers say all data has been encrypted and leaked to their servers. The only way to revert this and get files back safely is to agree on paying the ransom. Victims are instructed to download the qTOX messenger and contact extortionists there. There is also an option to try decryption of 3 blocked files for free. This is a guarantee given by cybercriminals to prove they can be trusted. Unfortunately, there are no other contacts apart from qTOX that victims could use to get into a discussion with cybercriminals. Many cyber researchers joked that HarpoonLocker should also be called Unnamed qTOX Ransomware since there is nobody victims can talk to. For this and many other reasons, it is highly advised against meeting the listed requirements and paying the ransom. Quite often cybercriminals fool their victims and do not send any decryption tools even after receiving the money.

Some users reported they have too high CPU, Disk, or Memory usage due to the System and compressed memory process. In such a case, it is easy to see this process hanging around the top of resource monitors in Task Manager and consuming the biggest percent. Initially, the process you are having problems with is related to RAM function and compression of existing files and folders. While its function is important indeed, it should not be taking too many resources to run successfully. Usually, no background process takes so much memory and CPU to process the function. However, there are still some cases when process behavior goes off the road and starts acting up crazy. As a result, users hear their cooling system spin at its fastest to prevent excessive temperatures and save their PC from overheating. In addition to this, high CPU or memory usage means you are guaranteed to experience problems with system performance like lags or even forced termination of PC. Such a stability fault may be related to various factors like wrong configuration settings, compatibility conflicts, malicious presence, or even physical memory issues. Whether you have them or not, it is important to check and not go into solving the problem blindfolded. Manual attempts to fix the problem may give no fruits or even deteriorate the existing issue. This is why it is better to designate this task to guides with already established solutions that will get rid of the issue. If you are the victim of high CPU and memory usage coming from the "System and compressed memory" process, follow our tutorial below.

First found and researched by an independent expert named S!R!, NoCry is a ransomware program designed to run data encryption. It is a very popular scheme employed by ransomware developers to extort money from victims upon successful restriction of data. For now, there are two known versions of NoCry differing by extensions assigned to blocked data. It is either .Cry or .IHA extension that will be appended to encrypted files. For instance, 1.pdf will change its look to 1.pdf.Cry or 1.pdf.IHA and reset its shortcut icon to blank after getting affected by malware. Extortionists behind NoCry Ransomware demand payment for returning the data via an HTML file called How To Decrypt My Files.html. It also force-opens a pop-up window that victims can interact with to send the ransom and decrypt their data. The contents of both are identical and inform victims about the same. NoCry gives about 72 hours to send 100$ in BTC to the attached crypto address. If no money will be delivered within the allocated timeline, NoCry will delete your files forever. This is an intimidation strat meant to hurry up victims and pay the demanded ransom quicker.

Today we are going to take a look at another Windows 10 error known by this code 0x80070020. Many users complained it comes up when trying to install new updates pending in the Update Center. The error was first spotted in 2015, just at the time Windows 10 was released. Soon after a couple of patches, Microsoft managed to address the issue and wave it eventually. Unfortunately, this effect did not last forever as users Windows 10 Creators update brought the 0x80070020 error back to its previous life. We are lucky that the community has had enough time to research the problem and find working solutions to fix it despite the appearance. The most common reasons turned out to be corrupted or missing system files, bugged update configuration, third-party conflicts, disk damage, and other causes like that. While all of these reasons may sound quite intimidating to handle, there is nothing too complex about their solution. Just follow our guide below to revert your PC back to normal life without update errors.

BAD_POOL_CALLER is one of many STOP code errors that crashes your PC after playing a videogame, initiating programs, or running some activity around the system. Even browsing through some web pages may result in BAD_POOL_CALLER error and fault your PC into well-known Blue Screen of Death. Windows does it to avoid potential damage to your system and hardware once it spots there is a threat. Then, it takes a couple of seconds before Windows collects some data and boots you back to the desktop. As a rule, the basic restart is not enough to forget about the problem, so you are likely to receive it again at some point of usage. The most common reasons for such errors end up being outdated or malfunctioned drivers, corrupted or missing system files, incompatibility issues, and other problems with updates, or hardware. If you are facing the same or similar issue, then follow our solutions presented below. Unfortunately, there is no single method to all of the problems. You should try each of them until you find the one resolving the error.

In late October 2020, Mac users discovered an issue with HP printers. On computers with Catalina and Mojave OS, the errors "HPDeviceMonitoring.framework" will damage your computer or "HPDM.framework" will damage your computer appear. Macs running High Sierra and earlier do not have this problem. Regardless of what users clicked after the error ("Show in Finder" or "OK"), this pop-up appears over and over again, making it difficult for some users to use the PC. Also, due to an error, it is impossible to print to printers. There is no reason to worry, HPDeviceMonitoring.framework is not malware, but a piece of software for HP printers. The error pop-up is displayed by Apple's XProtect software, which is part of the Apple Gatekeeper security system. Gatekeeper acts as an antivirus, it detects and blocks malware. However, according to our research in this case there is just a problem with the revoked certificate of HP printing software. Among other possible reasons: HP drivers malfunction, HP software corruption. HP and Apple have worked to remedy the situation and have released an update. However, some users still experience this or similar problems. In this tutorial, we will explain all necessary steps needed to get rid of the ""HPDeviceMonitoring.framework" will damage your computer" error in MacOS and restore your printer functionality.

RansomNow is another file-encryptor virus issued by cybercriminals to extort money from desperate victims. It is very similar to the already-discussed Polaris Ransomware as it runs the same encryption pattern with AES and RSA algorithms. Another similarity shared between these ransomware attacks is that they do not attach any new extension to enciphered data. Despite files do not experience any significant visual changes, users will still be unable to open them up. The virus also creates a text file called README TO UNLOCK FILES.txt that features decryption instructions. Developers say victims can restore the data only by purchasing a special key. The price to be paid equals 0.0044 BTC, which is approximately 250$ at the moment of writing this article. Keep in mind that cryptocurrencies rates always change, so there is a chance you will have to pay more or less even tomorrow. After sending the necessary amount of BTC, users should deliver the proof of the transaction to the attached e-mail address (ransomnow@yandex.ru). In addition to that, crooks list a couple of resources where to buy the required cryptocurrency, if you are new to the crypto world. It is also strongly warned against running manipulations with files yourself or with the help of third-party tools.