Tutorials

GhostLocker is a type of ransomware developed by the GhostSec cybercriminal group. Ransomware is a type of malware designed to encrypt data and demand payment for its decryption. GhostLocker targets a wide range of data types, including documents, spreadsheets, drawings, images, movies, and videos. It is a derivative of the BURAN Ransomware and is distributed in a worldwide campaign. GhostLocker encrypts files and appends their names with a .ghost extension. For example, an original filename such as 1.jpg would appear as 1.jpg.ghost. The encryption process is simple – every file that gets encrypted becomes unusable. GhostLocker uses AES encryption, a symmetric encryption algorithm known for its speed and security. GhostLocker leaves a ransom note in a text file (lmao.html), warning against renaming the encrypted files or using third-party recovery tools, as this may lead to permanent data loss. The victim is also warned that seeking aid from third-parties or authorities will result in data loss and the stolen content getting leaked.

PFN_LIST_CORRUPT is a Blue Screen of Death (BSoD) error that indicates a problem with the Page Frame Number (PFN) list in a computer's memory management system. The PFN list keeps track of the pages in physical memory, and when it becomes corrupted, it can lead to system crashes or blue screen errors in Windows. This list is used by your hard drive to determine the location of each one of your files on the physical disk. The PFN_LIST_CORRUPT error is one of the most common Windows 11 error messages on the blue screen. This error indicates that there are corrupt data in the Page Frame Number. Once the PFN is corrupt, there will be a limit to the number of tasks it can perform, leading to the BSoD error. The main reasons for the PFN_LIST_CORRUPT error in Windows 11 are similar to those in other versions of Windows, including corrupted system files, memory problems, faulty hardware, corrupted Boot Configuration Data, outdated or problematic drivers, third-party software or antivirus software, corrupt disk drivers, and virus or malware infection. To fix the PFN_LIST_CORRUPT error in Windows 11, you can try several methods such as checking your memory, uninstalling the problematic driver, updating Windows, updating drivers, running the BSOD Troubleshooter, running the SFC scan, checking the hard drive, and disabling Microsoft OneDrive. You can also consider uninstalling any recently installed apps or programs to address compatibility issues.

Mlap Ransomware is a malicious software that encrypts data on a victim's computer, rendering it inaccessible. It is a member of the Djvu ransomware family, which is known for its robust encryption methods and aggressive ransom demands. The Mlap ransomware specifically appends the .mlap extension to the filenames of the files it encrypts, transforming, for example, 1.jpg into 1.jpg.mlap. It uses the Salsa20 encryption algorithm, which is a robust ciphering algorithm typical for all other STOP/Djvu ransomware family members. This encryption algorithm generates a 78-digit number of possible decryption keys, making it nearly impossible to brute force the decryption. After completing the encryption process, Mlap ransomware drops a ransom note named _readme.txt on the victim's desktop. This note contains two email addresses (support@freshmail.top and datarestorehelp@airmail.cc) and offers victims the opportunity to obtain decryption software and key for a price set at $980.

Locknet Ransomware is a type of malicious software that belongs to the MedusaLocker family. Its primary purpose is to encrypt files on a victim's computer, making them inaccessible. The ransomware also renames files by adding the .locknet extension to filenames. For instance, it changes a file named 1.jpg to 1.jpg.locknet, 2.png to 2.png.locknet, and so forth. Locknet Ransomware uses a combination of RSA and AES encryption algorithms to encrypt the files on the infected computer. These encryption methods are robust and secure, making it extremely difficult to decrypt the files without the specific decryption key. After encrypting the files, Locknet Ransomware creates a ransom note named HOW_TO_BACK_FILES.html. This note informs victims that their network has been breached and all important files have been encrypted. It warns against attempting to restore the files with third-party software, as this could permanently damage them. The attackers claim that only they can provide the decryption solution.

Mlza Ransomware is a malicious software that belongs to the STOP/DJVU family, known for its malignant file encryption operations. It is a fresh iteration within the Djvu ransomware lineage, with its primary aim being to encrypt files found on a compromised system. Once the Mlza ransomware infects a computer system, it targets various file types, encrypts them, and appends the .mlza extension to the file names. For instance, a file named 1.jpg would be renamed to 1.jpg.mlza. The ransomware uses the Salsa20 encryption algorithm, which, while not the strongest method, still provides an overwhelming amount of possible decryption keys. This encryption makes the files inaccessible and the decryption key almost impossible to find without cooperating with the attackers. Mlza ransomware generates a _readme.txt file containing a ransom note.

Mlrd Ransomware is a type of malicious software that belongs to the Djvu family, a notorious group of ransomware known for encrypting data on infected computers. This ransomware is a new variant of the STOP/DJVU ransomware family, which is infamous for its file-encrypting capabilities. It was discovered during a thorough analysis of samples on VirusTotal. Once the Mlrd ransomware infects a computer, it scans for files to encrypt. It targets a wide range of file types and appends the .mlrd extension to the filenames of the encrypted files. For instance, a file named 1.jpg would be transformed into 1.jpg.mlrd. Mlrd Ransomware uses the Salsa20 encryption algorithm to encrypt files. This is not the strongest method, but it provides an overwhelming amount of possible decryption keys, making it nearly impossible to brute force the decryption key. After the encryption process, Mlrd ransomware leaves behind a ransom note named _readme.txt.

Enmity Ransomware is a type of malware designed to encrypt data, modify the filenames of all encrypted files, and leave a ransom note. This ransomware is a potent form of malware that targets computers with the harmful intent of encrypting the files stored on them. It is developed by individuals with criminal intentions and operates as a ransom-demanding infection. Enmity Ransomware modifies the original names of the encrypted files by appending a complex pattern to the filenames, following the format: {random-string}-Mail-[rxyyno@gmail.com]ID-[].{random-extension}. The email address used in the file extensions is rxyyno@gmail.com, while the rest of the pattern is dynamically generated for each victim individually. It also appends a 6 random character extension to the end of the encrypted data filename. Enmity Ransomware leaves behind a text file named Enmity-Unlock-Guide.txt on the infected device.

Mlwq is a ransomware variant that belongs to the Djvu family. This malicious software carries out file encryption and appends the .mlwq extension to the original filenames of all affected files. For instance, Mlwq renames 1.txt to 1.txt.mlwq, 2.jpg to 2.jpg.mlwq, and so forth. Once the Mlwq ransomware infects a system, it targets various types of files, such as documents, pictures, and databases making them unreadable and unusable. The Mlwq ransomware uses the Salsa20 encryption algorithm. This is not the strongest method, but it still provides an overwhelming amount of possible decryption keys, making it practically impossible to "hack". After the encryption process, Mlwq ransomware leaves behind a ransom note titled _readme.txt containing instructions for victims.