Tutorials

Being part of the STOP/Djvu family, Neon is a ransomware-type virus that puts up a lock on personal data. This version was released in the first days of June 2023. The encryption is done using military-grade algorithms that generate online keys on special servers. This ensures no third-party tools can access the keys to decipher the files. Just like other infections of this type, Neon changes the names of each infected file. It does so by appending a new extension (.neon) to every encrypted piece. For example, a file like 1.pdf will be modified and change its name to 1.pdf.neon after encryption. After this stage of the virus is over - Neon Ransomware creates a text note called _readme.txt containing decryption instructions. A number of other ransomware variants developed by Djvu used the same content for the ransom instructions.

PixBankBot is an Android banking Trojan that specifically targets Brazilian banks and takes advantage of the Pix instant payment platform. This malicious software utilizes an Automated Transfer System (ATS) framework to carry out its operations. It is crucial to remove PixBankBot from infected devices promptly to prevent potential harm. One of the methods employed by PixBankBot involves utilizing the Accessibility Service to detect and monitor User Interface (UI) components within specific banking applications. By leveraging this service, PixBankBot gains the ability to execute fraudulent transactions on the victim's device through the implementation of ATS functionality. Furthermore, PixBankBot exploits the Accessibility service to conduct keylogging operations. It records the user's interactions with UI elements, capturing sensitive information such as account balances, money transfer details, and the targeted bank. When the victim interacts with certain applications like Banco Itaú, C6 Bank, Mercado Pago, Nubank, PicPay, or PagBank Banco (and potentially other targeted apps), PixBankBot triggers keylogging and activates the ATS. It is important to note that the list of targeted apps may expand over time.

CrossLock is a dangerous malware categorized as ransomware. The activity of this crypto-ransomware started in mid-April 2023. According to the ransom not it is aimed at English-speaking users, but it can spread around the world. This ransomware encrypts user data using a combination of the Curve25519 and ChaCha20 algorithms and then demands ransom in Bitcoins to get the files back. The original name is indicated in the note: CrossLock. The executable file spotted is notepad.exe (can be other random name). Malware was written in the Go language. The extension is added to encrypted files: .crlk. CrossLock Ransomware creates ransom note, that is called ---CrossLock_readme_To_Decrypt---.txt in a folders with encrypted files and on the desktop. Below is the content of this note.

Neqp is a ransomware infection belonging to the Djvu/STOP Ransomware family, that appeared in June 2023. This family has released a number of file encryptors that target various users worldwide. Once the system is penetrated by ransomware, the virus begins scouting for potentially valuable file formats and running data encryption. After the cryptographic encryption occurs, users will no longer be able to access and use their data as before. You may immediately spot the change by looking at the altered names of the files. This specific ransomware assigns the .neqp extension, making a file like 1.pdf change to 1.pdf.neqp and reset its original icon. Usually, Neqp Ransomware and other modern Djvu/STOP versions generate "online" keys, which means full decryption of data is likely impossible without the help of cybercriminals. There are, however, sometimes exceptions to this – which can be found about further below.

Error code 0x80070035, commonly accompanied by the message "The network path was not found," can be a frustrating issue encountered by Windows 11 users when attempting to access shared files or folders on a network. This error typically indicates a problem with network connectivity or configuration, preventing your computer from locating the desired network path. When encountering error code 0x80070035, it is essential to troubleshoot the underlying causes to restore network functionality. Fortunately, there are several solutions you can try to address this error and regain access to shared resources on your network. In this article, we will guide you through a series of steps to resolve error code 0x80070035 on Windows 11. Whether you are encountering this error while attempting to connect to a shared printer, access files on another computer, or browse network resources, the following troubleshooting methods can help you identify and rectify the issue. By following these steps, you can restore the proper functioning of your network connection and eliminate the "The network path was not found" error on your Windows 11 system.

Just like many previous versions of this virus, Nerz Ransomware is a malicious program recently developed by the STOP (Djvu) ransomware family, which runs data encryption. Once it gets on your computer, the virus covers all personal data with strong encryption algorithms, so that you could no longer be able to get access to them. Unfortunately, preventing ransomware from blocking your data is impossible unless you have special anti-malware software installed on your PC. In case of its absence, the files stored on your disks will be restricted and no longer accessible. After the encryption process is done, you will see all the files change to 1.pdf.nerz and similarly with other file names. This version of STOP ransomware uses .nerz extension to highlight the encrypted data. Then, as soon as ransomware has stormed through your system and put all the sensitive data under a lock, it goes further creating a ransom note (_readme.txt).

Hidden Ransomware, a variant of the Voidcrypt ransomware family, is a malicious program that carries out its nefarious activities by encrypting data and then demanding ransoms in exchange for decryption tools. As part of the encryption process, all the affected files undergo a renaming process, adopting a specific pattern. The new filenames include the original file name, the email address of the cyber criminals, a unique ID assigned to the victims, and the .hidden extension. For example, a file named 1.pdf would be transformed into something like 1.pdf.[Wannadecryption@gmail.com][random-sequence].Hidden after encryption. In addition to the file renaming, the ransomware drops ransom messages in !INFO.HTA files within compromised folders.

Werz Ransomware (also known as STOP Ransomware) is ruinous virus, whose operating principle is based on strong file encryption and money extortion. There have been more, than 700 versions of this malware, with several major modifications and numerous minor changes. Recent ones use random 4-letter extensions added to affected files, to indicate that they are encrypted. Werz appeared in the very end of May 2023. Since the very beginning, Werz Ransomware has used the AES-256 (CFB mode) encryption algorithm. Depending on the exact extension there are slightly different, but similar removal and decryption methods. Variation under research today uses .werz extensions. Like its predecessors, it creates a ransom note called _readme.txt, below is an example of such a text file.