Tutorials

The number of queries related to new ransomware activity is growing each day with new infections. This time around, users are dealing with Tycx Ransomware, which is a new and dangerous piece developed by the Djvu/STOP family. This particular version started infecting computers in the second half of March 2023. Its recent activity has encrypted a lot of personal data with strong algorithms. Despite Tycx Ransomware has not being totally inspected just yet, there are some things that are clear already. For example, the virus reconfigures various types of data (images, documents, databases, etc.) changing original extensions to .tycx. This means that all types of data will save its initial name, but change the main extension to something like this "1.pdf.tycx". Once the encryption process gets to a close, you will no longer be able to access your data. In order to regain it, extortionists have scripted the creation of identical notes dropped into encrypted folders or onto a desktop. The name of the note is usually _readme.txt, which contains detailed instructions on how to recover your data.

Tywd Ransomware (the latest version of STOP or Djvu Ransomware) is extremely harmful and one of the most active encryption viruses. More than half of ransomware submissions to ID-Ransomware (ransomware identification service) are made by victims of STOP Ransomware. Although it has been in circulation for a couple of years, the number of infections caused by Tywd Ransomware continues to increase. It may be somewhat ironic, but most of the victims (at the moment) are users of pirated software. The version of the virus, that is under consideration today, adds .tywd extension to files. The malicious program also creates a text file (called _readme.txt) in each infected folder, which explains to the user that his computer is infected, and he will not be able to access his data until he pays a ransom of $980. If the user pays within 72 hours after infection, the ransom is reduced to 490 US dollars. The example of this ransom note is presented below.

Darj Ransomware is a prevalent encryption virus and blackmailer, that targets valuable personal files. Belongs to STOP/Djvu malware group. After infection and data encoding hackers start extorting the ransom. There have been more than 600 versions of the ransomware, each version gets slightly modified to circumvent the protection, but main footprints remain the same. The malware uses AES-256 in CFB mode. Shortly after launch, the STOP family cryptographer executable connects to C&C, retrieves the encryption key and infection ID for the victim's PC. Data is transmitted over simple HTTP in the form of JSON. If C&C is not available (the PC is not connected to the Internet, the server itself is not working), the cryptographer uses the hard-coded key and ID in it and performs offline encryption. In this case, you can decrypt the files without paying a ransom. Variations of STOP Ransomware can be distinguished from each other by ransom notes and extensions it adds to encrypted files. For STOP Ransomware under research today, extension is: .darj. The ransom note file _readme.txt is presented below in the text box and picture. In the article below we explain how to remove Darj Ransomware completely and ways to decrypt or restore .darj files.

If your iPhone suddenly shut down black and simply trying to boot it back does not help, then you are on the right guide to fix it. The "black screen of death" is a term used to describe a problem where an iPhone's screen remains black and unresponsive, even when the device is turned on. The reason your iPhone may abruptly go black can be related to various issues, including a temporary glitch, battery drain, or even hardware problems, which would require professional interference to identify and resolve the issue. Sometimes, a software glitch can cause the iPhone to freeze, resulting in a black screen. In this case, force restarting the iPhone can often fix the issue. To force restart your iPhone, press and hold the Sleep/Wake button and the Home button (for iPhone 6s and earlier) or the volume down button (for iPhone 7 and later) simultaneously for at least 10 seconds until the Apple logo appears. Of course, if there was a water damage or jailbreak attempt, there are small chances for recovery, but in many cases problem can be solved. However, before spending your precious time on handing your iPhone to a service center and paying money for its diagnostic, make sure you try the solutions listed in our guide below. Many users manage to fix the black screen of death on their iPhones fast and easily. Let's get started.

Basn is a ransomware infection that targets various companies. Upon infiltration, it quickly scans the system for potentially important files (e.g., documents, databases, videos, images, etc.) and encrypts access to them. During this process, the virus also assigns its own .basn extension to highlight the blocked data. For instance, a file originally named 1.xlsx will change to 1.xlsx.basn and reset its icon to blank. Following successful encryption, the file-encryptor also drops a text file named unlock your files.txt with decryption instructions inside. Inside the note, it is made clear that the victim's data has been encrypted and extracted to cybercriminals' servers. To unblock the encrypted data and prevent leakage of data to shady resources/figures, extortionists demand victims to pay a ransom in Bitcoin or Monero cryptocurrency. The price is not disclosed in the note as it is likely to vary depending on the amount and value of encrypted data. Unfortunately, unless the virus has severe vulnerabilities that could be exploited, cybercriminals are usually the only figures capable of decrypting access to data completely and safely. For now, no third party is known to be able to bypass the encryption applied by Basn Ransomware. The only available options for data recovery are to either collaborate with ransomware developers or obtain data from existing backup copies. Backups are copies of data stored on external devices such as USB drives, external hard drives, or SSDs. The only downside of self-recovery is that threat actors may indeed publish the collected data and therefore damage the reputation of some companies if they are actually intended to do so.

Dazx Ransomware is a version of the STOP/Djvu ransomware family. It is a type of malware that encrypts the files on a victim's computer and demands a ransom payment in exchange for the decryption key. When the Dazx Ransomware infects a computer, it will encrypt the victim's files using a strong encryption algorithm, making them inaccessible to the victim. Malware uses a symmetric encryption algorithm to encrypt the victim's files. Specifically, it uses the Salsa20 stream cipher to encrypt the data. The encryption key is generated randomly for each victim, and it is stored on the attacker's server. The encrypted files will have a new extension added to their filenames, such as .dazx. The Dazx Ransomware also creates a ransom note file called _readme.txt in every folder that contains encrypted files. This file contains instructions on how to pay the ransom in order to receive the decryption key. The ransom note also warns the victim against attempting to decrypt the files using third-party software, as this can result in permanent data loss.

While trying to update or restore their iPhone/other iOS devices, some users get stuck in the recovery mode, which shows to connect to a computer. At the same time, users can often see the support.apple.com/iphone/restore message on top of the screen. This problem is pretty common across iOS devices like iPhones. Luckily, solving this issue should not be a big deal. Follow our guidelines below to exit this recovery mode and update or restore your iPhone again. Note that for the majority of solutions, you will need to have a computer (Mac or Windows) and a USB cable from your iPhone. This screen usually appears on an iPhone when there is a software issue that prevents the device from functioning properly. This can occur when the iPhone is stuck in a loop, unable to boot, or experiencing other issues that prevent it from operating normally. To restore the iPhone using the support.apple.com/iphone/restore screen, you will need to connect the device to a computer with iTunes installed. Then, follow the on-screen instructions to put the device into recovery mode and initiate the restore process. There is also easier way to fix it, that we describe in this article.

Code is the name of a new ransomware variant that infects organizations in order to run encryption of data and extort money in return for the decryption key. During encryption, it appends the .code extension and creates a ransom note (called !!!HOW_TO_DECRYPT!!!.txt) with instructions on how to decrypt the blocked data. Here is what an infected file would look like after encryption - 1.pdf.code, 2.png.code, and so forth with other file types targeted by the virus. In the note, cybercriminals try to persuade victims into paying the ransom for decryption. It is said victims have to install the TOX messenger and write to extortionists using the provided TOX ID. Unless victims meet these demands and refuse to purchase decryption, threat actors threaten to start randomly sharing the encrypted data with other parties or leak/sell it on the dark web and other shady resources.