Tutorials

Esxi (ESXiArgs) Ransomware is a malicious infection that targets organizations by exploiting vulnerabilities in VMware ESXi - a virtual machine tool used for managing and optimizing various processes within organizations. Security reports indicate that cybercriminals exploit known vulnerabilities in VMware ESXi to gain access to servers and deploy ESXiArgs ransomware onto the targetted system. Once done, the virus will start looking to encrypt files located on the virtual machine with the following extensions: .vmdk, .vmx, .vmxf, .vmsd, .vmsn, .vswp, .vmss, .nvram, .vmem. For each encrypted file, the ransomware will also create a separate file with .ESXiArgs or .args extension with metadata inside (likely necessary for future decryption).

Being a successor of Djvu Ransomware, Coba is a ransomware-type virus that targets personal data. Just like other malware of this type, Coba runs data encryption to demand monetary ransom from victims. All files attacked by Coba (including pictures, databases, documents, etc.) will be restricted from access and altered visually as well. For example, a file like 1.pdf will change its look to 1.pdf.coba at the end of encryption. Developers of this ransomware variant apply the .coba extension to each of the target files stored on a system. The next thing it does after manipulating data extensions creates a ransom note (_readme.txt) that contains decryption instructions. Once users open it up, they will be presented with text written by cybercriminals. This text provides information on how to return the encrypted data.

SkullLocker is a new ransomware variant. The research indicates it was developed on the basis of Chaos Ransomware – another devastating and well-known infection. Upon successful infiltration, SkullLocker encrypts access to files, adds its own .skull extension, and creates a ransom note (read_it.txt) with decryption instructions written in the Polish language. Here is a full text presented in the note along with its translation to English. Overall, cybercriminals demand users make a payment within 72 hours, otherwise, the data will be permanently lost. Users are asked to familiarize themselves with payment and recovery details via the attached TOR link. In addition, the note advises against trying to recover files manually as doing so may cause permanent damage to files.

Coaq Ransomware is the subtype of STOP Ransomware (or DJVU Ransomware) and has all the characteristics of this family of viruses. Malware blocks access to the data on the victim's computers by encrypting it with the AES encryption algorithm. STOP Ransomware is one of the longest living ransomware. First infections were registered in December 2017. Coaq Ransomware with such suffix is yet another generation of it and appends .coaq extensions to encrypted files. Following the encryption, the malware creates a ransom note file: _readme.txt on the desktop and in the folders with encoded files. In this file, hackers provide information about decryption and contact details, such as e-mails: support@freshmail.top and datarestorehelp@airmail.cc.

Some users happen to see the "Bad Request" error code 400 while trying to launch Roblox in their browser(s). The issue indicates there is a connection issue between the game's client and server that receives the request. Here is a full error message that users can see: "Bad Request 400 | There was a problem with your request". This issue may be related to corrupted browser files, incorrect network settings, damaged DNS server cache, and even problems on the side of the server itself. You can check whether Roblox severs experience any issues at the moment using the official Roblox Server Status or DownDetector. If everything seems fine with the server, then the connection issue may originate from your PC and should be resolved individually. Follow our guide below to try each solution and potentially fix the "Bad Request" error code 400.

Some people get unlucky to encounter connection issue VAN 135 (usually in Windows 10 or 11), which essentially prevents playing Valorant. As a rule, there are many error codes starting with VAN (like 1067, 57, 9001, etc.) and all of them frequently indicate some connection problem. This is the kind of message players tend to receive when seeing this error appear at the launch of the game: "CONNECTION ERROR VALORANT has encountered a connection error. Please relaunch the client to reconnect. Error Code: VAN 135". It can be either a server issue on the Valorant end (for example, temporary maintenance or shutdown) or an individual issue on a player's PC. In case there is something wrong with the Valorant server, the responsibility does not lie on you, and you should wait until the issue gets resolved on their end. You can check whether something is wrong with the server itself using the official status checker by Riot or DownDetector. If everything seems fine with the server, and you continue to stumble upon the same VAN 135 or similar connection issue, try solutions from our guide to resolve this issue. It is possible that there is a problem with your connection specifically.

New instances of STOP Ransomware (DjVu Ransomware) continue to damage users files all over the world. STOP/Djvu Ransomware is a specific type of ransomware that has been active since 2017. It is a type of file-encrypting malware that encrypts victims' files and demands payment in exchange for the decryption key. This crypto-virus uses a complex AES encryption algorithm to block users' access to their data and extort a ransom of $490 or $980. One of the new variations of extension, that appeared in October 2022, is: .cosw. Corresponding ransomware got the name Cosw Ransomware. The virus adds such suffixes to the end of encrypted files. If your files got such an ending and are not accessible, it means your PC is infected with STOP Ransomware. Malware developers slightly modify the virus technically.

Goba Ransomware, which is actually next generation of STOP Ransomware appeared in the beginning of March 2023. This virus encrypts users' essential files, such as documents, photos, databases, music with AES encryption and adds .goba extensions to affected files. This ransomware is almost identical to numerous previous versions of the malware, that we described earlier, and belongs to the same authors, and uses the same e-mail addresses (support@freshmail.top and datarestorehelp@airmail.cc) and the same Bitcoin wallets. Full decryption is almost impossible, however, partially your data can be restored using instructions in this article. After the virus finishes, it creates _readme.txt file with the ransom note on the desktop and in the folders with affected files.