Tutorials

Sojusz is the name of a ransomware infection. It belongs to the Makop ransomware family that designs a number of different file encryptors. Sojusz blocks access to data and demands money for its decryption. The research showed it highlights encrypted files by assigning a random string of characters, ustedesfil@safeswiss.com email address, and the .sojusz extension. Latest versions of Sojusz used following extensions: .bec, .nigra, .likeoldboobs, .[BillyHerrington].Gachimuchi, This means a file like 1.pdf will be changed to 1.pdf.[fd4702551a].[ustedesfil@safeswiss.com].sojusz and become no longer accessible. After all targeted files end up encrypted this way, the virus creates a text file called -----README_WARNING-----.txt (later versions created also: !!!HOW_TO_DECRYPT!!!.txt, Horse.txt, README_WARNING_.txt and #HOW_TO_DECRYPT#.txt ransom notes).

OpenSea email scam stands for a fake OpenSea campaign that distributes intentionally phishing letters. Initially, OpenSea is a legitimate and world-famous NFT marketplace allowing users to buy/sell their digital assets (NFTs). Unfortunately, there are cybercriminals impersonating its traits in such scam e-mail letters. These e-mail messages are often sent under the subject of "Migrate Your Ethereum Listings Starting Today" to fool OpenSea users into clicking on the suggested "Get Started" button. Scam developers claim it is necessary to extend Ethereum listings on a new smart contract unless users want to pay additional gas fees. In fact, this button is meant to trick users into revealing their log-in credentials to cybercriminals. As a result, victims can end up being robbed on both the NFT marketplace and cryptocurrency wallets. If you, yourself, became a victim of this scam scheme, we therefore strongly advise you to change your password and secret phrases in order to prevent swindlers from abusing your data again. Even better would be to create a completely new account from scratch. To be more protected against such phishing attacks in the future, it is important to be careful and double-check the information provided. You can also read our guide below for more useful tips about staying secure on the Internet.

"Unfortunately, There Are Some Bad News For You" is a pure e-mail scam message. It is designed and promoted by cybercriminals to extort money from users based on privacy threats. To elaborate, the message contains a fake and explicit story (maybe in different languages) claiming the recipient was captured on camera while visiting adult-oriented resources. This happened, extortionists say, due to a malware infection that attacked the system and granted developers remote access to PC features several months ago. The information is followed by threats to spread the allegedly recorded content to friends and third-party entities interested in its monetization. Cybercriminals ask to pay about $1750 in Bitcoin for the prevention of leakage. As we already mentioned above, there is nothing users should worry about since all the written claims are fake and do not bare real threats to users who received them. Therefore, this or any similar message should be ignored and reported as spam to avoid its delivery in the future. In general, this type of scam is used quite often - fraudulent figures try to create a story that would potentially coincide with what users were doing at a given point in time. Below, we have created a guide with useful tips on how to avoid such e-mail scam techniques and lower the chance of their delivery.

Quite recently, hackers found a new Windows vulnerability to aid the penetration of systems with malware. The exploit is inherently related to MSDT (Microsoft Support Diagnostic Tool) and allows cybercriminals to perform various actions by deploying commands through the PowerShell console. It was therefore called Follina and assigned this tracker code CVE-2022-30190. According to some reputable experts who researched this problem, the exploit ends up successful once users open malicious Word files. Threat actors use Word’s remote template feature to request an HTML file from a remote web server. Following this, attackers get access to running PowerShell commands to install malware, manipulate system-stored data as well as run other malicious actions. The exploit is also immune to any antivirus protection, ignoring all safety protocols and allowing infections to sneak undetected. Microsoft does work on the exploit solution and promises to roll out a fix update as soon as possible. We thus recommend you constantly check your system for new updates and install them eventually. Before that, we can guide you through the official resolution method suggested by Microsoft. The method is to disable the MSDT URL protocol, which will prevent further risks from being exploited until an update appears.

Also known as R.Ransomware, Rozbeh is a ransomware infection that encrypts system-stored data to blackmail victims into paying money for its recovery. During encryption, it highlights blocked data by assigning random characters consisting of four symbols. For instance, a file like 1.pdf may change to 1.pdf.1ytu, 1.png to 1.png.7ufr, and so forth. Depending on what version of Rozbeh Ransomware made an attack on your system, instructions explaining how data can be recovered may be presented within text notes read_it.txt, readme.txt, or even in a separate pop-up window. It is also worth noting that the most recent ransom infection developed by Rozbeh swindlers is called Quax0r. Unlike other versions, it does not rename encrypted data and also displays its decryption guidelines in Command Prompt. In general, all the ransom notes mentioned above contain identical patterns of guiding victims to pay the ransom - contact malware creators through Discord or, in some cases, by e-mail and send 1 Bitcoin (about $29,000 now) to the crypto address of cybercriminals. After the payment is done, extortionists promise to send a file decryptor along with the necessary key to unlock encrypted data. Unfortunately, in the majority of cases, encryption methods used by cybercriminals to render files inaccessible are complex, making manual decryption near-impossible. You can give it a try using some third-party instruments in our tutorial below, however, we are unable to guarantee they will actually work.

ZareuS is the name of a ransomware infection that encrypts files and extorts an amount in crypto from victims. During encryption, the virus alters file appearance using the .ZareuS extension. In other words, if a file like 1.pdf ends up affected by the infection, it will be changed to 1.pdf.ZareuS and reset its original icon as well. Thereafter, to guide victims through the decryption process, cybercriminals create a text file called HELP_DECRYPT_YOUR_FILES.txt to each folder with no longer accessible data. It says the encryption occurred with the use of strong RSA algorithms. Victims are therefore instructed to buy a special decryption key, which costs 980$ and the amount has to be sent to the cybercriminals' crypto address. After doing so, victims have to notify about the completed payment by writing to lock-ransom@protonmail.com (e-mail address provided by the attackers). As an additional measure to incentivize victims into paying the ransom, extortionists propose to decrypt 1 file for free. Victims can do it and receive one file fully unlocked to confirm that decryption actually works. It is unfortunate to say this, but files encrypted by ZareuS Ransomware are almost impossible to decrypt without the help of cybercriminals. It may be only if ransomware is bugged, contains flaws, or other drawbacks alleviating third-party decryption. A better and guaranteed method to get back your data is to recover it using backup copies. If such are available on some non-infected external storage, you can easily substitute your encrypted files with them.

Error code 0x800f020b can be encountered in Windows 11 and Windows 10 operating systems. It occurs when trying to update your system via Windows Update Center. It is usually owners of printers such as HP (Hewlett Packard) or Xerox that are likely to receive the error while installing updates. The reason for that is most likely a disconnected printer, which prevents the installation of necessary components for printing devices. Try to reconnect your printer and see if it helps install the update successfully. If there are some other external devices connected, do the same with them as well. Should the issue remain unsolved, follow the rest of the instructions in our article below. There are 7 more methods that may be able to help. Although it is considered ineffective by many, in-built Windows Troubleshooter abilities can sometimes address issues like the 0x80073712 error. Troubleshooter is a native Windows utility designed to find and remove existing problems in various segments. You can use it to detect update issues and try to fix them eventually.

LokiLok is the name of a ransom infection. Upon successful installation onto a targeted system, it encrypts important files and blackmails victims into paying money for their decryption. We also discovered that LokiLok was developed on the basis of another ransomware virus called Chaos. Once encryption occurs, victims can see their data change with the .LokiLok extension. To illustrate, a file named 1.pdf will most change to 1.pdf.LokiLok and reset its original icon. After this, victims will no longer be able to access their data and ought to seek decryption instructions in the read_me.txt file. The virus also replaces default wallpapers with a new picture. Cybercriminals want victims to buy a special decryption tool. To do this, victims should contact extortionists using the attached e-mail address (tutanota101214@tutanota.com). Prior to buying the necessary software, it is also offered to send 2 small files - cybercriminals promise to decrypt and send them back to prove decryption abilities. In addition, the message also instructs against trying to use external recovery methods since it may lead to irreversible destruction of data. Whatever guarantees are given by ransomware developers, it is always not recommended to trust them. Many fool their victims and do not send the decryption software even after sending them money.