Viruses

Basn is a ransomware infection that targets various companies. Upon infiltration, it quickly scans the system for potentially important files (e.g., documents, databases, videos, images, etc.) and encrypts access to them. During this process, the virus also assigns its own .basn extension to highlight the blocked data. For instance, a file originally named 1.xlsx will change to 1.xlsx.basn and reset its icon to blank. Following successful encryption, the file-encryptor also drops a text file named unlock your files.txt with decryption instructions inside. Inside the note, it is made clear that the victim's data has been encrypted and extracted to cybercriminals' servers. To unblock the encrypted data and prevent leakage of data to shady resources/figures, extortionists demand victims to pay a ransom in Bitcoin or Monero cryptocurrency. The price is not disclosed in the note as it is likely to vary depending on the amount and value of encrypted data. Unfortunately, unless the virus has severe vulnerabilities that could be exploited, cybercriminals are usually the only figures capable of decrypting access to data completely and safely. For now, no third party is known to be able to bypass the encryption applied by Basn Ransomware. The only available options for data recovery are to either collaborate with ransomware developers or obtain data from existing backup copies. Backups are copies of data stored on external devices such as USB drives, external hard drives, or SSDs. The only downside of self-recovery is that threat actors may indeed publish the collected data and therefore damage the reputation of some companies if they are actually intended to do so.

Dazx Ransomware is a version of the STOP/Djvu ransomware family. It is a type of malware that encrypts the files on a victim's computer and demands a ransom payment in exchange for the decryption key. When the Dazx Ransomware infects a computer, it will encrypt the victim's files using a strong encryption algorithm, making them inaccessible to the victim. Malware uses a symmetric encryption algorithm to encrypt the victim's files. Specifically, it uses the Salsa20 stream cipher to encrypt the data. The encryption key is generated randomly for each victim, and it is stored on the attacker's server. The encrypted files will have a new extension added to their filenames, such as .dazx. The Dazx Ransomware also creates a ransom note file called _readme.txt in every folder that contains encrypted files. This file contains instructions on how to pay the ransom in order to receive the decryption key. The ransom note also warns the victim against attempting to decrypt the files using third-party software, as this can result in permanent data loss.

Code is the name of a new ransomware variant that infects organizations in order to run encryption of data and extort money in return for the decryption key. During encryption, it appends the .code extension and creates a ransom note (called !!!HOW_TO_DECRYPT!!!.txt) with instructions on how to decrypt the blocked data. Here is what an infected file would look like after encryption - 1.pdf.code, 2.png.code, and so forth with other file types targeted by the virus. In the note, cybercriminals try to persuade victims into paying the ransom for decryption. It is said victims have to install the TOX messenger and write to extortionists using the provided TOX ID. Unless victims meet these demands and refuse to purchase decryption, threat actors threaten to start randomly sharing the encrypted data with other parties or leak/sell it on the dark web and other shady resources.

Dapo Ransomware is a variant of the STOP/Djvu Ransomware, which is a type of malware that encrypts files on a victim's computer and demands a ransom payment in exchange for a decryption key to restore the files. During the encryption this malware modifies file extensions to .dapo. After the encryption process is complete, the ransomware drops a ransom note on the victim's desktop and in every folder that contains encrypted files. The note contains instructions on how to pay the ransom in order to receive the decryption key. The attackers usually demand payment in cryptocurrency, such as Bitcoin. It's important to note that there is no guarantee that paying the ransom will result in the decryption of the files. In some cases, victims have paid the ransom but never received the decryption key, while in other cases, the decryption key provided by the attackers has been found to be ineffective. The ransom note file name used by Dapo Ransomware follows the same naming convention. The file is named _readme.txt. The ransom note contains instructions on how to pay the ransom in order to receive the decryption key, and it typically includes an email address, that the victim can use to communicate with the attackers.

Qarj is a new ransomware variant developed and published by a template of notorious STOP/Djvu family. This particular variant was released in March 2023. Being a file-encrypting virus, it blocks access to personal data by using secure encryption algorithms. This means that files stored on a PC will no longer be opened by users until they are decrypted. Currently, there are smal chances for decryption of files encrypted by Qarj. Only 1-2% of cases are decryptable, when certain conditions are met. Use all instructions on this page until you get some data restored. In order to show that all files have been put under a lock, developers append the new .qarj extension to each of the files. For instance, a file sample like 1.pdf will change to 1.pdf.qarj and reset its icon eventually. After this part of encryption is finished, the virus creates a text note (_readme.txt) with ransom instructions.

IDP.Generic is a generalized code name used by anti-malware software for labeling and therefore quarantining possibly malicious activity. IDP.Generic is not tied to any specific file – a plethora of different files can be assigned with this detection component by your antivirus. In the majority of cases, such IDP.Generic detections are often false positives and do not pose any real threat to users. A false positive is simply when anti-malware software mistakenly identifies some harmless or legitimate file as malicious and blocks its operation or even deletes it completely. Many users report that false flagging happens with files of video games or other third-party software. Usually, it is Avast and AVG engines that tend to detect IDP.Generic as false positive the most. In this case, it is enough to add the file to your antivirus whitelist and continue using the associated program without problems. However, despite many detections like this being nothing to worry about, there are of course cases when the detected file(s) is actually malicious. Make sure that the software/file you downloaded is totally legitimate and was not downloaded from some unofficial and compromised resource.

Qapo Ransomware is a new file-encrypting program developed and published by the authors of STOP/Djvu family. Almost all versions entitled to this group of extortionists employ similar steps to extort money from victims. This particular variant was released in the middle of March 2023. Once Qapo gets on your PC, it runs a quick scan of your system to find sensitive data. Then, once this process is done, the malicious program gets to encrypt your data. During this, all files are changed with the .qapo extension, which appears at the end of each file name. For example, a file like 1.pdf will change to 1.pdf.qapo, and similarly. Once you spot such an immediate change, you will no longer be able to access the data. In order to decrypt it, cybercriminals instruct victims through the steps listed inside a text note (_readme.txt), which opens at the end of encryption. All recent versions of this ransomware family have used identical text in the notes.

Qazx Ransomware is called so, because of .qazx extension, added to affected files, modifying original extensions of various types of sensitive data. This version appeared in the middle of March, 2023. In fact, technically it is STOP Ransomware, that uses AES encryption algorithms to encrypt user's files. This suffix is one of the hundreds of different extensions used by this malware. Does it mean you lost your valuable data? Not necessarily. There are certain methods, that allow you to recover your files fully or partially. Also, there is free decryption utility called STOP Djvu Decryptor from EmsiSoft, that is constantly updated and is able to decrypt hundreds of types of this virus. After finishing its disastrous activity Qazx Ransomware creates _readme.txt file (ransom note), where it informs users about the fact of encryption, amount of ransom, and payment conditions.