Viruses

Recent forum discussions have shown some users got a ransomware attack on PCs connected to NAS (Network Attached Storage). The virus encrypts NAS-stored data, wraps it in archives, and puts up a password on them. This prevents victims from accessing artificially created archives and viewing what files have been affected by the infection. Unlike many other ransomware infections, 7even Security does not use any extension to modify file appearance. It does though create a text note called Please Read Me !!!.txt containing instructionы on how to return the encrypted data. According to the above-mentioned note, cybercriminals demand 0.04 BTC for file decryption. This amount has to be sent to the attached crypto address. Victims are also guided to notify swindlers about successful payment through their e-mail address (team.seven@zohomail.eu) and include a personal ID. Should victims refuse or ignore to pay the demanded ransom, cybercrooks threaten to sell all important data to interested figures. Because the infection is recent, there is not a lot of information on whether files can be decrypted or not. At the moment, the only best way to recover data completely is via backup copies of files. Otherwise, attempts to decrypt data alone are likely to turn in permanent damage of data and therefore loss.

Explus is a common file-encrypting virus. It assigns strong encryption keys to render files inaccessible until a ransom is paid. Software with such capabilities is often referred to as ransomware. During encryption, Explus Ransomware adds the .explus extension to the end of filenames. This is done to draw victims' attention to recognizing their files have been encrypted. For instance, a file like 1.pdf will change to 1.pdf.explus, and so forth with other affected files. After all data becomes no longer usable, the virus starts its attempts to blackmail victims into paying money for data return. Developers do it through the RECOVERY INFORMATION.txt text file that is created immediately at the end of encryption.

Soviet Locker is a ransomware program. Ransomware is a type of malware usually designed to encrypt system-stored files and blackmail victims into paying money for its return. Soviet Locker is a surprisingly different instance - the virus does not demand any money for decryption. Instead, it shows a pop-up window claiming the restricted files can be unlocked using a password. This password cannot be retrieved from cybercriminals due to a lack of contact information. The reason for that might be that Soviet Locker is still under development and can be updated with real demands for payment in the future. For now, files affected by Soviet Locker can be decrypted without the help of cybercriminals. Virus researchers managed to match the right password that works for the majority of victims. The password is c819381734f8s2748a8239j872hdhc7c8 and has to be entered into a field within the pop-up window. Once entered, all previously blocked data will become fully usable again. Note that after recovering access to files, it is also very important to make sure the virus is no longer operating inside of your system. Otherwise, it may continue encrypting other files or download more infections as well. Follow our instructions below to remove it and restore a safe computer experience eventually.

SunnyDay is the name of a devastating ransomware infection. It was developed to cause encryption of personal data and help its developers capitalize on it. After restricting access to files using the .SunnyDay extension, the virus starts blackmailing victims into paying a fee for decryption. This information is presented inside of a text note (!-Recovery_Instructions-!.txt) created upon encrypting targetted data. Victims are guided to contact developers using e-mail communication (restoreassistance_net@wholeness.business or restoreassistance_net@decorous.cyou) and pay for special decryption software. Cybercriminals warn that trying to use any third-party software to decrypt the data will result in the immediate damage of files. It is also stated that all encrypted files have been uploaded to servers of cybercriminals, which, in case of refusing to pay, will be forwarded (sold) to parties potentially interested in it. Additionally, victims are offered to send 2 or 3 non-important and get them decrypted for free. This is used by swindlers to show they are actually able to decrypt the data. Unfortunately, decrypting data without the help of cybercriminals is more likely to corrupt data and make it no longer decryptable. It is very possible that ransomware developers incorporated protection that detects any unauthorized attempts to modify data. Users can recover their data using a copy of files backed up on uninfected storage. Unfortunately, this does not abolish the threats of having collected data leaked to online resources.

If you are no longer able to access your files and see them appear like this 1.pdf.acepy, then you are most likely infected with Acepy Ransomware. It is an encryption virus designed to render files inaccessible and blackmail victims into paying the so-called ransom. The infection does so through a ransom note (ACEPY_README.txt) created upon successfully encrypting the targeted data. It also force-opens a Command Prompt window with information identical to the text file we mentioned above. The notes briefly describe how to recover blocked files. Victims have to contact Acepy developers through the AcepyRansom@protonmail.com e-mail address and purchase special decryption software for the price announced after establishing communication with them. While there is no definite information on how much swindlers require to pay, meeting their demands is highly unrecommended. This is because of cybercriminals' tendency to fool their victims and not send any promised decryption tools afterwards. Despite this, the initial virus developers might be the only figures able to fully decrypt your data. Using third-party decryption tools as an attempt to avoid paying the ransom often flows in no anticipated results.

Discovered in 2019, Cerberus is a malicious program categorized as a banking trojan that has been targetting Android users. This application is disguised as Adobe Flash Player Updater and gets downloaded as an .apk file. Alike executable files, .apk extensions are meant to initiate the installation of applications. Whilst users think that it will update the promised software, they inadvertently get infected with a malicious program without consent. Thereafter, cybercriminals can control your device by connecting to a botnet and receiving commands from Command & Control (C2) server. Once extortionists establish contact with your device, they can easily operate it by sending commands remotely. This means that swindlers are able to see and gather sensitive data, credentials, change settings, and run other manipulations that expose your activity to third parties. Note that social networks and bank accounts can be hacked and hijacked for scams and revenue purposes. If you suspect Cerberus infected your device, then you should perform an immediate scan and delete it as soon as possible. We will discuss how to do it a little bit deeper in the article below.

RedLine Stealer is a malicious piece of software that targets computer users in order to steal important data. The virus is publicly available on hacker forums for the price of 150-200$. It is therefore employed to install on unprotected systems and start collecting sensitive information like passwords, logins, banking-related details, and other types of data to access various accounts in social media, banking apps, or cryptocurrency wallets. Among the list of targeted crypto-wallets are AtomicWallet, Armory, BitcoinCore, Ethereum, DashCore, Electrum, Bytecoin, Zcash, Jaxx, Exodus, LitecoinCore, and Monero as well. It was also spotted to disable the operation of VPN clients like ProtonVPN, OpenVPN, and NordVPN - presumably to alleviate the data collection process. In general, RedLine Stealer is designed to capitalize on the gathered data. Cybercriminals may therefore misuse valuable information to generate profits and cause reputational damage. It is also possible that this virus delivers additional malware like trojans or high-risk infections similar to ransomware (file-encryptors). Thus, if you suspect RedLine Stealer to have attacked your system, immediately use our tutorial below to remove the infection and restore a safe computer experience.

Quantum is the name of a ransomware infection. It was purposefully developed to encrypt system-stored data and blackmail victims into paying money for its return. The virus uses military-grade algorithms to restrict users from accessing their own files. It also appends the .quantum extension to highlight access-blocked data. For instance, a file named 1.pdf will change to 1.pdf.quantum and drop its original icon. After this, Quantum Ransomware creates an HTML file called README_TO_DECRYPT.html. The file is meant to show instruction on returning the data.