file extension Archives

Winsage

December 15, 2025

VolkLocker Emerges as a Cross-Platform Ransomware Threat Targeting Linux and Windows

A pro-Russian hacktivist group, CyberVolk, has re-emerged in 2025 with a new ransomware-as-a-service (RaaS) operation called VolkLocker, which targets both Windows and Linux systems using Golang. The group utilizes Telegram bots for command-and-control operations, allowing affiliates to manage ransomware interactions. Despite its advancements, coding errors in the ransomware enable victims to recover encrypted files without paying a ransom. VolkLocker employs AES-256 encryption but has a critical flaw where the master encryption key is hard-coded and saved in plaintext, allowing easy decryption. The ransomware also ensures persistence by replicating itself and disabling essential system tools. CyberVolk offers additional RAT and keylogger add-ons for sale, with complete RaaS packages priced between [openai_gpt model="gpt-4o-mini" prompt="Summarize the content and extract only the fact described in the text bellow. The summary shall NOT include a title, introduction and conclusion. Text: A newly rebooted pro-Russian hacktivist group, CyberVolk, has made a notable comeback in 2025, unveiling a new ransomware-as-a-service (RaaS) operation dubbed VolkLocker, as detailed in recent research by SentinelOne. After a prolonged period of dormancy following extensive bans on Telegram, this group has re-emerged with a Golang-based ransomware solution that targets both Windows and Linux systems. This latest initiative signifies CyberVolk's commitment to revitalizing its operations, showcasing what analysts refer to as the “CyberVolk 2.x” generation of tools. Despite the group's advancements, their integration of sophisticated Telegram-based automation has inadvertently led to coding errors that allow victims to recover their encrypted files without the need to pay a ransom. Telegram-Fueled Automation and Functionality VolkLocker is heavily reliant on Telegram bots for its command-and-control operations, which form the core of its new RaaS model. All interactions between operators and the ransomware's ecosystem, from onboarding new customers to managing victims, are facilitated through a Telegram bot known as CyberVolk_Kbot. This bot provides various commands such as /decrypt, /list, and /status, enabling affiliates to monitor infections and communicate with compromised systems in real time. Operators tasked with creating new ransomware payloads must input several configuration details, including a Bitcoin address, Telegram bot token ID, chat ID, encryption deadline, and file extension. Decryption triggered via backed-up key file This design approach aligns with CyberVolk’s goal of simplifying deployment for affiliates with limited technical skills. The Golang-based payloads, compiled for both Linux and Windows platforms, utilize the “ms-settings” UAC bypass technique (MITRE ATT&CK T1548.002) for privilege escalation. Once operational, VolkLocker performs system reconnaissance, checks for virtual machine environments by matching MAC address prefixes, and strategically excludes key system paths from encryption. Encryption Flaws and System Destruction Features VolkLocker employs AES-256 in Galois/Counter Mode (GCM) for file encryption; however, its encryption design reveals a significant oversight. The master encryption key is hard-coded within the binary and is also saved in a plaintext file named system_backup.key located in the %TEMP% directory. This easily accessible key allows victims to decrypt their files without paying the ransom, highlighting a critical flaw in CyberVolk’s development process. In addition to its encryption capabilities, VolkLocker ensures persistence by replicating itself across multiple directories and disabling essential tools such as Task Manager, Windows Defender, and Command Prompt through registry modifications. It also deletes Volume Shadow Copies and can trigger a Blue Screen of Death (BSOD) using the Windows NtRaiseHardError() function when the countdown timer expires or when incorrect decryption keys are repeatedly entered. Despite these coding missteps, CyberVolk is expanding its offerings, providing RAT and keylogger add-ons for 0 each, along with complete RaaS packages ranging from 0 to ,200. SentinelOne researchers caution that this resurgence underscores how politically motivated groups are increasingly leveraging Telegram infrastructure to commercialize their ransomware operations. Indicators of Compromise: Windows Sample: dcd859e5b14657b733dfb0c22272b82623466321 Linux Sample: 0948e75c94046f0893844e3b891556ea48188608 Bitcoin Wallet: bc1qujgdzl0v82gh9pvmg3ftgnknl336ku26nnp0vy Telegram Bot: 8368663132:AAHBfe3xYPtg1IMynKhQy1BRzuF5UZRZspw Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates" max_tokens="3500" temperature="0.3" top_p="1.0" best_of="1" presence_penalty="0.1" frequency_penalty="frequency_penalty"] and ,200. Indicators of compromise include specific Windows and Linux sample hashes, a Bitcoin wallet address, and a Telegram bot ID.

Winsage

December 7, 2025

Windows 11 will soon show Microsoft Store app download recommendations in the “open with” menu

Microsoft has released a new preview build of Windows 11 that improves the "open with" menu by suggesting recommended applications from the Microsoft Store for files without a default application or unrecognized file extensions. Users can access relevant apps directly through the Open With dialog box and can view more options in the Microsoft Store. Additionally, Microsoft has introduced the Unified Update Orchestrator Platform to help app developers use Windows Update for easier app updates.

Winsage

June 19, 2025

[Fixed] How to Recover Unsaved Word Document on Windows 10/11

4DDiG Data Recovery is a tool designed to recover unsaved Word documents by scanning the AutoRecover folder and other locations. It can recover corrupted, deleted, unsaved, or formatted MS Office files with a high success rate and offers a free trial. Users can preview files before restoration, and the software is compatible with various storage devices and Windows operating systems (7, 8, 10, and 11) without requiring technical skills. To recover an unsaved Word document using 4DDiG, users should install the tool, select the drive where the documents were lost, scan for unsaved documents, preview, and then recover the desired files. Microsoft Word has built-in features for recovering unsaved documents, including the Document Recovery Pane and manual searches for AutoRecover files with ".asd" and backup files with ".wbk" extensions. Temporary files with a ".tmp" extension may also contain unsaved work and can be retrieved from a specific path. To prevent future losses, users are advised to enable AutoRecover and create backup copies in Word's settings. Common recovery questions include the ability to recover unsaved documents depending on AutoRecover settings and the locations of AutoSave files, which vary by operating system. For Windows, common paths include C:Users[Username]AppDataRoamingMicrosoftWord and C:Users[Username]AppDataLocalMicrosoftOfficeUnsavedFiles.

Winsage

April 27, 2025

5 features I wish were enabled by default on Windows 11

Microsoft Windows 11 includes several features that are not enabled by default, which can hinder user experience: 1. System Restore: Allows users to create restore points for system recovery but is not enabled by default due to disk space concerns. 2. End Task Feature: Enables users to right-click on unresponsive apps in the taskbar to force quit them, but requires activation through Settings. 3. File Extension View in File Explorer: Users must manually enable the display of file extensions for better file management. 4. Hibernate Mode: A power-saving option that saves the system state to the hard drive, not readily accessible in power settings and requires enabling through Control Panel or command line. 5. Start Menu on the Left: The Start menu is centered by default, but users can adjust it to the left through Settings, which some long-time users prefer.

Winsage

February 8, 2025

Best tips I use to boost search efficiency on File Explorer for Windows 11

Searching for files on Windows 11 can be optimized using File Explorer's search feature, which includes advanced search filters, boolean operators, wildcards, and indexing settings. To search efficiently, open File Explorer (Windows key + E) and use the following filters: - Basic filters: - kind: Searches for file types (e.g., kind:document, kind:image). - ext: Searches by file extension (e.g., ext:.pdf). - date: Searches by modification date (e.g., date:today). - size: Searches by file size (e.g., size:>100MB). - Boolean operators: - AND: Finds files containing both terms. - OR: Finds files containing either term. - NOT: Excludes files with a specific term. - Wildcards: - asterisk (): Represents any sequence of characters (e.g., .txt). - question mark (?): Represents a single character (e.g., file?.txt). - File properties: Search by metadata (e.g., author:John, tag:important). - Advanced query syntax: Use specific syntaxes to refine searches (e.g., datemodified:last week). - Search options: Access additional filters through the "Search options" menu in File Explorer. - Save query: Save frequent searches for easy access. - Enhanced Indexing: Enable this option to broaden search capabilities across the entire system. - AI integration: Microsoft is incorporating AI features for natural language searches, currently available on Copilot+ PCs.

Winsage

December 5, 2024

WinRAR on Windows 11 gets faster, 7-Zip and NanaZip receive improvements too

WinRAR has released a beta update (version 7.10 Beta 2) that includes several enhancements and bug fixes. Key improvements include: - Accelerated response time for the Windows 11 context menu when right-clicking on multiple selected archives. - Increased compression speed due to the resolution of a performance bug. - Numerous dark mode improvements and fixes, with "Dark mode" options now referred to as "Color mode." - The "Export settings to file" command no longer triggers User Account Control prompts. - Command line mode now returns a "Bad archive" exit code 13 for non-RAR archives with a .rar file extension. - The "External viewer name" field now recognizes relative path specifications. Bug fixes include: - Compression speed improvements for specific data combinations in non-solid archives. - Resolved an infinite loop issue in console RAR on Windows 7. - Fixed an error preventing execution of files from archive subfolders. - Addressed a reset issue with WinRAR.ini contents when multiple archives were opened in the same window. 7-Zip has also updated to version 24.09, featuring increased default dictionary sizes for LZMA/LZMA2 compression and additional hash checksum calculations (SHA-512, SHA-384, SHA3-256, and MD5). NanaZip has addressed a Zstandard decompression vulnerability (CVE-2024-11477) and includes various updates and optimizations in its 5.0 Preview 0 release.

Winsage

November 1, 2024

7 things you need to do to make search better in Windows 11

The Windows search tool allows users to find applications, music, and settings, as well as perform web searches. Many users find it cluttered with Bing results, leading to a slow experience. To improve search functionality in Windows 11, users can employ several strategies: 1. PowerToys Run: A rapid system search tool activated by pressing Alt + Space, allowing customization for executing shell commands and adjusting settings. 2. Search by Category: Users can filter search results by categories such as Apps, Documents, Web, Settings, Folder, and Photos by clicking the category or typing the category name followed by a colon. 3. Tweak Indexing Options: Users can adjust indexing options to include specific folders and libraries, speeding up searches by ensuring relevant files are indexed. 4. Enable Cloud Content Search: This feature allows Windows search to pull results from OneDrive, Outlook, and SharePoint, which can be activated through the Windows search settings. 5. Filter Results Better: Within File Explorer, users can refine search results by using the "Search options" drop-down to filter by modification date, file type, or file size. 6. Disable Bing Search: Users can disable Bing search results by modifying the Registry Editor to create a new key and setting its value to disable search box suggestions. 7. Use Everything: A third-party tool that provides faster file and folder searches by focusing solely on file names and updating in real-time.

Winsage

September 18, 2024

Windows vulnerability abused braille “spaces” in zero-day attacks

A vulnerability in Windows, tracked as CVE-2024-43461, has been reclassified as previously exploited after being used in attacks by the Void Banshee APT group to deploy information-stealing malware. Initially disclosed in September 2024, it was confirmed to have been exploited before the fix was issued. The flaw was discovered by Peter Girnus from Trend Micro, who noted that it was used in zero-day attacks alongside another vulnerability, CVE-2024-38112. The attacks involved malicious HTA files disguised as PDFs, utilizing braille whitespace characters to hide the true file extension. Following the security update, Windows now accurately displays the .hta extension, although the presence of whitespace may still mislead users. Microsoft also addressed three other actively exploited zero-days during the September Patch Tuesday.

Winsage

September 18, 2024

CISA warns of Windows flaw used in infostealer malware attacks

The Cybersecurity and Infrastructure Security Agency (CISA) has directed U.S. federal agencies to strengthen their systems against the Windows MSHTML spoofing zero-day vulnerability identified as CVE-2024-43461. This vulnerability was initially deemed non-exploited by Microsoft but was later confirmed to have been exploited before its patch. Attackers, including the Void Banshee hacking group, used this vulnerability to install information-stealing malware by deceiving users into opening malicious files disguised as harmless documents. CISA has included this vulnerability in its Known Exploited Vulnerabilities catalog and has mandated that federal agencies secure their systems within three weeks, with a deadline of October 7. Additionally, Microsoft has addressed three other actively exploited zero-days in its September 2024 Patch Tuesday updates.

Winsage

August 23, 2024

How to change a file type or file extension in Windows 11

In Windows 11, users can change file extensions easily to correct mislabeling issues. File extensions, such as .png or .mp4, indicate how the operating system should handle files, while file types refer to the actual format of the file. To view file extensions in File Explorer, users can navigate to the folder, click on View, and select Show > File name extensions. To change a file extension, users highlight the file, rename it by deleting the old extension and adding a new one, and confirm the change. For changing multiple file extensions at once, users can use the Command Prompt by navigating to the folder, typing CMD in the address bar, and using the ren command. Changing file types or formats requires a conversion tool, such as iLoveIMG, where users can upload files and convert them to the desired format. It is advisable to review converted files before deleting the originals.