Track Global Malware Trends
View the trending of malware based on the "detection count" reports of threats found in infected PCs and volume levels which reflect malware infection rates. For real-time data on malware outbreaks worldwide, visit MalwareTracker.

Top Security News

Top 20 Countries Found to Have the Most Cybercrime
Have you ever wondered which countries face the most cybercrime? If you have ever wondered which countries have the most cybercrime, then you may be surprised to know that there are few contributing factors that attract cybercriminals to specific regions of the world. Security research firm,...
Spam Alert: Phishing Email Scam Titled ‘Bank of America Alert: Account Suspended’
We recently discovered a new phishing scam from a Bank of America spam email message that attempts to warn a computer user of an 'invalid login' resulting in a 'suspended banking account'. The spam message is ultimately a phishing scam that tries to lure computer users to a phishing site to...
Top 5 Popular Cybercrimes: How You Can Easily Prevent Them
Over the course of the past few years, hackers and cybercrooks armed with sophisticated malware have stolen literally hundreds of millions of dollars from online banking accounts and individuals all over the world. We have said it many times before in recent articles, the days of robbing banks in...

Top Articles

CryptoLocker Ransomware

CryptoLocker Ransomware screenshot

The CryptoLocker Trojan is a ransomware infection that encrypts the victim's files. CryptoLocker may typically be installed by another threat such as a Trojan downloader or a worm. Once CryptoLocker is installed, CryptoLocker will search for sensitive files on the victim's computer and encrypt them. Essentially, CryptoLocker takes the infected computer hostage by preventing access to any of the computer user's files. CryptoLocker then demands payment of a ransom to decrypt the infected files. CryptoLocker is quite harmful, and ESG security analysts strongly advise computer users to use an efficient, proven and updated anti-malware program to protect their computer from these types of...

Posted on September 11, 2013 in Ransomware

Play-bar.net

The Play-bar.net search aggregator is similar to Ultimate-search.net, and it is a questionable service that is promoted by a browser hijacker. The Play-bar.net site is operated by Blisbury LLP and features a small search bar, a weather forecast in the top right corner and a clock widget in the top left corner. Additionally, the Play-bar.net site may offer users to play Adobe Flash games on online gaming platforms likePrincess Games, GamesRockit and TikiArcade. The browser hijacker related to Play-bar.net is written with the purpose of diverting the Internet traffic of infected users to Play-bar.net and earn affiliate revenue. The Play-bar.net browser hijacker may modify your DNS settings and change your default search aggregator, homepage and a new tab to Play-bar.net. The Play-bar.net browser hijacker might edit your Windows Registry...

Posted on October 14, 2015 in Browser Hijackers

Cerber Ransomware

The Cerber Ransomware is a ransomware infection that is used to encrypt the victims' files. The Cerber Ransomware adds the extension CERBER to every file that the Cerber Ransomware encrypts. After the Cerber Ransomware has encrypted some of the files of the victim, the Cerber Ransomware demands the payment of a ransom in exchange for the decryption key. According to Cerber Ransomware's ransom note, computer users have one week to pay the ransom amount before this amount is doubled. The Cerber Ransomware Contains an Audio Message As the Cerber Ransomware encrypts the victim's files, it creates TXT, HTML, and VBS files named 'DECRYPT MY FILES' with instructions on how to pay the Cerber Ransomware's ransom. These files are dropped on every folder that contains files that were encrypted by Cerber Ransomware. According to these ransom...

Posted on March 4, 2016 in Ransomware

Cerber3 Ransomware

The Cerber3 Ransomware is a new version of a well-known ransomware Trojan. The Cerber Ransomware Trojan now uses a slightly different method during its attack. The main difference is that the files infected by the Cerber3 Ransomware can be identified through the use of .CERBER3 as the extension that identifies the files that have been encrypted in the attack. PC security analysts had observed a Cerber2 variant of this attack previously. This numbering system may indicate new versions of software, and threats are no exception. The appearance of the Cerber3 Ransomware indicates that the Cerber ransomware family is being developed and updated currently. The Cerber3 Ransomware and Possible Updates to this Threat The Cerber3 Ransomware was discovered recently, around the end of August of 2016. The Cerber3 Ransomware presents minor...

Posted on September 1, 2016 in Ransomware

DNS Unlocker

The DNS Unlocker is adware that has caught the attention of PC security researchers. Many computer users have been using programs like the DNS Unlocker to bypass region-locking components in online applications. The DNS Unlocker, in particular, has been advertised as a way for computer users to access Netflix for regions outside of their location. PC security analysts strongly recommend against this approach. There are numerous applications available that supposedly allow computer users to modify their IP or connect to certain websites that are blocked for certain regions. However, this is a common way for adware developers to distribute their low-level and mid-level threats. In several situations, it may be better to avoid using these types of components or looking for reputable options even if they are slightly more expensive than...

Posted on June 15, 2015 in Adware

Tavanero.info

Tavanero.info is a bogus search engine that is associated with a PUP (Potentially Unwanted Program). Tavanero.info attempts to mimic the look and feel of the Google search engine to mislead computer users. Tavanero.info uses the Google logo colors in its layout and even includes the term 'GoogleTM Custom Search,' despite the fact that Tavanero.info has no affiliations with Google. Tavanero.info should be considered for what it is, a bogus search engine that may be used to expose computer users to potentially harmful online advertisements and content. There is no legitimate connection between Tavanero.info and Google, despite this fake search engine's claims. The Activities of Tavanero.info and Its Associated PUP Tavanero.info is linked to a type of PUP known as a browser hijacker, mainly because these components may be used to hijack...

Posted on September 6, 2016 in Browser Hijackers

Tech-connect.biz

If Tech-connect.biz start appearing as your homepage and search engine, this means that your computer is housing a browser hijacker. Then you wonder how it could have happened if wasn't you who introduced Tech-connect.biz on your machine. The answer is very simple; browser hijackers may be part of the installation of a free software you downloaded from the Web recently. This is a well-used method since the computer users may be in a hurry when installing the free program they need and instead of choosing 'Advanced' or 'Custom,' used the quickest installation method, skipping its EULA and additional details, giving the browser hijacker, adware, and PUPs, the permission to be installed unknowingly. Although not threatening, Tech-connect.biz may cause a series of inconveniences to the computer users, such as appending the argument...

Posted on September 15, 2016 in Browser Hijackers

Antivirus Security Pro

Antivirus Security Pro screenshot

Antivirus Security Pro is a rogue security application that belongs to a large family of rogue security software known as . Antivirus Security Pro is a fake security program that is disguised as a legitimate anti-virus application. Antivirus Security Pro does this by displaying false positives and bogus security warnings on the victim's computer. There are several ways in which criminals distribute Antivirus Security Pro, including malicious attack websites and spam email messages containing malicious attachments. Security analysts consider that Antivirus Security Pro presents a threat to your computer. Because of this, ESG security researchers strongly recommend that computer users...

Posted on August 22, 2013 in Rogue Anti-Spyware Program

Zepto Ransomware

The Zepto Ransomware is a variant of the Trojan Locky Ransomware. The Zepto Ransomware is designed to infect all versions of the Windows operating system, from Windows XP all the way to Windows 10. Ransomware Trojans like the Zepto Ransomware are especially threatening because, even if removed, the victim's files will still be inaccessible. Essentially, the Zepto Ransomware takes the victim's files hostage, encrypting them and demanding the payment of a ransom to decrypt them. Since the files encrypted by the Zepto Ransomware are impossible to recover without access to the decryption key, PC security analysts advise that computer users take immediate preventive measures to avoid becoming victims of this and similar ransomware Trojan attacks. The Files Encrypted by the Zepto Ransomware may be Lost Forever When the Zepto Ransomware is...

Posted on June 29, 2016 in Ransomware

CryptoWall Ransomware

CryptoWall Ransomware screenshot

The CryptoWall Ransomware is a ransomware Trojan that carries the same strategy as a number of other encryption ransomware infections such as Cryptorbit Ransomware or CryptoLocker Ransomware. The CryptoWall Ransomware is designed to infect all versions of Windows, including Windows XP, Windows Vista, Windows 7 and Windows 8. As soon as the CryptoWall Ransomware infects a computer, the CryptoWall Ransomware uses the RSA2048 encryption to encrypt crucial files. Effectively, the CryptoWall Ransomware prevents computer users from accessing their data, which will be encrypted and out of reach. The CryptoWall Ransomware claims that it is necessary to pay $500 USD to recover the encrypted data....

Posted on May 12, 2014 in Ransomware

RelevantKnowledge

RelevantKnowledge screenshot

RelevantKnowledge is software that exists in a moral grey area. RelevantKnowledge is widely considered spyware, because RelevantKnowledge will collect huge amounts of information about your Internet usage, and then use that information to put together even more information about you. That information is then sold, anonymously, either individually or as part of aggregate data. Given the way that RelevantKnowledge is installed on most computers, it is unlikely that most of those users are fully aware of the facts about RelevantKnowledge. What RelevantKnowledge is, and Where it Comes From RelevantKnowledge is a product of the company MarketScore, formerly called Netsetter. MarketScore...

Posted on April 8, 2005 in Adware

EstasAzulCorrupta

EstasAzulCorrupta is a virus, which infects Microsoft Office document files. EstasAzulCorrupta makes modifications to the files including .DOC, .XLS, and .PPT leaving them with a corrupt header. EstasAzulCorrupta doesn't modify the type of the file; however, it is impossible to open the file. EstasAzulCorrupta randomly selects which file to infect and occasionally affects other files such as .PDF and .TXT. EstasAzulCorrupta usually circulates with the help of Trojans. When run on the PC, EstasAzulCorrupta alters system settings. EstasAzulCorrupta downloads files on a variety of folders on the computer system. EstasAzulCorrupta also makes changes to the Windows Registry permitting it to start automatically every time the PC user boots up Windows. EstasAzulCorrupta takes the advantage of Microsoft Office vulnerabilities to gain remote...

Posted on October 23, 2013 in Viruses

OnlineMapFinder

OnlineMapFinder is a potentially unwanted program (PUP) that is advertised at Free.onlinemapfinder.com/index.jhtml as a premium Web-app. The OnlineMapFinder application is developed by Mindspark Interactive Network, Inc. and is described at Free.onlinemapfinder.com/index.jhtml as "Maps, Driving Directions and more in one Chrome New Tab" briefly. The OnlineMapFinder application works as a browser extension/add-on that you can attach to Internet Explorer, Google Chrome, and Mozilla Firefox. You may find the OnlineMapFinder useful if you are traveling around the world with a laptop on your back. The OnlineMapFinder app may load exciting content from sources like Maps.nationalgeographic.com, Historicaerials.com, and Mapquest.com. OnlineMapFinder may be eliminated by going through the web browser add-ons and extensions menu to find and...

Posted on March 4, 2014 in Potentially Unwanted Programs

Elex Hijacker

The Elex Hijacker is a Web browser hijacker that may take over a Web browser, change its homepage and other settings and prevent computer users from restoring their Web browser to its default setting. The Elex Hijacker may be associated with a variety of other unwanted symptoms. The main reason that makes the Elex Hijacker is considered a browser hijacker is because its main purpose is to take over a Web browser to force computer users to view certain websites repeatedly and open new Web browser windows and tabs while the computer users attempt to use their computers. The Elex Hijacker is promoted as a useful Web browser extension or add-on. However, PC security researchers have determined that the Elex Hijacker does not offer any useful or beneficial service. Rather, the Elex Hijacker is designed to make money at the expense of...

Posted on December 12, 2015 in Browser Hijackers

Search Engage

Unwanted Web browser add-ons may force computer users to visit Search Engage repeatedly. This is a low-quality search engine that may be designed to profit from computer users by exposing them to advertisements and affiliate marketing links. Search Engage is linked to an adware component that is installed as a Web browser extension. Once installed, these adware components may make unwanted changes to the affected Web browser, forcing the computer user to visit Search Engage repeatedly and displaying numerous pop-up windows and new tabs. There are numerous ways in which adware linked to Search Engage may be distributed. Many cases have been linked to unwanted downloads that may be bundled with other software installed on the affected computer. To stop Search Engage redirects and pop-ups, PC security researchers recommend that computer...

Posted on April 25, 2016 in Browser Hijackers

CounterFlix

The Counterflix software is advertised as an application that can allow users to load geo-restricted content from services like Hulu, Pandora and Netflix. PC users that live in countries like India, China, and Russia, where Internet censorship applies may be interested in installing Counterflix. The services provided by Counterflix are available through the app and the modification of your DNS configuration. The setup page for Counterflix can be found at Counterflix.com and users will need to edit their system settings to install the Counterflix correctly. You should note that the Counterflix software is provided on an “As-Is” basis and you will not receive support from its developers. Unfortunately, the makers of Counterflix do not provide contact information like a Facebook page or a Twitter account, which you may need in case of...

Posted on October 2, 2016 in Adware

Cerber 4.0 Ransomware

The Cerber 4.0 Ransomware represents the next generation in development of the '.cerber' line of encryption Trojans. The Cerber 4.0 Ransomware joins other threats like the ORX-Locker and the Stampado Ransomware, which are offered as Ransomware-as-a-Service package. The RaaS business was pioneered by Encryptor RaaS in early 2015 and the developers of Cerber want a share of the market for ransomware. It appears that the coders behind the Cerber 4.0 Ransomware decided to open their product to foreign programmers and benefit from the expanded distribution network. A New JS Loader, New Obfuscation Layers, Customizable Encryption Engine and More The Cerber 4.0 Ransomware is said to boast several significant improvements compared to the Cerber v3. The Cerber v4 creates a unique file extension marker for every victim, and the Trojan is...

Posted on October 13, 2016 in Ransomware

Search Dimension

Computer users that use the Search Dimension services provided at Searchdimension.com might want to remove the Search Control browser extension associated with Searchdimension.com from their browser. The Search Control (a.k.a. Search Dimension) extension by Search Dimension Ltd. is classified as a Potentially Unwanted Program (PUP) that is known to show many advertisements in the browser and lack security checks on the content displayed at Searchdimension.com. The Search Control program is promoted as a privacy-centric browser extension, which can protect your identity online and block search engines from tracking your activity. Search Dimension Ltd. uses the same marketing pitch employed by Privacy Switch and the Shield Plus Privacy Protector. However, their product is very similar to the ZenSearch add-on and fails to provide privacy...

Posted on March 28, 2017 in Adware

More Articles

‘Error # 3658fa2deb39539’ Pop-Ups

The 'Error # 3658fa2deb39539' warning messages that are presented on a black background and say that a suspicious activity was detected on your machine should not be trusted. The 'Error # 3658fa2deb39539' warning pop-ups that appear in your browser are not generated by a legitimate security service and Web filters associated with cyber security products. The 'Error # 3658fa2deb39539' pop-up windows are loaded on insecure pages, which are used to promote fake computer support services on the 877-767-5509 and other toll-free phone lines. We have received reports from users who experienced the 'Error # 3658fa2deb39539' alerts saying that they had trouble closing the dialog box shown on their screens. The problem is caused by a bad script on the page loaded in your Internet client. The code in question is designed to keep the browser’s...

Posted on April 25, 2017 in Adware

‘Your Hard drive will be DELETED’ Pop-Ups

The 'Your Hard drive will be DELETED' pop-up messages that you may encounter on pages like ms.error-917828.tech should not be perceived as legitimate security alerts. Web surfers that tumble upon the 'Your Hard drive will be DELETED' messages should not panic and should ignore the audio record played in the background. The sites that host the 'Your Hard drive will be DELETED' warnings are part of a network of sites, which is used to advertise technical support services on toll-free phone lines. However, the 'Your Hard drive will be DELETED' pop-up windows feature misleading information and aim to scare users into calling a technical support center immediately. We have seen that the Web designers behind the 'Your Hard drive will be DELETED' campaign have enabled pages to play an audio alert on a loop and included a script that might...

Posted on April 25, 2017 in Adware

Track Packages Online

The Track Packages Online software is a product of Eightpoint Technologies Ltd. that provides services by Polarity Technologies Ltd. The software product can be found on trackpackages.online and chrome.google.com/webstore/detail/track-packages-online/ajmmhfnbcgmglcdddiidgfellfpnjngb where users are offered help with tracking the delivery of their packages, parcels and letters. The Track Packages Online program is designed to work as a browser extension, which customizes your new tab page and start page. PC users can install the Track Packages Online extension on Google Chrome, Mozilla Firefox and Internet Explorer for free. The services at trackpackages.online are available for free as well, but you should read the Terms and Conditions Agreement on trackpackages.online/pages/terms/ carefully. Track Packages Online is deemed as a...

Posted on April 25, 2017 in Possibly Unwanted Program

‘855-442-0666’ Pop-Ups

The '855-442-0666' pop-up alerts that may appear on your screen while surfing the Internet should be ignored. The '855-442-0666' messages are associated with compromised pages, phishing pages, and fake computer support services. Cyber security researchers report that the '855-442-0666' messages are known to be hosted on compromised sites and untrusted domains. The '855-442-0666' pop-up windows are used to direct users to call toll-free phone lines like 855-442-0666 and ask for a computer technician to take a look at their systems. Web surfers may be suggested that they can find help from a certified Apple/Microsoft support agent by calling the 855-442-0666 phone number listed on the '855-442-0666' warning. However, we strongly advise against following the instructions shown on your screen. The '855-442-0666' phone line is not...

Posted on April 25, 2017 in Adware

Search.hr

Search.hr is presented to Web surfers as a search service that employs the same color scheme you may be familiar with on Google.com. The Search.hr site is not associated with Google Inc. and appears to be an independent service that is provided by a company under the name of Cro-bit Ltd. Search.hr is not a real search engine and it functions as a redirect-gateway to Search.yahoo.com where users will find links to resources and services by Yahoo. Computer users reported cases of browser hijacking that involved the Search.hr site, which was loaded as the default start page, new tab page and search provider. Affected users may have installed a free program that was developed in partnership with Cro-bit Ltd. The company is involved in Web development, Internet marketing, computer repair and mobile phone development. Free software...

Posted on April 25, 2017 in Browser Hijackers

JeepersCrypt Ransomware

The JeepersCrypt Ransomware is an encryption Trojan that is designed to encipher data on compromised systems and suggest the user pay a ransom for the decryption key. The JeepersCrypt Ransomware Trojan is known to target users in South America, and the campaign for its distribution is concentrated in Brazil. PC users that are located in Brazil may receive spam emails that appear to be sent from companies like Cemig, Copel, and Vivo, which offer essential services to the general public. The payload for the JeepersCrypt Ransomware may be attached to spam emails as a benign text document, a PDF file, a spreadsheet, and an archive of images. When you try to open the corrupted file a UAC (User Account Control) pop-up may appear, and the click on OK would allow the Trojan to be installed on the system. Computer security experts that obtained...

Posted on April 25, 2017 in Ransomware

Shifr Ransomware

The Shifr Ransomware program falls in the category of encryption Trojans that are used to make data inaccessible on compromised systems. Users that are undermined by the Shifr Ransomware have reported that the Shifr Ransomware Trojan presents a notification in the form of 'HOW_TO_DECRYPT_FILES.html,' which is loaded in the default Internet browser and invites them to pay 0.1 Bitcoin (126 USD/114 EUR for the private decryption key. As you may know, threats like the Shifr Ransomware use ciphers like the AES-256 and RSA-248 to lock data using a unique encryption key. The decryption key is obfuscated after your files are locked, and you are suggested to pay a “fee” to have your files unlocked. That is the fundamental principle that drives even the most sophisticated encryption Trojans like the Spora Ransomware and the Cerber 4.0 Ransoware....

Posted on April 25, 2017 in Ransomware

‘Important Security Alert From Windows’ Pop-Ups

The 'Important Security Alert From Windows' pop-up windows that users may experience at 4xt-setup.win should not be trusted. The 4xt-setup[.]win domain is part of a network of sites that are used to promote computer support services on the 866-995-5065 phone line. However, the 866-995-5065 phone line is not associated with a legitimate company. The services advertised via the 'Important Security Alert From Windows' are provided by con artists who pretend to be employees at Microsoft Corp. and offer help to users who can't remove the 'Important Security Alert From Windows' alerts. The warnings on your screen may be loaded by a browser hijacker that has entered your system. Also, Web surfers may be redirected to pages like 4xt-setup[.]win that are designed to cause navigation problems and suggest the users that their PCs may be infected...

Posted on April 24, 2017 in Browser Hijackers

‘Windows 7 Support – Case ID’ Pop-Ups

The 'Windows 7 Support – Case ID' pop-up windows in the browser that refer to the (844)-624-2338 phone line should not be perceived as security alerts by Microsoft. The 'Windows 7 Support – Case ID' alerts are classified as fake security warnings that are designed to look as though they are delivered by the Microsoft Copr. to your screen. We have received reports that the 'Windows 7 Support – Case ID' messages may be displayed via pages like: browseclean[.]bid browseclean[.]space/Final-Notice/tito2.php# nimbleland.co[.]in/bb/www.usaa.com.inetent_logon-signon/home/pin.php realtimescan.flu[.]cc stop-immediately[.]club system-error-found.flu[.]cc/5mp-can-not-proceed/ag2lbxv5M.php The domains listed above are registered to the 108.167.146.95 IP address and have been found to host images, text, audio, and videos that are used for the...

Posted on April 24, 2017 in Browser Hijackers

‘Firewall Detected Suspicious Network Connections’ Pop-Ups

The 'Firewall Detected Suspicious Network Connections' pop-up windows that say Microsoft has detected "suspicious" activity on your machine are not legitimate security warnings. The 'Firewall Detected Suspicious Network Connections' messages might feature the Microsoft Corp. logo and appear as custom pages on Support.microsoft.com but you should not call the phone numbers listed on your screen. The 'Firewall Detected Suspicious Network Connections' notifications are used to lure users into calling toll-free phone lines that are operated by con artists. The operators associated with the 'Firewall Detected Suspicious Network Connections' notifications might claim they are certified Microsoft technicians who can help you remove the virus that is the reason for the 'Firewall Detected Suspicious Network Connections' pop-up. Security experts...

Posted on April 24, 2017 in Adware

Adblocker For Youtube

The Adblocker For YouTube (also known as 'Clean YouTube') extension claims to do what its name suggests—block ads that are placed on videos at YouTube.com. Web surfers that favor the YouTube video platform due to its large user-base and quality content providers may be interested in blocking aggressive advertisements that some channels may incorporate in their video products. Many users may not like the sponsored commercials and search results on YouTube and seek to install the Adblocker For YouTube extension. The Adblocker For YouTube app is not associated with the projects uBblock Origin and AdBlock Pro, which many perceive as the "industry leaders." We have received reports that the Adblocker For YouTube is not doing its job and some ads may lack information on their source, which suggests that adware on the system may generate...

Posted on April 24, 2017 in Possibly Unwanted Program

Microcosm New Tab

The Microcosm New Tab extension that you may install with a free software bundle choosing the 'Express' option is deemed as a Potentially Unwanted Program (PUP). The developer of the Microcosm New Tab extension designed the app to substitute the default new tab and start page on Google Chrome. Moreover, the Microcosm New Tab app's icon is identical to the 'Homepage' icon on Google Chrome and users need to hover over it to distinguish both buttons. Needless to say, if the users install the Microcosm New Tab extension with a software package they may wonder why the start and new tab pages look different. The official page of Microcosm New Tab can be found at microcosmtab.com, and the Web store page can be found at chrome.google.com/webstore/detail/microcosm-new-tab/nagnmfhgkjkplbhplkbicmpkfopmnefp. The developer of the program advertises...

Posted on April 24, 2017 in Possibly Unwanted Program

Search.searchquicks.com

The Search.searchquicks.com site is presented to Web surfers as a free search service that provides search results via a customized Yahoo engine. Search.searchquicks.com is not among the Top 10 or the Top 20 search services on the Web, and many users may not be familiar with Search.searchquicks.com. The portal is associated with the 'Quick Search' browser extension that is a product of Eightpoint Technologies Ltd. which you may know for apps like Easy Television Access and Directions Express. The generic name of the 'Quick Search' extension may be intended to fool users into thinking that it is part of their browser's native features. The Eightpoint Technologies Ltd. is known to participate in the development of an ad-supported program, which aims to reroute users to unreliable search engines. The 'Quick Search' app is not an...

Posted on April 21, 2017 in Browser Hijackers

Yousearch.io

The Yousearch.io site is offered to users as a search service with a clean and straightforward interface. The Yousearch.io site does not provide ownership information, and there is no company name listed on any of its pages. Also, the news and image search functionality does not work. Only the text and video search are somewhat operational. If you are looking to change your primary search provider to Yousearch.io there are better alternatives. The Yousearch.io service is an ad-supported portal, and it is designed to pull results from a limited number of pages when you type keywords that are listed on yousearch.io/get/index. The connection to Yousearch.io is encrypted by default but that does not mean the results shown on Yousearch.io are clean. The portal does not appear to partner with initiatives like the Google Safebrowsing, Mozilla...

Posted on April 21, 2017 in Browser Hijackers

AES-NI Ransomware

The AES-NI Ransomware is a ransomware Trojan that seems to be associated with the use of NSA exploits leaked by the hacking group Shadow Brokers. According to tweets released by the AES-NI Ransomware's creator, a Windows server vulnerability was used to install the AES-NI Ransomware, a low-quality ransomware Trojan. There is one thing clear about these claims; the AES-NI Ransomware has been responsible for numerous attacks in April 2017. Between April 10 and April 22 the detection of the AES-NI Ransomware has been at about 0 to 5 infected systems every day, with more than 100 victims by the end of the measurement period. This spike in infections seems to coincide with the leak of Windows exploits. However, PC security researchers consider that these exploits are not being used to deliver the AES-NI Ransomware, regardless of the con...

Posted on April 21, 2017 in Ransomware
1 2 3 4 5 6 7 8 9 10 11 1,143