PayDay Ransomware

The PayDay Ransomware was spotted by security analysts while investigating a Trojan associated with an image from the Payday game franchise from Overkill Software. Investigators report that the PayDay Ransomware is an encryption Trojan based on the Hidden Tear project published by Utku Sen on Github.com. The PayDay Ransomware ranks amongst threats such as the Satan666 Ransomware and the HappyLocker Ransomware . The PayDay Ransomware is aimed at PC users who speak Portuguese and leaves the email catsexy@protonmail.com for contact between victims and operators. Researchers note that the PayDay Ransomware can encrypt data hosted on local drives and removable storage such as USB drives and media players. You can recognize enciphered files by the ‘.sexy’ extension placed after the original file extension. For example,...

Posted on December 13, 2016 in Browser Hijackers

Kraken Ransomware

The Kraken Ransomware is named after the title of the ransom note displayed on the victim’s screen. Apparently, the designers behind the Kraken Ransomware are not as creative as those behind the Jigsaw Ransomware and the Mahasaraswati Ransomware , which include a mascot so to speak. The Kraken Ransomware is spread among users via spam emails, links that lead to compromised pages, and executable with a double extension that may appear as benign documents. The Kraken Ransomware is a standard encryption Trojan that is programmed to append the ‘.kraken’ suffix to encrypted files and encode their names using base64 algorithm. The Kraken crypto-threat is using the AES-256 cipher to encrypt the contents of data containers that are used to store images, presentations, audio, videos, databases and spreadsheets. We have...

Posted on December 13, 2016 in Rogue Anti-Spyware Program

SystemKeeperPro

The SystemKeeperPro software from Monterix Software is advertised at Systemkeeperpro.us as a system optimization and safety tool. Computer users are offered ‘a 9-in-1 ultimate tool which automatically fixes common system errors, optimizes system settings and cleans your PC’ according to Systemkeeperpro.us. SystemKeeperPro is shareware that supports a trial version that allows users to diagnose their system with SystemKeeperPro and receive a report on potential problems. However, you need to purchase a commercial license to address any problems found by SystemKeeperPro. Monterix Software offers licenses for two, three and five computers on your network and you may be welcomed to pay between $30 and $60 depending on your needs. SystemKeeperPro is deemed by computer experts as a Potentially Unwanted Program (PUP) since most...

Posted on December 13, 2016 in Possibly Unwanted Program

‘Your Computer is heavily damaged! (33.2%)’ Pop-Ups

The ‘Your Computer is heavily damaged! (33.2%)’ pop-ups are associated with a browser hijacking software that may affect Internet clients such as Google Chrome, Opera, Internet Explorer and Mozilla Firefox. The browser hijacker at hand may have arrived on your PC with a freeware bundle and run as a browser add-on. Security experts have received complaints from users that the ‘Your Computer is heavily damaged! (33.2%)’ pop-ups appear at random intervals and suggest there are viruses on their PCs. The ‘Your Computer is heavily damaged! (33.2%)’ notifications are known to be hosted on untrusted pages and display the following message: ‘DOWNLOAD REQUIRED Your Computer is heavily damaged! (33.2%) Please download PC Keeper™ application to remove (3) Viruses from your Pc. VIRUS INFORMATION...

Posted on December 12, 2016 in Adware

Bigslide.ru

The Bigslide.ru site is home to presentations on various topics. Bigslide.ru offers access to free presentations in the sphere of biology, geometry and twenty-six more areas of human knowledge. The owners of Bigslide.ru support open access to the presentations by showing commercial offers from sponsors. Visitors can use services like Steam, Vkontakte, Mail.ru, Facebook, and LinkedIn to create a profile on Bigslide.ru and build a playlist of favorite presentations for easy navigation. If you are interested in using Bigslide.ru for research purposes, you should take into consideration that the site supports only a version in Russian. Web surfers who do not know Russian and have trouble reading Cyrillic are not likely to stay on at Bigslide.ru for too long. We have received reports that Bigslide.ru is associated with a search service...

Posted on December 12, 2016 in Browser Hijackers

‘M4N1F3STO Virus’ Lockscreen

The ‘M4N1F3STO Virus’ Lockscreen is generated by a Trojan that is designed to fool the users into believing that the data on their computers was encrypted and about to be deleted. The developer of the ‘M4N1F3STO Virus’ requires the payment of 0.3 Bitcoin (234 USD or 221 EUR) to be made to a wallet address in case you don’t want your files to be deleted. The message shown by the ‘M4N1F3STO Virus’ Trojan resembles many variants we have seen with threats like the Cuzimvirus Ransomware and the BrLock Ransomware . There does not appear to be a connection between the Trojans mentioned before, and the ‘M4N1F3STO Virus’ Lockscreen may look like a joke to some users. However, the ‘M4N1F3STO Virus’ threat is no joke and can cause distress for many users since it can be...

Posted on December 12, 2016 in Ransomware

UltraLocker Ransomware

The UltraLocker Ransomware is a ransomware Trojan that is being used to attack computer users around the world. The UltraLocker Ransomware works in a way similar to most other ransomware Trojans, encrypting the victim’s files and then demanding that the victim pays a ransom in exchange for the decryption key. Essentially, the UltraLocker Ransomware takes the victim’s files hostage in exchange for ransom. Part of what makes the UltraLocker Ransomware attack so effective and these threats so popular is that even if the UltraLocker Ransomware infection itself is removed, the victim’s files will remain inaccessible. Unfortunately, modern encryption methods make it nearly impossible to recover the files that have been encrypted in these attacks; the same technology that allows us to keep our data safe, also allows these...

Posted on December 12, 2016 in Ransomware

‘Xbotcode@gmail.com’ Ransomware

The ‘Xbotcode@gmail.com’ Ransomware is a ransomware Trojan that is being used to trick computer users. The ‘Xbotcode@gmail.com’ Ransomware is being sold on the Dark Web. PC security researchers named the ‘Xbotcode@gmail.com’ Ransomware because of the email address that is used to contact the ‘Xbotcode@gmail.com’ Ransomware’s developers. Some anti-virus programs will detect the ‘Xbotcode@gmail.com’ Ransomware as the ‘Source Code’ Ransomware because its source code is freely available in several different versions. The ‘Xbotcode@gmail.com’ Ransomware is being offered to con artists as a RaaS (Ransomware as a Service) platform that allows anyone to create ransomware campaigns and profit at the expense of victims around the world. By using a botnet to...

Posted on December 12, 2016 in Ransomware

Levis Locker Ransomware

The Levis Locker Ransomware is named after the media creator LewissTechYT whose photo is incorporated into the lockscreen used by the Ransomware. The Levis Locker Ransomware was discovered while researchers were looking into spam emails carrying suspicious files. The distribution scheme for the Levis Locker Ransomware involves logos from trusted companies, banks, and NGOs with the aim to convince users into opening a macro-enabled attachment. The Levis Locker Ransomware is a Trojan that is designed to lock the screen of the user and display a rather disturbing message. The Levis Locker lock screen features accusations that the user is engaged in browsing illegal materials including child pornography, bestiality, torture and rape. These allegations are more than likely to trigger an angry reaction from many users. The successful...

Posted on December 12, 2016 in Ransomware

Mynetspeed.co

The MyNetSpeed.co extension promoted on Mynetspeed.co is said to help users check their Internet speed and keep up with how their Internet Service provider performs. The MyNetSpeed.co extension is supposed to support Internet Explorer, Google Chrome, and Mozilla Firefox, which are widely used by Web surfers. The MyNetSpeed.co extension may make several changes to the user’s default Internet client, which include changing the homepage to Mynetspeed.co/homepage/homepage.html?id=11192 and modifying the new tab page to include widgets named ‘Speed Test by Ookla’ and ‘Fast.com powered by Netflix.’ The page on Mynetspeed.co/homepage/homepage.html?id=11192 features a clock based on your approximate location, which is determined by reading your IP address. Your new homepage offers access to Fast.com and...

Posted on December 9, 2016 in Browser Hijackers

Discretesearch.com

Security analysts report that the Discretesearch.com website is connected to a browser hijacker that may be released to PC users as a search helper included in free program bundles. The Discrete Search browser hijacker is promoted as a search add-on that can enable users to perform untraceable search tasks unlike the services provided by Google, Bing and Yahoo. While these services are safe, they use tracking cookies to analyze Web traffic and show advertisements that generate revenue and pay for server maintenance, staff and new features. Discretesearch.com claims to offer a search functionality without the tracking cookies, as well as incorporate a Perfect Forward Secrecy (PFS) technology. PFS allows better security compared to SSL connections because tokens used to encode your link are generated with each command on...

Posted on December 9, 2016 in Browser Hijackers

QuickWeatherAlert Toolbar

The QuickWeatherAlert Toolbar software is developed by Mindspark Interactive Network, Inc. and can be downloaded at Free.quickweatheralert.com. Web surfers that are using Google Chrome, Internet Explorer and Mozilla Firefox for their online activity can install the QuickWeatherAlert Toolbar for free. Mindspark does not charge users who install the QuickWeatherAlert Toolbar. The QuickWeatherAlert software is promoted to help users get local weather forecast including the forecast for parts of the country you are interested in. Data regarding weather is pulled by the QuickWeatherAlert Toolbar from several sources and arranged in news feed. The QuickWeatherAlert Toolbar is designed to introduce several changes to your browser, which include altering your new tab page. You may be urged to allow QuickWeatherAlert set a new homepage for...

Posted on December 9, 2016 in Possibly Unwanted Program

‘.VforVendetta File Extension’ Ransomware

The ‘.VforVendetta File Extension’ Ransomware is packed as a Trojan that you may come in contact when you enable a macro in documents downloaded from spam emails. The ‘.VforVendetta File Extension’ Ransomware is a version of the SamSam Ransomware , which we covered in an article in April 2016. The variant ‘.VforVendetta File Extension’ Ransomware may have been inspired from the movie ‘V for Vendetta’ from 2005, which introduced the Guy Fawkes mask worldwide and later became the symbol of the hacktivist group Anonymous. As its name suggests, the ‘.VforVendetta File Extension’ Ransomware is named after the marker placed on encrypted objects. For example, ‘Lockheed Martin F-22 Raptor.pptx’ is transcoded to ‘Lockheed Martin F-22 Raptor.pptx..VforVendetta’....

Posted on December 9, 2016 in Ransomware

‘_morf56@meta.ua_ File Extension’ Ransomware

The ‘_morf56@meta.ua_ File Extension’ Ransomware is an encryption Trojan that is named after the marker it uses to notify the users about the data encryption. The files affected by the ‘_morf56@meta.ua_ File Extension’ Ransomware feature the ‘_morf56@meta.ua_’ suffix appended after the default file extension. For example, ‘Essexite rock.docx’ will be encrypted to ‘Essexite rock.docx_morf56@meta.ua_’ and you may need to do another report on a silica-undersaturated mafic plutonic rock. The ‘_morf56@meta.ua_ File Extension’ Ransomware is a Trojan that is spread among Windows users via a spam campaign that carries macro-enabled documents. As you may know, the macro functionality in digital documents is abused by threat actors to deliver threats. Security researchers...

Posted on December 9, 2016 in Ransomware

Supermagnet@india.com Ransomware

The ‘Supermagnet@india.com’ Ransomware is a Trojan that is a variant of the Dharma Ransomware . The ‘Supermagnet@india.com’ Ransomware is named after the email left for negotiations between operators and users affected by the Trojan. Reports from users show that the distribution campaign for the ‘Supermagnet@india.com’ Ransomware is centered on using dummy spreadsheets that have an embedded macro. The content of the dummy spreadsheets that serves as a decoy and as a message to enable macro is placed on the top of the document. Users who are lead to open the spreadsheet may enable the macro functionality in their office clients and run the macro. Windows interprets the macro as a command to download and run an executable with elevated privileges. Researchers note that the...

Posted on December 8, 2016 in Ransomware