GOG Ransomware

The GOG Ransomware has nothing to do with the GOG.com store for DRM-free games and goodies. The GOG Ransomware is named after an image that says ‘THE GOG RANSOMWARE,’ which was found in the resource section of its primary executable. The GOG Ransomware was reported in the last days of December 2016 and appears to be yet another crypto-threat. Cyber security analysts note that the GOG Ransomware is not a unique threat and its functionality is rather straightforward. The GOG Ransomware is installed on computers via spam emails loaded with corrupted text documents. Samples recovered from phishing emails suggest the distribution campaign for the GOG Ransomware includes logos from banking institutions, social media, online stores and NGOs. Computer users that allow a macro from untrusted source to run on their PCs may...

Posted on January 4, 2017 in Ransomware

‘Merry X-Mas!’ Ransomware

The ‘Merry X-Mas!’ Ransomware receives its name because of the title of its ransom note. Victims of the ‘Merry X-Mas!’ Ransomware have reported that their files become encrypted during the attack and a ransom note is displayed wishing them a Merry Christmas. The ‘Merry X-Mas!’ Ransomware is being distributed through spam email messages. The spam email campaign associated with the ‘Merry X-Mas!’ Ransomware seems to impersonate a claim from the Federal Trade Commission, accusing the victim of violating the law and instructing the victim to click on an embedded link. Computer users will note that the domain used to send the email is ftc.gov.uk, which does not exist. After all, a domain located in the United Kingdom would not make sense for an agency of the United States government! Clicking...

Posted on January 3, 2017 in Ransomware

Globe Imposter Ransomware

The ‘Globe Imposter’ Ransomware is a ransomware Trojan that was first observed in the last weeks of 2016. The ‘Globe Imposter’ Ransomware is a bogus version of Globe Ransomware, a well-known ransomware Trojan. Hiding a less efficient threat by disguising it as a more powerful or better- known threat is a common deception method used by con artists, and this method was used before in ransomware attacks. For example, there are countless ransomware variants that impersonate the well-known CryptoLocker ransomware Trojan, despite using a less powerful encryption or not using encryption at all. The ‘Globe Imposter’ Ransomware is typically spread using corrupted email attachments that use macros to download and install the ‘Globe Imposter’ Ransomware on the victim’s computer. Disabling...

Posted on January 3, 2017 in Ransomware

OpenToYou Ransomware

The OpenToYou Ransomware is an encryption ransomware Trojan that is used to force computer users to pay large sums. To carry out this attack, the OpenToYou Ransomware encrypts its victim’s files, making them inaccessible without the decryption key. Victims of the OpenToYou Ransomware attack are charged a ransom in exchange for the decryption key, which is stored on the Command and Control servers of theOpenToYou Ransomware Trojan. While it may be impossible to recover the files affected by encryption ransomware Trojans like the OpenToYou Ransomware, malware researchers have released a free decryption program for the OpenToYou Ransomware. This gives computer users affected by the OpenToYou Ransomware a way out without needing to pay the OpenToYou Ransomware ransom or to restore files from a backup copy. There are countless...

Posted on January 3, 2017 in Ransomware

Antivirus 10

Antivirus 10 is a fake anti-virus application that is used to scare inexperienced computer users. Although Antivirus 10 looks like an anti-virus program, it is a Trojan designed to trick computer users into paying for its services. These programs, known as rogue anti-malware applications, are a common tactic that has been around for more than a decade. Antivirus 10 does not have the capacity to detect or remove threats. All notifications and ‘scan results’ from Antivirus 10 should be ignored. Antivirus 10 itself should be removed with a real security program that is fully up-to-date. Antivirus 10 is designed to scare computer users. To do this, it will display bogus security notifications worded so as to make computer users believe that their computers have become infected with threats. Below are some examples of the...

Posted on January 3, 2017 in Rogue Anti-Virus Program

EdgeLocker Ransomware

The EdgeLocker Ransomware is an encryption ransomware Trojan. Threats like the EdgeLocker Ransomware enter a computer and take it hostage until the victim pays a large sum. To take the victim’s computer hostage, the EdgeLocker Ransomware encrypts the victim’s files using a strong encryption algorithm. The encrypted files become inaccessible without the decryption key, which the con artists hold in their possession. The EdgeLocker Ransomware represents a real threat to the computer users’ data, and preventive steps should be taken to limit the damage of a possible EdgeLocker Ransomware attack. The EdgeLocker Ransomware is designed to enter the victim’s computer undetected, delivered in a corrupted spam email attachment. During its attack, the EdgeLocker Ransomware uses the RSA encryption to make the...

Posted on January 2, 2017 in Ransomware

Grandburst.com

The Grandburst.com portal serves as the official page for the Grand Burst extension. The Grand Burst extension supports Internet clients based on the Chromium project, which includes Google Chrome, SRWare Iron, Vivaldi, Epic Browser, Yandex Browser and Opera. You may see the extension from Grandburst.com listed as Grand Burst Chrome New Tab Extension in software packages that include programs from third parties. Software bundling is a tactic used by freeware and shareware developers to help each other reach more Windows users. The practice is abused by adware developers as well, who hope that many users would rush the installation using the ‘Express’ or ‘Typical’ option and allow a potentially unwanted program to work on the computer. The Grand Burst extension is promoted as a suite of customizations to the...

Posted on December 30, 2016 in Possibly Unwanted Program

[YOUR IP].Moshimoshi.top

The [YOUR IP].Moshimoshi.top pop-up windows may appear on Google Chrome and other respected Internet clients offering misleading information and should be avoided. That may be hard for some users considering that the pages associated with [YOUR IP].Moshimoshi.top receive Web traffic from browser hijacking software. Computer users that wish to avoid browser hijackers may want to explore the ‘Custom’ and ‘Advanced’ options of software installers. Software bundling may be used by the developers of riskware, adware and browser hijackers widely. The [YOUR IP].Moshimoshi.top pop-up windows were reported by users who were rerouted to personalized [YOUR IP].Moshimoshi.top pages from ads, adware and browser hijackers. As you can see, the operators of the Moshimoshi.top domain may take advantage of the public IP...

Posted on December 30, 2016 in Adware

‘mkgoro@india.com’ Ransomware

The ‘mkgoro@india.com’ Ransomware is another variant of the Dharma Ransomware that surfaced not too long after the ‘amagnus@india.com’ Ransomware and the ‘supermagnet@india.com’ Ransomware that belongs to the same family of crypto-threats. The team behind Dharma seems busy releasing their Trojan under new names and tend to switch between email accounts. PC security researchers alert that the new version of Dharma is delivered the same way as its older forms—spam emails. Computer users may encounter emails that appear legitimate, include logos from social media, payment portals, and banks as well as an invitation to download and open a file with a random name. Most infiltration techniques used to install the ‘mkgoro@india.com’ Ransomware involve a macro-enabled text document, but we...

Posted on December 30, 2016 in Ransomware

Splintersearch.com

The Splintersearch.com search service was brought to attention by users who were redirected to Splintersearch.com automatically. Splintersearch.com presents itself as a search portal that features minimalistic design and does not offer much in the form of filters and custom parameters. Web surfers that visit Splintersearch.com may be provided with a search field, Splintersearch’s logo and nothing more. As far as obstruction-free design goes, Splintersearch.com may be the best amongst its kin. Compared to giants like Google and respected services like DuckDuckGo, Splintersearch.com may not seem like a good search provider. Splintersearch.com is associated with browser hijacking and is not a legitimate search portal. Splintersearch.com is a redirect-gateway to Snap.do that is not qualified as a respected service provider....

Posted on December 30, 2016 in Browser Hijackers

‘Membership Rewards’ Pop-Ups

The ‘Membership Rewards’ pop-up windows in your browser may not come from trusted advertisers. The ‘Membership Rewards’ pop-up windows may be generated on phishing pages, which you may open when you click on corrupted ads or are infected with a browser hijacker. Computer users that are interested in receiving the gifts promised by the ‘Membership Rewards’ should know that the gifts are fake and used as bait. You will not receive a free iPhone 7, Apple iMac or an Amazon Gift Card because you opened a random page on the Internet. The ‘Membership Rewards’ pop-ups may appear when you click on advertising banners and click-bait ads. The domains used to host the ‘Membership Rewards’ messages are flagged by VA vendors as phishing pages and should not be trusted. We have seen a...

Posted on December 29, 2016 in Adware

‘MNS CryptoLocker’ Ransomware

The MNS CryptoLocker Ransomware is a file encryption Trojan. The MNS CryptoLocker Ransomware is used to encrypt the victims’ files, then demands the payment of a ransom in exchange for the decryption key. The MNS CryptoLocker Ransomware threatens victims with the prospect of never recovering their files. The MNS CryptoLocker Ransomware uses the AES encryption to make the victim’s files inaccessible. Unfortunately, once the MNS CryptoLocker Ransomware encrypts the victim’s files, these files will become inaccessible. The MNS CryptoLocker Ransomware is being distributed as an alternate version to the CryptoLocker family of ransomware, a large and well-known ransomware family. Many ransomware Trojans claim these connections without it meaning that the MNS CryptoLocker Ransomware belongs to this family of ransomware...

Posted on December 29, 2016 in Ransomware

‘ihurricane@sigaint.org’ Ransomware

The ‘ihurricane@sigaint.org’ Ransomware is a ransomware Trojan that is used to take money from computer users. The ‘ihurricane@sigaint.org’ Ransomware is a variant of the Stampado Ransomware . The ‘ihurricane@sigaint.org’ Ransomware was released on the Dark Web for con artists to purchase. Variants of the ‘ihurricane@sigaint.org’ Ransomware are on sale for $39 USD on the Dark Web currently. Con artists can take advantage of this Ransomware as a Service (RaaS) offer to buy a ready made ransomware Trojan and then carry out attacks on the targets of their choice. The ‘ihurricane@sigaint.org’ Ransomware is being distributed using corrupted spam email attachments, which use corrupted files that exploit known vulnerabilities on victims’ computers. The...

Posted on December 29, 2016 in Ransomware

KillDisk Ransomware

The KillDisk Ransomware is a ransomware Trojan that is being used to take money from computer users. The KillDisk Ransomware existed in a previous version that did not have encryption capabilities. The latest version of the KillDisk Ransomware, however, does encrypt victims’ files to demand payment of an enormous ransom. The size of the ransom indicates that it is likely that the KillDisk Ransomware is targeted towards businesses and industrial targets specifically. The KillDisk Ransomware uses a sophisticated communications method that involves the Telegram API to connect to its Command and Control server. Analysis of the KillDisk Ransomware has revealed that each sample of this threat infection includes a unique Telegram account for communications. The KillDisk Ransomware has full encryption ransomware capabilities, meaning...

Posted on December 29, 2016 in Ransomware

Survey.[RANDOM NUMBER].ws

Security researchers alert that Web surfers that use to click on suspicious ads and click-bait links may be presented with content from domains named Survey.[RANDOM NUMBER].ws. We have received reports that advertisers and adware developers use pages registered to the 45.79.206.139 IP address to claim pay-per-click revenue and promote riskware. You may experience pop-up windows loaded with content from Survey.[RANDOM NUMBER].ws, which claim to provide search functionality while the following message is displayed on your screen: ‘Search whatever you are looking for! [text box that says ‘Enter Your Email’] Submit Email to Continue’ The message is not accompanied by a company logo and information as to who owns the Survey.[RANDOM NUMBER].ws domains. The lack of ownership information should make you cautious...

Posted on December 29, 2016 in Adware
1 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 1,126