EvilLock Ransomware

The EvilLock Ransomware is a ransomware Trojan that is used to encrypt the victims’ files. The EvilLock Ransomware does this so that the people responsible for the attack can then demand a ransom payment in exchange for the decryption key, needed to recover the affected files. Take precautions to ensure that your computer is well protected against ransomware Trojans like the EvilLock Ransomware. The EvilLock Ransomware is designed to encrypt files. There are several versions of the EvilLock Ransomware. The newest of these can be identified easily because files that are encrypted during the EvilLock Ransomware will have the extension ‘.EvilLock,’ which is added to each affected file’s name. The victims of the EvilLock Ransomware attack are instructed to contact the con artists responsible for the attack at...

Posted on February 1, 2017 in Ransomware

Tampa, Orlando, and St. Louis had the Highest 2016 Malware Infection Rates in the United States

Computers in Tampa, Orlando, and St. Louis are more likely than computers in any other city to be infected with malware. That’s according to data released today by ESG, makers of the SpyHunter anti-spyware program . The ESG research team compiled their latest data based on malware detection data from SpyHunter in the 100 largest cities in the United States in all of 2016. Tampa, Florida; Orlando, Florida; and St. Louis, Missouri each had malware infection rates more than five times the national average. Denver and Atlanta rounded out the top five. The same three cities topped the list of highest infection rates in 2015 as well. “There could be a number of factors including the demographics of the area, how widespread PC usage is (versus Mac or mobile devices), we’ve even seen weather play a role in infections...

Posted on January 31, 2017 in Computer Security

‘.7zipper File Extension’ Ransomware

The ‘.7zipper File Extension’ Ransomware is a ransomware Trojan that seems to target computer users in Portuguese-speaking countries (mainly Brazil). The ‘.7zipper File Extension’ Ransomware is branded around the 7-zip program, a popular free utility used to read and create archive files. The people responsible for the ‘.7zipper File Extension’ Ransomware has implemented the open source code of this popular free application into their ransomware Trojan. Computer users in countries where Portuguese is the main language reported attacks involving the ‘.7zipper File Extension’ Ransomware starting on January 29, 2017. Victims of the ‘.7zipper File Extension’ Ransomware attacks claimed to have received spam email messages disguised as notifications from essential service providers...

Posted on January 31, 2017 in Ransomware

‘This is Hitler’ Ransomware

The ‘This is Hitler’ Ransomware is a ransomware Trojan that is being used to attack computer users around the world. The ‘This is Hitler’ Ransomware is the final version of a ransomware Trojan that was released earlier in 2016. This is obvious but also stated directly in the ‘This is Hitler’ Ransomware’s ransom note. However, although there is a relationship between the two, malware analysts suspect that the people responsible for the ‘This is Hitler’ Ransomware are not the same people that created the original Hitler Ransomware . The ‘This is Hitler’ Ransomware, like its predecessor, fails to encrypt the victim’s files. However, while the earlier version of this threat deleted the victim’s files with intent to do harm, the ‘This is Hitler’...

Posted on January 31, 2017 in Ransomware

XCrypt Ransomware

The XCrypt Ransomware was first observed on January 29, 2017. The XCrypt Ransomware is not based on an open source code or part of a RaaS (Ransomware as a Service) service, but that it seems to have been created independently. It is likely that the creator of the XCrypt Ransomware is located in Russia. The XCrypt Ransomware’s ransom note, contained in a file named ‘Xhelp.jpg,’ has a Russian text. However, it does not seem that the XCrypt Ransomware targets computer users in Russia; attacks involving the XCrypt Ransomware have been detected all over the world and are not limited to Russian speakers. PC security analysts suspect that most of the XCrypt Ransomware infections are delivered using phishing email messages, which trick computer users into opening the included file attachment. Emails used to deliver the...

Posted on January 31, 2017 in Ransomware

‘.zXz File Extension’ Ransomware

The ‘.zXz File Extension’ Ransomware is a ransomware Trojan that was first observed on January 24, 2017. However, it is clear that the ‘.zXz File Extension’ Ransomware is a variant of a ransomware Trojan that has been around for a long time. The ‘.zXz File Extension’ Ransomware does seem to be a ransomware Trojan created independently, rather than being part of a RaaS (Ransomware as a Service) provider or a variant on an existing open source ransomware engine such as Hidden Tear. However, there is little to differentiate the ‘.zXz File Extension’ Ransomware from most ransomware Trojans active today, and the ‘.zXz File Extension’ Ransomware uses a simple implementation that carries out a direct, stripped-down ransomware attack. The ‘.zXz File Extension’ Ransomware...

Posted on January 31, 2017 in Ransomware

Several Washington DC CCTV Cameras Taken Down by Ransomware Days Before Trump Inauguration

There’s a brave new world out there when technology makes or breaks our livelihood. In the recent scope of the political atmosphere, there are a multitude of stories swirling around the US presidential Election and the new leader of the free world’s recent actions during his first week in office. Among the stories making their rounds, there is one that has sparked our attention in the cybersecurity world out of the Washington Post. In a recent article, the Washington Post claims that about 70% of the storage devices of CCTV systems in Washington DC that had the task of recording data from the D.C. Police surveillance cameras were infected by hackers days before Trump’s Inauguration. Such an alarming finding allegedly from city officials makes us wonder what else may have taken place on the cybersecurity front at...

Posted on January 30, 2017 in Computer Security

Seek123.net

Seek123.net is a questionable search service that does no appear to function properly. When you enter keywords on the search bar on Seek123.net and click the magnifying glass on the side nothing happens. The user is redirected to seek123.net/index.php?page=search/noresults&search=[KEYWORD]&type=web where no results are displayed. Additionally, the Seek123.net site is related to cases of browser hijacking so that security researchers decided to take a closer look at Seek123.net. The site is registered to the 54.225.242.78 IP address where we found that Seek123.net has a clone hosted on Seekdot.net, which supports the same design and functionality. Both portals appear to be related to a program named ‘Search Plugin’ that is offered to users as a search enhancement utility. The ‘Search Plugin’ software is...

Posted on January 30, 2017 in Browser Hijackers

‘Error Code: 154-247-087’ Pop-Ups

The ‘Error Code: 154-247-087’ pop-up windows are associated with untrusted pages on the Internet that host phishing content. The ‘Error Code: 154-247-087’ pop-ups are presented to users who load a phishing domain and their browser loads code riddled with errors. The coders that designed the page hosting the ‘Error Code: 154-247-087’ messages are aimed to make the browser behave strangely and convince the user there may be problems with their PCs. The pages linked to the ‘Error Code: 154-247-087’ messages are known to use the title ‘IMPORTANT ALERT’ and prevent the browser from switching to another tab. As stated before, the code is embedded into the untrusted site that is intended to freeze the browser and make it unresponsive. Regardless of the browser, you are running, the...

Posted on January 30, 2017 in Adware

Win0rr02x012417ml.club

The Win0rr02x012417ml.com domain is blacklisted by many Web filtering services such as Google Safebrowsing, Mozilla Phishing Protection, and Sucuri. The reason for the blacklisting is that the domain is used to host misleading information and suggest users call a technical support center that claims to offer legitimate services by the Microsoft Corp. Additionally, Win0rr02x012417ml.com includes images and logos that are trademarks of the Microsoft Corp. to claim credibility. Web surfers that load Win0rr02x012417ml.com are presented with a screenshot of Support.microsoft.com and a dialog box that says the desktop is locked due to suspicious activity. The pop-up on Win0rr02x012417ml.com is generated via JavaScript, which is tailored to make the browser reload Win0rr02x012417ml.com continuously. Thus, browsers like Google Chrome, Opera,...

Posted on January 30, 2017 in Browser Hijackers

RansomPlus Ransomware

Not much is known currently about the RansomPlus Ransomware, released in January 2017, although it is likely that PC security researchers will learn new information about this threat quickly. The RansomPlus Ransomware is one of countless ransomware Trojans that are released daily by con artists to carry out ransomware attacks on victims. The RansomPlus Ransomware, like other ransomware Trojans, generates revenue by threatening computer users and taking their files hostage until the victims pay a ransom. The RansomPlus Ransomware makes the victim’s files unusable by encrypting them with a strong encryption algorithm. Although it is not possible to decrypt the files that have been affected by the RansomPlus Ransomware infection, it is not unlikely that PC security researchers will release a decryption utility eventually. Meanwhile,...

Posted on January 30, 2017 in Ransomware

‘.Merry File Extension’ Ransomware

The ‘.Merry File Extension’ Ransomware is a ransomware Trojan that is a variant of the ‘Merry X-Mas’ ransomware Trojan that first appeared in Christmas season of 2016. The ‘.Merry File Extension’ Ransomware is an updated version of this ransomware Trojan and marks the files that are affected during the attack with the extension ‘.Merry.’ Like other ransomware Trojans, it demands the payment of a ransom after taking the victims’ files hostage after encrypting them with a strong encryption algorithm. The ‘.Merry File Extension’ Ransomware delivers its ransom note in an .hta file named ‘MERRY_I_LOVE_YOU_BRUCE.HTA,’ as well as including an image of the Terminator dressed like Santa Clause. The ‘.Merry File Extension’ Ransomware is distributed using...

Posted on January 27, 2017 in Ransomware

CryptConsole Ransomware

The CryptConsole Ransomware is a ransomware Trojan. The victims of the CryptConsole Ransomware are mostly Russian-speakers. However, malware researchers have reported the CryptConsole Ransomware attacks outside of Russia. Spam email messages distributing the CryptConsole Ransomware have been sent to countries other than Russia and that there are computers infected with the CryptConsole Ransomware all over the world currently. The CryptConsole Ransomware is distributed using a corrupted email attachment that may take the form of a text document and a spreadsheet. Emails used to distribute the CryptConsole Ransomware will come from a trusted email source, which will be spoofed by the con artists sending out these email attachments. This is why you must always be cautious when opening email attachments, regardless of its source. The...

Posted on January 27, 2017 in Ransomware

ZekwaCrypt Ransomware

The ZekwaCrypt Ransomware is a ransomware Trojan that has been active since May 24, 2016. The ZekwaCrypt Ransomware (also known as Win32/the ZekwaCrypt.A) is considered a severe threat to computers. The ZekwaCrypt Ransomware is used to target high-profile targets such as databases, large data containers, and corporate networks with an effective encryption ransomware Trojan. However, the ZekwaCrypt Ransomware is also effective when attacking personal computers. Initially, the ZekwaCrypt Ransomware was being distributed using corrupted spam email attachments that impersonated messages from social media platforms and accounting businesses. New versions of the ZekwaCrypt Ransomware were not seen for a while but in January 2017 numerous variants of the ZekwaCrypt Ransomware started to resurface. The ZekwaCrypt Ransomware is being...

Posted on January 27, 2017 in Ransomware

Netflix Ransomware

The Netflix Ransomware is a ransomware Trojan that uses the temptation of free access to Netflix to trick computer users into allowing it to run its encryption routine. The Netflix Ransomware, like other ransomware Trojans, is designed to encrypt victims files, making them inaccessible. After asking the victim’s files hostage, the Netflix Ransomware demands the payment of a ransom to obtain the decryption key necessary to recover the affected files. The Netflix Ransomware may be delivered to a computer by tricking computer users into downloading an application named ‘Netflix Login Generator.’ As its name implies, this program claims that it will produce a free account so that computer users can access the Netflix without having to pay. Computer users that fell for this tactic allowed it to have administrative...

Posted on January 27, 2017 in Ransomware
1 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 1,135