CryptoLocker Portuguese Ransomware

The CryptoLocker Portuguese Ransomware is a version of a well-known ransomware Trojan known as CryptoLocker that targets computer users in Portuguese-speaking countries, particularly making victims in Brazil. During its attack, the CryptoLocker Portuguese Ransomware will display customized messages that use logos and pictures associated with companies in the targeted countries. Malware analysts strongly advise computer users to beware of messages that appear to come from these companies, especially if they try to convince you to download and execute an attached file. The files used to deliver the CryptoLocker Portuguese Ransomware and similar threats take the form of a ZIP archive or a word processor document with corrupted macros activated. The CryptoLocker Portuguese Ransomware is as Threatening as Its Antecessor The CryptoLocker...

Posted on February 15, 2017 in Ransomware

Hermes Ransomware

The Hermes Ransomware was first observed in the wild on February 13, 2017. The Hermes Ransomware is a ransomware Trojan that identifies the files encrypted during its attack with the file extension '.HERMES.' The Hermes Ransomware carries out a typical ransomware attack, which involves encrypting the victims' files to demand the payment of a ransom. If your computer has been infected with the Hermes Ransomware, malware researchers recommend the use of a reliable security program and then the restoration of the affected files using backup copies. Unfortunately, the encryption algorithms used by the Hermes Ransomware (AES 256 and RSA 1024) mean that once the Hermes Ransomware has encrypted a file, it will no longer be recoverable without access to the decryption key. How the Hermes Ransomwaremay be Installed on a Computer The Hermes...

Posted on February 15, 2017 in Ransomware

‘.wcry File Extension’ Ransomware

The '.wcry File Extension' Ransomware is a ransomware Trojan that is used to force computer users to pay a large ransom by taking their files hostage. The '.wcry File Extension' Ransomware will target the victim's files, encrypting them to make them inaccessible. The '.wcry File Extension' Ransomware has the capacity to encrypt more than 160 different file types during its attack. After encrypting the victim's files, the '.wcry File Extension' Ransomware displays a ransom note demanding that the victim makes a payment to recover the affected files. The '.wcry File Extension' Ransomware is distributed through corrupted file attachments delivered through spam email campaigns. Being cautious when handling unsolicited email attachments is one of the best ways to prevent the '.wcry File Extension' Ransomware from entering a computer. The...

Posted on February 14, 2017 in Ransomware

‘All_Your_Documents.rar’ Ransomware

The 'All_Your_Documents.rar' Ransomware receives its name because it creates a RAR archive where the victim's files are stored until the ransom payment is carried out. PC security analysts first received news of the 'All_Your_Documents.rar' Ransomware attack on February 11, 2017. The 'All_Your_Documents.rar' Ransomware is similar to other ransomware Trojans released recently that also put the victim's files in a password-protected archive. During the 'All_Your_Documents.rar' Ransomware attack, the victim's files will become compromised, causing the victim to pay a large ransom to recover access to the affected files. In most cases, the 'All_Your_Documents.rar' Ransomware is delivered in spam email campaigns, which use file attachments that abuse vulnerabilities on the victim's computers with corrupted macro scripts. When the corrupted...

Posted on February 14, 2017 in Ransomware

Uncrypte Ransomware

The Uncrypte Ransomware is a ransomware Trojan that is designed to force computer users to pay a large ransom. To do this, the Uncrypte Ransomware will claim to encrypt the victim's files, making them inaccessible until the victim pays a ransom. The Uncrypte Ransomware was first spotted on January 26, 2017. The Uncrypte Ransomware in its current form does not carry out an effective ransomware attack. Unlike most ransomware Trojans active currently, the Uncrypte Ransomware will merely pretend to have encrypted the victim's files, changing their names to make them unrecognizable to the Windows Explorer. To achieve this task, the Uncrypte Ransomware will add the string 'unCrypte/decipher_ne@outlook.com_' to the beginning of each affected file's name. The files themselves will be unaltered, and if the computer users rename the file or use...

Posted on February 14, 2017 in Ransomware

SerbRansom Ransomware

The SerbRansom Ransomware is a ransomware Trojan that seems to be connected to the proponents of extremist nationalist ideas. The SerbRansom Ransomware is just one of various ransomware variants developed to carry out ransomware attacks on unsuspecting victims. Currently, the SerbRansom Ransomware does not seem to be part of a large-scale distribution campaign. Apart from the fact that there is no mass distribution being carried out in association with the SerbRansom Ransomware, the SerbRansom Ransomware threat itself is lower in quality than many other ransomware Trojans active currently. The SerbRansom Ransomware Targets Serbian Computer Users Mainly It seems that the SerbRansom Ransomware has not been responsible for actual attacks currently, although this could change eventually. The SerbRansom Ransomware displays a message...

Posted on February 14, 2017 in Ransomware

Pabluk Locker Ransomware

The Pabluk Locker Ransomware is a ransomware Trojan that is designed to attack computer users located in Poland. The Pabluk Locker Ransomware carries out a typical ransomware attack, taking the victim's computer hostage and requesting the payment of a ransom to restore access to the victim's files. If the Pabluk Locker Ransomware has taken your computer hostage, malware analysts strongly advise the use of a security app that is fully up-to-date. Ransomware Trojans like the Pabluk Locker Ransomware have become common since 2015 increasingly, making it very important that computer users take adequate precautions to ensure that their machines are protected against this threat. How the Pabluk Locker Ransomware Attack Works The Pabluk Locker Ransomware is designed to attack computer users that speak Polish. It is likely that new variants of...

Posted on February 14, 2017 in Ransomware

CryptoKill Ransomware

The CryptoKill Ransomware is a ransomware Trojan based on HiddenTear, an open source ransomware project that was released in 2016 for 'educational purposes' publicly. Since this ransomware Trojan was first released, countless variants of it have been used to carry out attacks on computer users. The CryptoKill Ransomware and numerous other ransomware threats have used this public accessible code to create numerous variants of the same hoax. New variants of ransomware, many of them using HiddenTear as their basis, are released every day. The CryptoKill Ransomware is integrated with the TOR network to carry out payments and communications with its Command and Control server, making it an effective ransomware Trojan capable of carrying out harmful attacks on its victims. The most common way of distributing the CryptoKill Ransomware is...

Posted on February 13, 2017 in Ransomware

‘MSSecTeam’ Tech Support Scam

The 'MSSecTeam' tech support scam involves a lock screen meant to trick computer users into paying large amounts of money. The 'MSSecTeam' tech support scam uses a fake message from the 'Microsoft's Security Team' to alert the victim that the affected computer's files have been encrypted, and then demanding the payment of a ransom. According to the 'MSSecTeam' tech support scam message, the victim's files were encrypted because of 'illegal activity.' The 'MSSecTeam' tech support scam message claims that the ZhuangZi encryption was used to lock down the victim's files. This is a non-existent encryption method, used to scare computer users into paying a ransom of 0.5 BitCoin, which is sent to the email address mssecteam@sigaint.org. The 'MSSecTeam' Tech Support Scam Disables Various Services and Programs Apart from displaying a lock...

Posted on February 13, 2017 in Trojans

Xampp Locker Ransomware

The 'Xampp Locker' Ransomware is a ransomware Trojan that was first observed on February 13, 2017. The 'Xampp Locker' Ransomware is written using .NET and is based on HiddenTear, an open source ransomware Trojan that has been the basis for countless ransomware variants in the last year. The 'Xampp Locker' Ransomware is capable of carrying effective ransomware attacks against both individual computer users and large-scale targets such as corporate networks and servers. The 'Xampp Locker' Ransomware can be distributed in a variety of ways, ranging from the exploitation of weak passwords to corrupted email attachments. Compromised documents distributed using emails are the most common way in which con artists may distribute the 'Xampp Locker' Ransomware and other ransomware Trojans. How the 'Xampp Locker' Ransomware may be Used to Carry...

Posted on February 13, 2017 in Ransomware

Search.suchwowgames.com

Search.suchwowgames.com is a portal that is maintained by Eightpoint Technologies Ltd. and used to host most of the features presented with the SuchWowGames desktop application as stated on Free.suchwowgames.com/home/terms?source=. The SuchWowGames desktop application may make alterations to the settings in Google Chrome, Internet Explorer and Mozilla Firefox. The SuchWowGames program may change your new tab page layout and default search provider on Google Chrome to Search.suchwowgames.com. Internet Explore and Mozilla Firefox may be urged by Eightpoint Technologies Ltd. to set Search.suchwowgames.com as their start page, as well not just new tab design and search provider. When you enter keywords in the address bar and the Omnibar you should expect suggestions by Search.suchwowgames.com to be provided on a panel at the bottom. The...

Posted on February 13, 2017 in Browser Hijackers

Startsearch.info

Startsearch.info is a search service that is powered by a custom Google search engine. The engine powering Startsearch.info can be found at cse.google.bg/cse?cx=partner-pub-1798186880065655:9232981728 and features the name 'POISK' that is Russian for 'Search.' The Startsearch.info portal is not a trusted search service and may relay traffic via Counter.yadro.ru, which is linked to several representatives of the adware family of programs. PC security researchers note that users infected with adware like Everysale and Coupondo may be redirected to Startsearch.info and have their default search provider hijacked. Additionally, Web filters have detected that Startsearch.info was compromised on several occasions and included an iFrame that attempted to install unsigned and potentially threatening software on the visitor's PC. We have seen...

Posted on February 10, 2017 in Browser Hijackers

Youhomepage.org

The Youhomepage.org and the Newbornkittens.online domains that you may load from ads should no be trusted. Both domains may be used for misleading marketing campaigns that may lead users to spend hundreds of dollars on premium phone services, fake lotteries, and replicas of premium smartphones. Youhomepage.org and the Newbornkittens.online are reported by users who were suggested to complete a short questionnaire and participate in a lottery that would result in five lucky gentlemen and ladies getting an iPhone. Users that loaded Youhomepage.org and the Newbornkittens.online were welcomed to ask questions about Google, Microsoft, Facebook and Instagram. They had to choose from three answers and, regardless of their correct or incorrect choice, they would be redirected to pages like monclerfroutlets.com and suggested to provide their...

Posted on February 10, 2017 in Browser Hijackers

Fadesoft Ransomware

The Fadesoft Ransomware was first observed on February 9, 2017. The Fadesoft Ransomware seems to be related to the Erebus 2017 Ransomware, another known ransomware Trojan. These two, and the ever-merging other ransomware threats share a tactic that allows them to bypass the User Account Control (UAC) on the targeted computer and communicate with Command and Control servers using TOR. To bypass the UAC, the Fadesoft Ransomware alters the infected computer's Registry to associate certain file types with the Fadesoft Ransomware's executable, which then prompts the infected computer to run the Fadesoft Ransomware without activating the UAC. The Fadesoft Ransomware receives its name because the word 'Fadesoft' appears several times in the Fadesoft Ransomware's code. There's Nothing Soft on the Fadesoft Ransomware Attack When the Fadesoft...

Posted on February 10, 2017 in Ransomware

FPSeek.com

The Fpseek.com search portal is presented to users who value the Microsoft's Bing and wish to explore an improved version of the search service. Web surfers may be interested to know that Fpseek.com is appraised quite a lot and is promoted to offer the best search results on the Open Web as stated on info.fpseek.com/AboutUs: 'fpseek is an enhanced online search experience used by our users worldwide. Fast, simple, and easy to use, fpseek offers the best search results from across the web. Thanks to our collaboration with leading software providers, you can choose to install fpseek during setup and benefit from better online searches on your browser.' The Fpseek.com site is associated with a browser add-on available for Google Chrome, Mozilla Firefox and Internet Explorer. The add-on may alter your new tab, start page, and search...

Posted on February 10, 2017 in Browser Hijackers