Sharecash Screenlocker

The Sharecash Screenlocker is a Trojan that may arrive in your inbox as a file attached to a spam email. The Sharecash Screenlocker Trojan functions similarly to the Survey Warning Ransomware and the ScreenLocker Ransomware . The Sharecash Screenlocker Trojan is a tool for third parties to generate money from completed marketing surveys. The Sharecash Screenlocker is a program that is designed to make modifications to the boot-up sequence of Windows and limit the user’s control of the PC. That way the Sharecash Screenlocker can focus the user’s attention to marketing surveys. Users that are shown the Sharecash Screenlocker may be fooled into thinking that their copy of Windows is not genuine and they need to fill out a survey on the Web to validate their OS licenses. Microsoft Corp. does not use questionnaires to...

Posted on November 8, 2016 in Trojans

‘Your Computer May Be At Risk’ Pop-Ups

The ‘Your Computer May Be At Risk’ pop-up windows that are shown when your browser is frozen should not be trusted. The ‘Your Computer May Be At Risk’ pop-up notifications are generated on untrusted pages using bad JavaScript code designed to cause errors in your Internet client. The ‘Your Computer May Be At Risk’ serves as advertisements for technical assistance services via toll-free phone lines, which are not operated by Microsoft certified experts. Experts note that the ‘Your Computer May Be At Risk’ may blame the process mpctray.exe for security and stability issues you might experience. The process mpctray.exe is associated with MPC Cleaner , which is a legitimate program found on Mpc.am. Experts note that mpctray.exe is not causing the ‘Your Computer May Be At Risk’...

Posted on November 8, 2016 in Adware

FuckSociety Ransomware

The FuckSociety Ransomware is an encryption Trojan that is derived from the Fs0ci3ty Ransomware. The authors of the Fs0ci3ty Ransomware appear to have worked on new version named FuckSociety Ransomware, which is supposed to bypass AV shields and use an RSA-4096 cipher to lock the files on the victim’s computer. The creators of the FuckSociety Ransomware rely on spam emails and social engineering techniques to convince users to run a corrupted executable that will download and install their threats. Web surfers may be suggested that downloading a small application would give them access to premium content on adult-rated sites and unlock shareware like the Microsoft Office. However, users might find that the suspicious file they ran is a strand of the FuckSociety Ransomware, which uses the ‘.DLL’ file extension to...

Posted on November 8, 2016 in Ransomware

Serpent Ransomware

The Serpent Ransomware is a successor to the PayDOS Ransomware and is packed as a batch file that is dropped on the PC via an executable attached to spam emails. The Serpent Ransomware depends on the Windows Command Prompt and cannot be run with a simple double-click. The executable responsible for the deployment of the Serpent Ransomware is programmed to call CMD.exe and execute the Serpent Ransomware. Researchers note that the Serpent Ransomware is still in development and we may see encryption engines being implemented in future releases. As of November 2016, the Serpent Ransomware is designed to rename file extensions without making changes to the file names. For example, ‘Pieridae_chrysalis.png’ will be changed to Pieridae_chrysalis.dng’. If you alter the file extensions from DNG to PNG manually the file...

Posted on November 8, 2016 in Ransomware

zScreenlocker Ransomware

The zScreenlocker Ransomware is a ransomware Trojan that scares computer users during its attack. The zScreenlocker Ransomware promotes a hate speech by using the text ‘BAN ISLAM’ over a background comprised of the flag of Brazil. The zScreenlocker Ransomware is aimed toward computer users located in Brazil while inciting hate against Muslims. Although the zScreenlocker Ransomware’s behavior is not typical of most ransomware Trojans, it is a rare variant that has a political or hates speech cause, which is relatively rare in these attacks. Regardless of these specific characteristics of the zScreenlocker Ransomware attack, the zScreenlocker Ransomware infection is a straightforward screen locker attack that can be resolved with the use of a reliable security program that is fully up-to-date. Curiously enough, the...

Posted on November 7, 2016 in Ransomware

PayDOS Ransomware

The PayDOS Ransomware carries out an attack that is rooted in older techniques to distribute threats. The PayDOS Ransomware and Serpent , both threats released recently, are using very old methods to carry out their attacks. One of the main aspects of the PayDOS Ransomware that drew the attention of PC security analysts is its use of batch files to carry out its attack. This makes the PayDOS Ransomware one of the oddest variants of ransomware active currently. The PayDOS Ransomware runs within the Windows Command Prompt, carrying out a ransomware attack on the victim’s computer. There are two variants of this batch file ransomware attack that are under development currently. The PayDOS Ransomware is the first, with the second receiving the name ‘serpent.’ Both carry out the same basic attack, demanding a ransom...

Posted on November 7, 2016 in Ransomware

Exotic 3.0 Ransomware

Despite its name, there is nothing exotic about the Exotic 3.0 Ransomware attack. The Exotic 3.0 Ransomware, developed by a hacker that goes by the name ‘EvilTwin,’ carries out a typical ransomware attack. There is little difference between the Exotic 3.0 Ransomware and its previous versions ( Exotic and Exotic 2.0); the victim’s files are compromised using a strong encryption algorithm. After the files are encrypted, they become inaccessible without access to the decryption key. The people responsible for the Exotic 3.0 Ransomware hold the decryption key, effectively taking the victim’s data hostage until the ransom is paid. Essentially, the Exotic 3.0 Ransomware locks the victim’s files and then asks for a ransom that should be paid within 72 hours, threatening to delete the data permanently. The files...

Posted on November 7, 2016 in Ransomware

Hollycrypt Ransomware

The Hollycrypt Ransomware is a ransomware Trojan that uses an open-source ransomware platform known as Hidden Tear. This open source platform was released as an ‘educational ransomware’ tool initially. However, since its release con artists have created and liberated numerous ransomware Trojans, including the Hollycrypt Ransomware, that take advantage of this freely available ransomware code to create devastating ransomware attacks that have claimed countless victims around the world. The Hollycrypt Ransomware uses the extension ‘Hollycrypt’ to identify the files that have been encrypted during the attack. The Hollycrypt Ransomware’s ransom note is a text file dropped on the victim’s desktop. This file is named ‘read_this_shit.txt’ and demands that the victim pays a ransom to recover the...

Posted on November 7, 2016 in Ransomware

CLock.Win32 Ransomware

The CLock.Win32 Ransomware is a Trojan that takes the victim’s computer hostage, although it does not encrypt the victim’s files. The CLock.Win32 Ransomware belongs to a category of ransomware that was quite popular in the last decade, blocking access to victim’s computers. Ransomware designed to encrypt the victim’s files became the most popular attack method for con artists gradually, but PC security analysts are still uncovering screen lockers by the CLock.Win32 Ransomware every day. A resurgence of these infections, which may include the CLock.Win32 Ransomware may be due to the fact that computer users have become accustomed to more threatening types of ransomware, expecting the CLock.Win32 Ransomware attack (or another low-level ransomware attack) to be a lost cause rather than the relatively...

Posted on November 7, 2016 in Ransomware

Gremit Ransomware

The Gremit Ransomware is a ransomware Trojan that, fortunately, seems to be still in its development stages. PC security analysts first observed the Gremit Ransomware in November 2016. PC security analysts first noted the appearance of the Gremit Ransomware in reports published on the Dark Web and in spam email attachments containing corrupted content designed to deliver the Gremit Ransomware infection. The initial release of the Gremit Ransomware will use spam emails that trick computer users into believing that the email is being sent by a social media platform such as Facebook, Twitter or Instagram. When victims open the attached file, it installs the Gremit Ransomware on the victim’s computer. A variety of other threats use a similar technique to infiltrate victims’ computers. The Gremit Ransomware disguises itself...

Posted on November 7, 2016 in Ransomware

Kangaroo Ransomware

The Kangaroo Ransomware is a ransomware Trojan that is used to force computer users to pay ransom to recover their files, which are taken hostage by this threat. The Kangaroo Ransomware is a variant of Apocalypse , a known ransomware Trojan that carries out a typical encryption ransomware attack. After encrypting the victim’s files, the Kangaroo Ransomware will change the affected files’ extensions to ‘.crypted,’ making it simple to know which files have been compromised. The files encrypted by the Kangaroo Ransomware are no longer accessible. Essentially, the Kangaroo Ransomware takes the victim’s files hostage and demands that the victim pays a large ransom to recover access to the compromised files. The Kangaroo Ransomware displays a pop-up message after the victim’s files have been encrypted....

Posted on November 7, 2016 in Ransomware

Smash Ransomware

The Smash Ransomware is an annoying application that PC security analysts have detected. The Smash Ransomware uses images and content related to the Super Mario Bros games, such as an image of the iconic Super Mushroom holding a knife menacingly. Although the Smash Ransomware acts like a ransomware and claims to be a ransomware threat, it would be incorrect to refer to the Smash Ransomware as ransomware, since it does not have this functionality. Rather, the Smash Ransomware does not encrypt or lock files, and could still be incomplete or just in development. The Smash Ransomware would be referred to as a screen locker accurately since it annoys its victims by locking their screens and preventing computer users from accessing their files or their computer’s Desktop. After the Smash Ransomware is delivered to the...

Posted on November 7, 2016 in Ransomware

BTC Ransomware

The BTC Ransomware is a ransomware Trojan that is used to take the victims’ files hostage and then demand payment of a large ransom. The BTC Ransomware is just one of countless ransomware Trojans that are being used to force computer users to pay large ransoms currently. Files that have been compromised by the BTC Ransomware infection are easy to identify because their extensions will have been changed to ‘.BTC,’ which is the abbreviation for BitCoin, the online currency that is commonly used to carry out ransom payments in relation to these attacks. The BTC Ransomware drops a ransom note demanding that victims contact the email addresses zikr@protonmail.com or zikr@usa.com to carry out the payment. The BTC Ransomware looks for file types that are widely used, in particular, targeting media files and documents....

Posted on November 7, 2016 in Ransomware

EncryptoJJS Ransomware

The EncryptoJJS Ransomware is an encryption ransomware Trojan that is used to attack computer users. The EncryptoJJS Ransomware may be delivered by using corrupted attachments included in spam email messages. Common spam tactics that are used to distribute threats like the EncryptoJJS Ransomware include fake invoices or receipts contained in Microsoft Office or PDF files that exploit vulnerabilities in macro functionalities in the programs commonly used to run these file types. Once the EncryptoJJS Ransomware infects the victim’s computer, it will encrypt the victim’s files using a strong encryption method, effectively taking the files hostage until the victim pays a large ransom. The EncryptoJJS Ransomware uses an AES encryption algorithm to encrypt the victim’s files. The EncryptoJJS Ransomware scans the...

Posted on November 7, 2016 in Ransomware

Cyber-security-official.site

If you start noticing security alerts being displayed by a website named Cyber-security-official.site, do not be scared. These misleading alerts are created by a browser hijacker linked to Cyber-security-official.site and don’t report the real health state of your computer. They are intended to scare computer users so that they will call the phone number 858-430-8516, which is displayed on these fake warnings as a technical support phone number, were troubled computer users will find a solution to their PCs problems. As if its lies were not enough, Cyber-security-official.site also may exhibit numerous and useless advertisements that will appear on the Web pages you are visiting, prompt the users to install fake updates or purchase bogus security programs and install adware and PUPs on the affected machine. Do not accept the...

Posted on November 7, 2016 in Browser Hijackers