CryptoShield 2.0 Ransomware

The CryptoShield 2.0 Ransomware is the second generation of the CryptoShield Ransomware that was released on January 31st, 2017. The next stage of the development of CryptoShield appears to include changes in the marker placed on the encrypted files, the obfuscation layers, the ‘Command and Control’ servers, contact details and primary encryption algorithm. The CryptoShield 2.0 Ransomware surfaced on the scanners of security vendors on February 16th, 2017 when users were flooded with spam messages carrying corrupted documents. Cyber security experts note that macro-enabled text documents are often used to distribute threats like the CryptoShield 2.0 Ransomware and the HugeMe Ransomware . An in-depth analysis revealed that the authors of the CryptoShield 2.0 Ransomware switched from using the AES-256 cipher to the...

Posted on February 16, 2017 in Ransomware

Search.searchmpct.com

Search.searchmpct.com is a custom search portal that is associated with the ConvertThatPDF (also seen as ConvertPDFs) browser add-on by Polarity Technologies Ltd., which you may know for riskware such as GetFitNow New Tab and BookmyFlight . The ConvertThatPDF add-on is supposed to allow users to convert PDF files into other document types easily. The functionality of the ConvertThatPDF add-on depends on integration with the browser and Search.searchmpct.com. If you manage a large collection of PDF files and wish to convert some of your documents to other formats you may be interested in using ConvertThatPDF and Search.searchmpct.com. However, you should read the terms of use of ConvertThatPDF carefully because there are a few key aspects of ConvertThatPDF to consider. Users that do not wish to bother reading on...

Posted on February 16, 2017 in Browser Hijackers

Manchester, London, and Sheffield Have the Highest Malware Infection Rates in the United Kingdom

Computers in Manchester, London, and Sheffield are more likely than computers in any other city in the UK to be infected with malware. The Enigma Software Group (ESG) research team compiled their latest data based on malware detection data from SpyHunter during 2016 in each of the 30 largest cities in the UK. Manchester had the highest rate, and it wasn’t even close. Manchester’s rate was more than 500% higher than the national average. London, Sheffield, and Derby each had infection rates more than double the national average . Leicester rounded out the top five. “We’re not sure what causes infection rates to be significantly higher in one city or another,” said ESG spokesperson Ryan Gerding. “There could be a number of factors including the demographics of the area, how widespread PC usage is...

Posted on February 15, 2017 in Computer Security

HugeMe Ransomware

The HugeMe Ransomware is an encryption Trojan based on the EDA2 project that was presented to programmers as an ‘educational ransomware.’ Needless to say, it did not take long for threat actors to copy the EDA2 open-source code and customize it so that it can be delivered via macro-enabled documents to PC users. The HugeMe Ransomware joins the ranks of Trojans like the FSociety Ransomware , the VenusLocker Ransomware and the SeginChile Ransomware . The HugeMe Ransomware was announced on cyber security blogs on February 9th, 2017 and appeared to support the latest versions of Windows and oldest versions as far back as the Windows XP. An in-depth analysis confirmed that the HugeMe Ransomware supports the AES-256 and RSA-2048 ciphers, which are used to encode targeted data. The HugeMe Ransomware can lock the files...

Posted on February 15, 2017 in Ransomware

CryptoLocker Portuguese Ransomware

When PC security experts talk about the CryptoLocker Portuguese Ransomware, they are discussing an encryption Trojan that is a version of CryptoLocker , which is aimed at users in Portuguese-speaking countries such as Portugal, Brazil, Angola, Cape Verde and Mozambique. The CryptoLocker Portuguese Ransomware is a customized version of CryptoLocker that travels with phishing messages that include logos and images from trusted companies in the countries mentioned before. It is not a good idea to open bank statements, payment notifications, and what looks like an archive of photos from social media that may be attached to spam messages. The developers behind the CryptoLocker Portuguese Ransomware may exploit macro-enabled files to install the Trojan on vulnerable systems. The CryptoLocker Portuguese Ransomware is a standard file coder...

Posted on February 15, 2017 in Ransomware

Hermes Ransomware

The Hermes Ransomware is an encryption Trojan that was mentioned on computer security blogs for the first time on February 13th, 2017. Later, researchers provided information on the Hermes Ransomware and revealed that the Trojan is named after the code name HERMES that was spotted during the code analysis. Additionally, the Hermes Ransomware is using the extension ‘.HERMES’ to mark the encrypted objects. The Hermes Ransomware is ranked among threats like the CryptoKill Ransomware and the ‘.wcry File Extension’ Ransomware . The Hermes Ransomware is a standard crypto-threat that is equipped with a custom-built AES 256 cipher and uses the advanced RSA-1024 cipher to obfuscate the encryption key before it is sent to the ‘Command and Control’ server. The Hermes Ransomware is a quick and cunning...

Posted on February 15, 2017 in Ransomware

‘.wcry File Extension’ Ransomware

The ‘.wcry File Extension’ Ransomware is a file coder Trojan that was added to the virus database of AV vendors on February 10th, 2017. The threat may be based on the HiddenTear project considering it resembles other Trojans such as the YourRansom Ransomware and the Xampp Locker Ransomware . As you may guess, the ‘.wcry File Extension’ Ransomware is named after the custom marker it places on encrypted objects—’.wcry.’ The threat is classified as a standard encryption Trojan that you may receive via email and install by running a bad macro script. Cyber security analysts warn that the ‘.wcry File Extension’ Ransomware is very efficient when it comes to encoding data since it does not require a lot of hardware resources. The main process for the ‘.wcry File Extension’...

Posted on February 14, 2017 in Ransomware

‘All_Your_Documents.rar’ Ransomware

The ‘All_Your_Documents.rar’ Ransomware is named after after the ‘All_Your_Documents.rar’ data vault it creates where your files are stored until you deliver payment. The ‘All_Your_Documents.rar’ Ransomware was brought to the attention of the cyber security community on February 11th, 2017 and the threat have much in common with threats such as the ‘Love.server@mail.ru’ Ransomware , the ‘.7zipper File Extension’ Ransomware and the CryptoHost Ransomware . The ‘All_Your_Documents.rar’ Ransomware is released with a major spam campaign and may arrive on the computer as a macro-enable document. The document serves as an installer that features a macro script that is interpreted by Windows as a command from the user to install a program from a remote server. Researchers note that the...

Posted on February 14, 2017 in Ransomware

Uncrypte Ransomware

The Uncrypte Trojan is classified as a Ransomware, which is a Trojan that makes unsolicited changes to data and demands a ransom to restore files to their original form. PC security researchers announced the Uncrypte Ransomware on January 26th, 2017. However, the Uncrypte Ransomware qualifies as a Ransomware barely considering the changes it makes involve renaming the objects on the local drives following the model unCrypte/decipher_ne@outlook.com_ . Thus, an object like ‘Himalayan Salt.pptx’ is changed to ‘unCrypte/decipher_ne@outlook.com_Himalayan Salt.pptx.’ The initial release of the Uncrypte Ransomware does not encode the file’s content—just the name. The author of the Uncrypte Ransomware is known to use the file ‘How decrypt files.hta,’ which carries the ransom message and resembles...

Posted on February 14, 2017 in Ransomware

SerbRansom Ransomware

The SerbRansom Ransomware Trojan was added to the virus signature databases on February 13th, 2017 when the SerbRansom 2017 Ransomware was released to regular PC users and advertised as a Ransomware Building Kit on the Dark Web. The SerbRansom Ransomware Building Kit is developed by a coder who uses the alias ‘R4z0rx0r’ and offers it for sale with more than a few options to customize your build of SerbRansom. At the time of writing this article, the SerbRansom Ransomware is not part of a major distribution campaign, and there are little to no incidents that involve the Trojan at hand. Considering that there is open-source ransomware on the Internet such as HiddenTear and EduCrypt the addition of SerbRansom is not welcomed by security authorities at all. Moreover, we have covered similar tools such as the Tox...

Posted on February 14, 2017 in Ransomware

Pabluk Locker Ransomware

The Pabluk Locker Ransomware, also seen as Pabluk L0cker, is a Trojan that is aimed at users in Poland exclusively. We should note that we may see international versions of the Pabluk Locker Ransomware in the upcoming months and users should ignore spam messages that may come with attached files. The Pabluk Locker Ransomware was introduced to the public on February 10th, 2017 and added to the screen locker sub-division of ransomware threats. At the time of writing this, the Pabluk Locker Ransomware supports a Polish version only, but experts expect the threat to expand its operations. PC users are vulnerable to the Pabluk Locker Ransomware if they have enabled automatic execution of macro scripts, run outdated browser plug-ins and install software from untrusted sources. PC security researchers note that the primary purpose of the...

Posted on February 14, 2017 in Ransomware

CryptoKill Ransomware

The CryptoKill Ransomware is a ransomware Trojan based on HiddenTear, an open source ransomware project that was released in 2016 for ‘educational purposes’ publicly. Since this ransomware Trojan was first released, countless variants of it have been used to carry out attacks on computer users. The CryptoKill Ransomware and numerous other ransomware threats have used this public accessible code to create numerous variants of the same hoax. New variants of ransomware, many of them using HiddenTear as their basis, are released every day. The CryptoKill Ransomware is integrated with the TOR network to carry out payments and communications with its Command and Control server, making it an effective ransomware Trojan capable of carrying out harmful attacks on its victims. The most common way of distributing the CryptoKill...

Posted on February 13, 2017 in Ransomware

‘MSSecTeam’ Tech Support Scam

The ‘MSSecTeam’ tech support scam involves a lock screen meant to trick computer users into paying large amounts of money. The ‘MSSecTeam’ tech support scam uses a fake message from the ‘Microsoft’s Security Team’ to alert the victim that the affected computer’s files have been encrypted, and then demanding the payment of a ransom. According to the ‘MSSecTeam’ tech support scam message, the victim’s files were encrypted because of ‘illegal activity.’ The ‘MSSecTeam’ tech support scam message claims that the ZhuangZi encryption was used to lock down the victim’s files. This is a non-existent encryption method, used to scare computer users into paying a ransom of 0.5 BitCoin, which is sent to the email address mssecteam@sigaint.org. Apart...

Posted on February 13, 2017 in Trojans

Xampp Locker Ransomware

The ‘Xampp Locker’ Ransomware is a ransomware Trojan that was first observed on February 13, 2017. The ‘Xampp Locker’ Ransomware is written using .NET and is based on HiddenTear, an open source ransomware Trojan that has been the basis for countless ransomware variants in the last year. The ‘Xampp Locker’ Ransomware is capable of carrying effective ransomware attacks against both individual computer users and large-scale targets such as corporate networks and servers. The ‘Xampp Locker’ Ransomware can be distributed in a variety of ways, ranging from the exploitation of weak passwords to corrupted email attachments. Compromised documents distributed using emails are the most common way in which con artists may distribute the ‘Xampp Locker’ Ransomware and other ransomware...

Posted on February 13, 2017 in Ransomware

Search.suchwowgames.com

Search.suchwowgames.com is a portal that is maintained by Eightpoint Technologies Ltd. and used to host most of the features presented with the SuchWowGames desktop application as stated on Free.suchwowgames.com/home/terms?source=. The SuchWowGames desktop application may make alterations to the settings in Google Chrome, Internet Explorer and Mozilla Firefox. The SuchWowGames program may change your new tab page layout and default search provider on Google Chrome to Search.suchwowgames.com. Internet Explore and Mozilla Firefox may be urged by Eightpoint Technologies Ltd. to set Search.suchwowgames.com as their start page, as well not just new tab design and search provider. When you enter keywords in the address bar and the Omnibar you should expect suggestions by Search.suchwowgames.com to be provided on a panel at the bottom. The...

Posted on February 13, 2017 in Browser Hijackers
1 2 3 4 5 6 7 8 9 10 11 12 1,126