GoldenEye Ransomware

The GoldenEye Ransomware is an encryption Trojan that is pushed as an improved version of the Petya Ransomware, which surfaced in March 2016. The GoldenEye Ransomware was brought to the attention of security researchers in December 2016. Spam emails aimed at human resource departments were found to carry a corrupted spreadsheet that featured a macro. As you well know by now, the macro is widely abused by threat actors to deliver threats like the Al-Namrood Ransomware and the Osiris Ransomware . PC users that work with CVs on a daily basis appear to be among the primary targets of the GoldenEye Ransomware since they are likely to open a document from an unknown sender. The macro script used to deliver the GoldenEye Ransomware is designed to write base64 encoded strings into an executable file that is stored in the Temp directory....

Posted on December 7, 2016 in Ransomware

‘Add Extension’ Pop-Up

An ‘Add Extension’ pop-up may indicate that a website is trying to install an extension to the Chrome Web browser automatically, a method that may result in adware infections or a variety of other problems. Extensions loaded through the ‘Add Extension’ pop-ups may not be associated with the Google Chrome Web Store. The ‘Add Extension’ pop-up, rather, may be generated by suspicious Java scripts loaded on Web pages with dubious content. Computer users have reported that, when visiting these types of pages, they find an ‘Add Extension’ button that does not disappear, even when using pop-up blockers such as those that are included in Web browsers like Mozilla Firefox or Google Chrome. Some pop-up blockers by third parties have been effective in hiding the ‘Add Extension’ pop-up or...

Posted on December 6, 2016 in Adware

Sage Ransomware

The Sage Ransomware is a typical ransomware Trojan that is used to encrypt the victims’ files and then demand ransom in exchange for the decryption key. PC security analysts suspect that the Sage Ransomware is related to the TeslaCrypt family of ransomware after studying the Sage Ransomware’s code. If the Sage Ransomware has been installed on your computer, PC security researchers advise computer users to avoid paying the ransom, since this seldom results in the recovery of the affected files. The Sage Ransomware encrypts the victim’s data by using a strong encryption algorithm. After encrypting the victim’s files, the Sage Ransomware shows a ransom note to the victim in the form of a pop-up message. The text of the Sage Ransomware’s ransom note reads as follows: ‘ATTENTION! the Sage...

Posted on December 6, 2016 in Ransomware

Satan666 Ransomware

The Satan666 Ransomware is a ransomware Trojan. The Satan666 Ransomware identifies files it encrypts by using the ‘.locked’ extension, which has been observed before in numerous other variants in the same ransomware family as the Satan666 Ransomware. Like other encryption ransomware Trojans, the Satan666 Ransomware is designed to take over the victim’s computer, encrypting the victim’s files to make them inaccessible. After the victim has been locked out of their files, the Satan666 Ransomware displays a ransom note demanding payment of a large ransom in exchange for the decryption utility. Ransomware Trojans like the Satan666 Ransomware use a highly effective attack that is especially devastating because the victim’s files will remain encrypted and inaccessible even if the Satan666 Ransomware is removed...

Posted on December 6, 2016 in Ransomware

Osiris Ransomware

The Osiris Ransomware belongs to a batch of variants of the Locky Ransomware family that have been released in the final months of 2016. The Osiris Ransomware identifies the files it encrypts through the use of the extension ‘.Osiris,’ which come from the ancient Egyptian religion. This follows a pattern used in threats such as the ‘.thor’ Ransomware , which also uses a mythological god in order to identify its threat. The Osiris Ransomware encrypts the victim’s files to make them inaccessible and then demands the payment of a ransom. During its attack, the Osiris Ransomware will replace the files’ names with random characters followed by the extension mentioned above. The Osiris Ransomware delivers a ransom note in the form of an HTML file, as well as changes the victim’s desktop wallpaper...

Posted on December 6, 2016 in Ransomware

DirectionsWhiz

The DirectionsWhiz software is advertised at Directionswhiz.com as the best solution for users who are looking for directions. Ads that promote DirectionsWhiz may be found on freeware deployment platforms since the program is released for free. DirectionsWhiz is published by Mindspark Interactive Network, Inc. under the GNU Freeware Licence and you are not required to pay for its services. However, the development of DirectionsWhiz is sponsored by advertisers, and you may be welcomed to remove extensions designed to block tracking and unwanted commercials from your browser. The DirectionsWhiz application is browser-dependent and may support Google Chrome, Mozilla Firefox and Internet Explorer. DirectionsWhiz is classified as a Potentially Unwanted Program (PUP) that can change your new tab page and homepage, as well as show...

Posted on December 5, 2016 in Possibly Unwanted Program

‘Windows Defender Prevented Malicious Software’ Scam

The ‘Windows Defender Prevented Malicious Software’ message is generated by a Trojan that is associated with technical support tactics. The ‘Windows Defender Prevented Malicious Software’ should not be trusted because it promotes fake computer support services on the 877-360-0485 toll-free phone line, which is not operated by Microsoft Corp. The Trojan at hand is crafted to generate a lock screen on the desktop, which is loaded as soon as the user logs into Windows. Cyber security experts are not sure how the Trojan is delivered to users, but there is a good chance that a free program may have been bundled with badware. The ‘Windows Defender Prevented Malicious Software’ lock screen cannot be removed with the Alt+F4 keyboard command and tools like regedit.exe, Command Prompt, and taskmngr.exe may not...

Posted on December 5, 2016 in Trojans

‘Microsoft Help Desk Tech Support’ Scam

The ‘Microsoft Help Desk Tech Support’ scam is facilitated by a Trojan that behaves very similarly to the one used to generate the Microsoft Security Essentials Alert . The ‘Microsoft Help Desk Tech Support’ Trojan is programmed to display a lock screen that mimics the BSOD error report on Windows systems and suggests the user calls the 888-828-6971 helpline. The ‘Microsoft Help Desk Tech Support’ lock screen is shown as soon as the user logs into Windows thanks to an entry in the MSCONFIG panel, which is used to manage startup programs. The text on the ‘Microsoft Help Desk Tech Support’ lock screen reads: ‘A problem has been detected and windows has been shutdown to prevent damage to your computer. DRIVER_IRQL_NOT_LES_OR_EQUAL Contact your system administrator or technical...

Posted on December 5, 2016 in Trojans

NoValid Ransomware

The NoValid Ransomware is a ransomware Trojan that is used to take the victims’ files hostage. The NoValid Ransomware can be identified easily because of its ransom note, which is named RESTORE_the NoValid_FILES.HTML. The full contents of the NoValid Ransomware’s ransom message are listed below: ‘LOCKED-IN Danger! ALL YOUR FILES HAS BEEN LOCKED All your files are encrypted and can be restored after payment. For encryption, we used persistent improved algorithm AES256. For each file generated a unique decryption key and added a random number which makes decryption impossible without the use of a special configuration file which has ll the information needed to decrypt your files.’ Like most ransomware Trojans, the NoValid Ransomware makes the victim’s files inaccessible through the use of an...

Posted on December 5, 2016 in Ransomware

RIP Ransomware

The RIP Ransomware is a ransomware Trojan that is being used to extort computer users. The RIP Ransomware is one of the many variants of the Hidden Tear project, a publicly available ransomware engine created for ‘educational purposes’ originally. Con artist adapted this freely available ransomware engine quickly to create numerous versions of this attack based entirely on the Hidden Tear engine. The RIP Ransomware is being distributed through a Trojan dropper that is sent to the victim’s computer as an attachment in an email message. Once the Trojan dropper enters the victim’s computer, it downloads and installs the RIP Ransomware. The RIP Ransomware carries out a typical ransomware attack. As soon as it is installed, it begins encrypting the victim’s files, taking the victim’s data hostage until...

Posted on December 5, 2016 in Ransomware

SurveyLocker Ransomware

The SurveyLocker Ransomware is a screen locker that is being used to extort money from computer users. The SurveyLocker Ransomware can be a major inconvenience since it will make it difficult to use the affected computer. PC security analysts recommend the removal of the SurveyLocker Ransomware from an infected computer. The SurveyLocker Ransomware prevents computer users from accessing their desktops after they log into Windows. The SurveyLocker Ransomware is a screen locker that disables keyboard shortcuts and utilities such as the Task Manager or the Command Prompt, which may be used to bypass the SurveyLocker Ransomware infection and regain access to the infected computer. The SurveyLocker Ransomware may be distributed through spam emails, as well as unsafe advertisements or Web browser extensions. Most ransomware Trojans...

Posted on December 5, 2016 in Ransomware

‘Security Help Video’ Pop-Ups

The ‘Security Help Video’ pop-up windows in your browser are not legitimate security notifications from your Internet Service Provider. The ‘Security Help Video’ pop-ups are displayed on untrusted pages that you can open when you click on corrupted ads or use untrusted search engines. We have received reports that online stores may be compromised and host ads from questionable advertisers, which lead users to load the ‘Security Help Video’ pop-ups. The ‘Security Help Video’ notifications include the image of a female in a suit that stands amongst what appears to be a call center. Additionally, the ‘Security Help Video’ pop-ups display logos from security firms that say ‘Verified’ and ‘Safe,’ which aim to fool the user into believing the...

Posted on December 2, 2016 in Adware

Malwarevirusonline.xyz

The Malwarevirusonline.xyz domain is used to host phishing messages that promote a technical support service via the 844-722-5345 toll-free phone line. The Malwarevirusonline.xyz is registered to the 103.21.59.22 IP address that is associated with an India-based business. Researchers uncovered more than a few clones of Malwarevirusonline.xyz, which are registered to the same IP address and appear to serve the same agenda. Web surfers may stumble upon the Malwarevirusonline.xyz domain and its clones when they click on corrupted links and advertisements on insecure pages. The Malwarevirusonline.xyz pop-up windows contain the following text: ‘** YOUR COMPUTER HAS BEEN BLOCKED**’ Error # 268D3 Please call us immediately at+1-844-722-5345 Do not ignore this critical alert. If you close this page, your computer access will...

Posted on December 2, 2016 in Browser Hijackers

‘Matrix9643@yahoo.com’ Ransomware

The ‘Matrix9643@yahoo.com’ Ransomware is a ransomware Trojan that is used to extort money from computer users by taking their computers hostage. The ‘Matrix9643@yahoo.com’ Ransomware receives its name from the email account that has been associated with the people responsible for this attack. The ‘Matrix9643@yahoo.com’ Ransomware is different from many ransomware Trojans in that it uses an open source encryption method known as GNU Privacy Guard (GPG) to encrypt the victim’s data. The ‘Matrix9643@yahoo.com’ Ransomware belongs to a small group of ransomware Trojans that have emerged in December 2016 and use different encryption methods from previous ransomware threats. The people responsible for the ‘Matrix9643@yahoo.com’ Ransomware use an adapted version of the GPG...

Posted on December 2, 2016 in Ransomware

ASN1 Ransomware

The ASN1 Ransomware is a threat that has been linked to several attacks in December 2016. The ASN1 Ransomware has the capability to spread within a network, making it a particular threat to corporate computers and networks. Employees within one company may become infected by a threat like the ASN1 Ransomware after opening an email sent by one of their colleagues. There is little to distinguish the ASN1 Ransomware from numerous, other similar ransomware threats that are currently active. The ASN1 Ransomware may be distributed using corrupted spam email messages that will include an embedded link or file attachment that downloads the ASN1 Ransomware from a dummy website. The ASN1 Ransomware is being used in targeted attacks designed to compromise computers belonging to small businesses as well as Web servers deliberately. The ASN1...

Posted on December 2, 2016 in Ransomware