The Phobos Ransomware is an encryption ransomware Trojan that was first observed on October 21, 2017. The Phobos Ransomware is being used to target computer users in Western Europe and the United States and delivers its ransom messages in English to the victims. The main way in which the Phobos Ransomware is being distributed is through the use of spam email attachments, which may appear as Microsoft Word documents that have enabled macros. These macro scripts are designed to download and install the Phobos Ransomware onto the victim's computer when the corrupted file is accessed. It is likely that the Phobos Ransomware is an independent threat since it does not seem to belong to a vast...

Some highly skilled cyber crooks prefer to build and tailor unique malware and take great pride in this. Others, however, would rather take it easy and still cash in some profits, preferable with minimum effort involved. Such individuals like to base their malware creations on the code of already existing, well-established threats. This is the case with the creators of the Adame Ransomware. This file-encrypting Trojan is a variant of the infamous Phobos Ransomware. An Offshoot of the Phobos Ransomware Upon close examination of its code, security researchers have now tied Adame's structure to that of the nasty Phobos ransomware family. However, the group of hackers behind the attacks has...

The Ryuk Ransomware is a data encryption Trojan that was identified on August 13th, 2018. It appears that private companies and healthcare institutions have been compromised with the Ryuk Ransomware. Threat actors were reported of infecting organizations in the USA and Germany. Initial analysis suggests the threat was injected in systems through compromised RDP accounts, but it is possible that there is a parallel spam campaign that carries the threat payload as macro-enabled DOCX and PDF files. General Facts and Attribution Ryuk Ransomware appeared in the middle of August 2018 with several well-planned targeted attacks against major organizations worldwide, encrypting data on infected PCs and networks and demanding the payment of a ransom in exchange for a decryptor tool. Ryuk does not demonstrate extremely advanced technical skills,...

File-encryption Trojans are special cyber-threats due to their ability to cause long-term damage that cannot be reversed by running an anti-virus tool and removing the infection. Even after a piece of ransomware is removed, the file it had encrypted previously will still be impossible to use. Sadly, this makes ransomware projects very profitable for cybercriminals, and this is why we keep seeing new file-lockers like the Sherminator Ransomware. This file-locker is not new entirely as it shares a lot of similarities with the Mr.Dec Ransomware that was first analyzed in the summer of 2018. Sadly, a decryptor for neither of these is available at the moment, and their victims will be able to recover their files from a backup only. If you suspect that the Mr.Dec Ransomware or the Sherminator Ransomware have taken your files hostage, and you...

The GoRansom Ransomware is a peculiar file-locker project that does not appear to extort victims for money at the moment. Usually, ransomware developers offer to sell their victims a decryption service, but the case with the GoRansom Ransomware is a bit different – the ransom note that this ransomware leaves behind contains a free decryption solution. It is not clear what the idea of the author is – this might be a project made for fun, or it might still be an unfinished product that will be used with harmful intent eventually. One thing is for sure – despite the presence of a free decryption option, the GoRansom Ransomware is a dangerous threat that is fully capable of harming your files. The GoRansom Ransomware's Message Contains Free Decryption Tutorial The file types that the GoRansom Ransomware targets are very diverse – text...

Malware developers are exceptionally good when it comes to distributing malware, and they tend to rely on a wide range of propagation techniques to increase the reach of their corrupted files. An easy way to get harmful software on your computer is to deal with pirated media and games or to download files from unknown or non-trustworthy sources. In this day and age, it is mandatory to keep your computer protected by an up-to-date anti-malware engine since this is the best way to prevent high-profile cyber-threats from getting a chance to harm your computer. The '.meds' Files cannot be Decrypted for Free One of the threats to look out for at the moment is the Meds Ransomware, a file-locker with the ability to encrypt thousands of files in a matter of minutes. By encrypting files, the threat makes it impossible to use their contents...

Ransomware threats continue to be the primary threat to the safety of your files, and they are the reason why more and more people decide to invest in reliable backup services. Unfortunately, not all users have good backup habits, and they are the prime targets of ransomware developers. One of the file-locker to watch out for the moment is the Kvag Ransomware. This threat is part of the STOP Ransomware family of file-locking Trojans, and it uses an encryption routine that is not decryptable via free means. This makes the Kvag Ransomware threatening exceptionally since the consequences of its attack will persist even if the threat is removed from the infected computer. All files that the Kvag Ransomware locks are marked with the ‘.kvag' extension, so that the victim will be able to recognize them easily. The Kvag Ransomware Locks a Wide...

Remote Access Trojans (RATs) for Android devices may pack a lot of features that enable their authors with the ability to carry out a broad range of unsafe operations on the infected device. One of the more popular Android RAT projects is SpyNote, and its full source code can be found on many hacking forums. One of the scary things about the SpyNote RAT is that it is absolutely free to use so that anyone can start distributing their unique version of it. Furthermore, criminals who are experienced with programming can write additional modules to extend the SpyNote RAT's features. SpyNote’s Source Code is Available to all Cybercriminals Apart from the GitHub page hosting SpyNote RAT's full source code, ads for this hacking tool can be found on many other hacking forums too. Some of the notable features that the SpyNote RAT has allowed it...

File-encryption Trojans continue to be one of the most profitable hacking tools that cybercriminals use. These Trojans' primary purpose is to infect a computer, disable popular data recovery options, and then launch a destructive file-encryption attack that leaves victims with tons of encrypted documents, archives, videos and other files. One of the notable ransomware families active in 2019 is known as the STOP Ransomware family, and its ranks were bolstered by a new member – the Domn Ransomware recently. Just like previous variants of the STOP Ransomware, this one also is considered to be incompatible with free data decryption solutions. Cybersecurity researchers' attempts to crack the Domn Ransomware's encryption have been unsuccessful so far, and victims of this threat may have a very difficult challenge ahead of them when it comes...

A new file-locker that goes by the name 'Caleb Ransomware' has been spotted in the wild. According to user reports, the file-encryption Trojan is being delivered via bogus email attachments that come via a phishing message. Often, the crooks sending out these fake emails may be spoofing them to look as if they were sent by a legitimate company, organization or institution. It is recommended to avoid opening emails from unknown senders if they urge you to download and review and unexpected file attachment, especially. Of course, you should also rely on a good anti-virus product to keep such files away from your computer. The Caleb Ransomware Appends a Lengthy Extension to Locked Files If the Caleb Ransomware is not stopped on time and it ends up being run on an unprotected computer, then the victim of the attack might end up losing...

The 'Google Chrome Critical Error Red Screen' scam (also known as 'Google Chrome Critical ERROR' Pop-Ups) is an online tactic whose purpose is to collect money from its victims by making them pay for non-existent or useless services and software. The tactic is executed by presenting the users with a bogus pop-up window that may cause their Web browser to malfunction, therefore leaving them with the impression that there is something wrong with their systems. According to the contents of the messages that the 'Google Chrome Critical Error Red Screen's uses, the users have become the target of hackers, and there was an attempt to collect their credentials, conversations and payment details. Thankfully, these statements are fake, and you can rest assured that Web browser pop-ups are an unreliable source of information about your...

Smartphones have become an unavoidable part of our lives, and we often rely on them to store sensitive information, private photos, or even to complete financial transactions. This is why it is not a surprise that cybercriminals are paying more and more attention to the security holes in Android devices, and they also focus on developing hacking tools that are compatible with Android. One of the up-to-date entries to the long list of Android-compatible malware is called ‘MobiHok RAT.’ This Remote Access Trojan is being sold on hacking forums currently, and its author also is using YouTube and Facebook to advertise the features that this malicious application has. A Copycat of the SpyNote RAT being Sold Online Malware researchers who examined a sample of the MobiHok RAT (also known as MobeRat), report that it shares a lot of...

Seeing the ‘.hermes837’ extension added to some of your files is a sure sign that your computer has been infiltrated by the Hermes837 Ransomware, a dangerous file-locker that has the ability to leave the majority of your files in an encrypted state. Threats like this one are exceptionally threatening since they are meant to cause long-term damage that cannot be undone by running an anti-virus tool and removing the source of the problem. The only way to restore the files locked by the Hermes837 Ransomware is to use a decryption tool paired with the unique decryption key that the ransomware generated for you. Unfortunately, that key is stored on the server of the Hermes837 Ransomware’s operators only, and they are not willing to part it for free. The Hermes837 Ransomware Targets Popular File Formats Threats like this one are often...

Dealing with the consequences of a Koko Ransomware attack can be a very challenging task due to this threat’s ability to encrypt files and make their contents inaccessible. Reverting the encryption is impossible without acquiring the unique decryption key that the Koko Ransomware uses for each victim. Unfortunately, this key piece of information is stored on the server of the threat’s operators, and they will not give it away unless they receive fair Bitcoin compensation. The Koko Ransomware may be Spread via Fake Emails and Downloads The Koko Ransomware’s authors may use several propagation channels to ensure that their threatening application will reach as many users as possible – phishing emails with bogus attachments, pirated software, fake downloads or fake software updates and patches. The Internet is full of potentially harmful...

Ransomware attacks can be very devastating if you do not have an up-to-date backup copy of your files. This particular malware has the ability to encrypt a large portion of your files in a matter of minutes, and then begin to extort you for money by offering to sell you a decryptor in exchange for Bitcoin. An example of such a piece of ransomware is the PyLock Ransomware, a newly discovered file-encryption Trojan that may have already managed to get to computers in different countries. The PyLock Ransomware is Swift and Threatening The typical propagation channels used to spread the PyLock Ransomware are fake downloads, torrent trackers, bogus email attachments, etc. You should stay away from suspicious content like that and always to use a reputable anti-virus tool to scan the files coming from unknown sources. If you fail to stop the...

In the past decade, cybercriminals have used cyber threats to generate profit for themselves almost exclusively – they use malware that can extort the victim for money, collect their financial details, gather cryptocurrency wallets, or even harvest the computer’s power to mine for various cryptocurrencies. However, it appears that there are still groups of hackers who opt to rely on malware that is purely destructive – this is the exact case with Ordinypt Wiper, a piece of malware capable of damaging a large number of files in a matter of minutes. Attacks with the Ordinypt Wiper are targeted to German users and companies exclusively, and its authors still attempt to make some money despite being unable to help their victims at all. German Users are Again the Targets of a Data Wiper The first reports from victims of the Ordinypt Wiper...

Cryptojacking campaigns have been one of the leading trends in the world of cybercrime and, as expected, the cybercriminals are beginning to introduce more advanced crypto mining malware that can evade sandboxes, persist after removal, and even disguise its presence on the victim’s machine. One other notable thing about a crypto-mining malware is that it is not only targeted to Windows computers certainly – many of the malware families go for Linux-based systems, and this is the case with Skidmap. Cryptocurrency Mining Malware Continues to Evolve Skidmap is a newly discovered malware family whose primary purpose is to deploy a pre-configured cryptocurrency miner malware that generates Monero coins for the attackers. While this is the typical thing you would expect to see from a cryptojacking project, there is a lot more packed in...

Remote Access Trojans (RATs) are among the most versatile tools in the arsenal of cybercriminals. They are loaded with tons of features usually and provide their operators with the ability to take complete control over the victim’s machine. In addition to this, they also support modules to execute specific operations that allow the attacker to collect particular files or data from the infected machine. InnfiRAT is one of the new RAT projects to be spotted in the wild, and it appears to have special modules dedicated to collecting cryptocurrency wallets and cookies from the victim’s machine. Of course, it also packs many of the other features you would expect to see in a Remote Access Trojan. InnfiRAT may be a Private Hacking Tool Often, software like this is being sold on hacking forums, but we are yet to encounter any advertisements...