The Cerber Ransomware is a ransomware infection that is used to encrypt the victims' files. The Cerber Ransomware adds the extension CERBER to every file that the Cerber Ransomware encrypts. After the Cerber Ransomware has encrypted some of the files of the victim, the Cerber Ransomware demands the payment of a ransom in exchange for the decryption key. According to Cerber Ransomware's ransom note, computer users have one week to pay the ransom amount before this amount is doubled. The Cerber Ransomware Contains an Audio Message As the Cerber Ransomware encrypts the victim's files, it creates TXT, HTML, and VBS files named 'DECRYPT MY FILES' with instructions on how to pay the Cerber Ransomware's ransom. These files are dropped on every folder that contains files that were encrypted by Cerber Ransomware. According to these ransom...

The WanaCrypt0r Ransomware is an encryption Trojan that features a worm-like attack tactic. The WanaCrypt0r Ransomware is recognized as one of the most threatening and widespread encryption Trojans up until May 12th, 2017. The WanaCrypt0r Ransomware managed to compromise more than hundreds of thousand systems across one hundred and forty countries on its first release to the real world. The brunt of the attack was taken by PC users in Russia and the National Healthcare System in Great Britain. The Trojan managed to block access to most of the computers connected to the National Healthcare System and nearly 70% of the cases that involve the WanaCrypt0r Ransomware are recorded in Russia....

The CryptoLocker Trojan is a ransomware infection that encrypts the victim's files. CryptoLocker may typically be installed by another threat such as a Trojan downloader or a worm. Once CryptoLocker is installed, CryptoLocker will search for sensitive files on the victim's computer and encrypt them. Essentially, CryptoLocker takes the infected computer hostage by preventing access to any of the computer user's files. CryptoLocker then demands payment of a ransom to decrypt the infected files. CryptoLocker is quite harmful, and ESG security analysts strongly advise computer users to use an efficient, proven and updated anti-malware program to protect their computer from these types of...

The Play-bar.net search aggregator is similar to Ultimate-search.net, and it is a questionable service that is promoted by a browser hijacker. The Play-bar.net site is operated by Blisbury LLP and features a small search bar, a weather forecast in the top right corner and a clock widget in the top left corner. Additionally, the Play-bar.net site may offer users to play Adobe Flash games on online gaming platforms likePrincess Games, GamesRockit and TikiArcade. The browser hijacker related to Play-bar.net is written with the purpose of diverting the Internet traffic of infected users to Play-bar.net and earn affiliate revenue. The Play-bar.net browser hijacker may modify your DNS settings and change your default search aggregator, homepage and a new tab to Play-bar.net. The Play-bar.net browser hijacker might edit your Windows Registry...

The Cerber3 Ransomware is a new version of a well-known ransomware Trojan. The Cerber Ransomware Trojan now uses a slightly different method during its attack. The main difference is that the files infected by the Cerber3 Ransomware can be identified through the use of .CERBER3 as the extension that identifies the files that have been encrypted in the attack. PC security analysts had observed a Cerber2 variant of this attack previously. This numbering system may indicate new versions of software, and threats are no exception. The appearance of the Cerber3 Ransomware indicates that the Cerber ransomware family is being developed and updated currently. The Cerber3 Ransomware and Possible Updates to this Threat The Cerber3 Ransomware was discovered recently, around the end of August of 2016. The Cerber3 Ransomware presents minor...

The DNS Unlocker is adware that has caught the attention of PC security researchers. Many computer users have been using programs like the DNS Unlocker to bypass region-locking components in online applications. The DNS Unlocker, in particular, has been advertised as a way for computer users to access Netflix for regions outside of their location. PC security analysts strongly recommend against this approach. There are numerous applications available that supposedly allow computer users to modify their IP or connect to certain websites that are blocked for certain regions. However, this is a common way for adware developers to distribute their low-level and mid-level threats. In several situations, it may be better to avoid using these types of components or looking for reputable options even if they are slightly more expensive than...

Tavanero.info is a bogus search engine that is associated with a PUP (Potentially Unwanted Program). Tavanero.info attempts to mimic the look and feel of the Google search engine to mislead computer users. Tavanero.info uses the Google logo colors in its layout and even includes the term 'GoogleTM Custom Search,' despite the fact that Tavanero.info has no affiliations with Google. Tavanero.info should be considered for what it is, a bogus search engine that may be used to expose computer users to potentially harmful online advertisements and content. There is no legitimate connection between Tavanero.info and Google, despite this fake search engine's claims. The Activities of Tavanero.info and Its Associated PUP Tavanero.info is linked to a type of PUP known as a browser hijacker, mainly because these components may be used to hijack...

If Tech-connect.biz start appearing as your homepage and search engine, this means that your computer is housing a browser hijacker. Then you wonder how it could have happened if wasn't you who introduced Tech-connect.biz on your machine. The answer is very simple; browser hijackers may be part of the installation of a free software you downloaded from the Web recently. This is a well-used method since the computer users may be in a hurry when installing the free program they need and instead of choosing 'Advanced' or 'Custom,' used the quickest installation method, skipping its EULA and additional details, giving the browser hijacker, adware, and PUPs, the permission to be installed unknowingly. Although not threatening, Tech-connect.biz may cause a series of inconveniences to the computer users, such as appending the argument...

The Zepto Ransomware is a variant of the Trojan Locky Ransomware. The Zepto Ransomware is designed to infect all versions of the Windows operating system, from Windows XP all the way to Windows 10. Ransomware Trojans like the Zepto Ransomware are especially threatening because, even if removed, the victim's files will still be inaccessible. Essentially, the Zepto Ransomware takes the victim's files hostage, encrypting them and demanding the payment of a ransom to decrypt them. Since the files encrypted by the Zepto Ransomware are impossible to recover without access to the decryption key, PC security analysts advise that computer users take immediate preventive measures to avoid becoming victims of this and similar ransomware Trojan attacks. The Files Encrypted by the Zepto Ransomware may be Lost Forever When the Zepto Ransomware is...

The CryptoWall Ransomware is a ransomware Trojan that carries the same strategy as a number of other encryption ransomware infections such as Cryptorbit Ransomware or CryptoLocker Ransomware. The CryptoWall Ransomware is designed to infect all versions of Windows, including Windows XP, Windows Vista, Windows 7 and Windows 8. As soon as the CryptoWall Ransomware infects a computer, the CryptoWall Ransomware uses the RSA2048 encryption to encrypt crucial files. Effectively, the CryptoWall Ransomware prevents computer users from accessing their data, which will be encrypted and out of reach. The CryptoWall Ransomware claims that it is necessary to pay $500 USD to recover the encrypted data....

RelevantKnowledge is software that exists in a moral grey area. RelevantKnowledge is widely considered spyware, because RelevantKnowledge will collect huge amounts of information about your Internet usage, and then use that information to put together even more information about you. That information is then sold, anonymously, either individually or as part of aggregate data. Given the way that RelevantKnowledge is installed on most computers, it is unlikely that most of those users are fully aware of the facts about RelevantKnowledge. What RelevantKnowledge is, and Where it Comes From RelevantKnowledge is a product of the company MarketScore, formerly called Netsetter. MarketScore...

DarkComet is a malware threat that has started to proliferate since the beginning of 2012. ESG security researchers have found that DarkComet is strongly associated with the conflict between political dissidents and the Syrian government. Basically, DarkComet is a full-fledged remote access Trojan (RAT), which allows a remote party to connect to the infected computer system and use it from afar. With full access to the victim's computer system, hackers can basically steal any information on the infected computer or use it for their own means. DarkComet uses a vulnerability in Skype, the popular online chat application, in order to spread. Whenever DarkComet's executable file runs, it connects to a server located in Syria from which DarkComet receives updates, instructions and the files DarkComet needs to take over the victim's computer...

There's a variant of the Zeus Trojan that has targeted banks and credit unions in the United States in October of 2012. This malware infection, known as the Gozi Trojan, has managed to steal sensitive data belonging to customers of important credit unions all around the United States. The Gozi Trojan attacks the targeted financial institutions' websites by inserting fields into the website in order to trick visitors into handing over their private information. The Gozi Trojan has affected at least thirty banks in the United States, often using fraudulent signatures in order to infiltrate secure networks. ESG security researchers have also observed the involvement of more than one hundred botnets in an effort to steal money using information stolen with the Gozi Trojan and transfer that money to offshore accounts. The criminals...

OnlineMapFinder is a potentially unwanted program (PUP) that is advertised at Free.onlinemapfinder.com/index.jhtml as a premium Web-app. The OnlineMapFinder application is developed by Mindspark Interactive Network, Inc. and is described at Free.onlinemapfinder.com/index.jhtml as "Maps, Driving Directions and more in one Chrome New Tab" briefly. The OnlineMapFinder application works as a browser extension/add-on that you can attach to Internet Explorer, Google Chrome, and Mozilla Firefox. You may find the OnlineMapFinder useful if you are traveling around the world with a laptop on your back. The OnlineMapFinder app may load exciting content from sources like Maps.nationalgeographic.com, Historicaerials.com, and Mapquest.com. OnlineMapFinder may be eliminated by going through the web browser add-ons and extensions menu to find and...

In March of 2016, PC security analysts started observing the Crysis Ransomware infections. This threat, like most encryption ransomware Trojans, encrypts the victim's files and demands the payment of a ransom to get the decryption key. The Crysis Ransomware can be identified because it changes the encrypted files' extensions to '.the Crysis.' Tthe Crysis Ransomware poses a significant threat to computer users and should be removed immediately. How the Attack of the Crysis Ransomware Functions The Crysis Ransomware encrypts files using an RSA encryption algorithm and the AES-128 encryption. After encrypting the victim's files, the Crysis Ransomware demands the payment of a ransom to provide the decryption key. When a file has been encrypted by the Crysis Ransomware, it becomes inaccessible. The Crysis Ransomware drops text files...

The Counterflix software is advertised as an application that can allow users to load geo-restricted content from services like Hulu, Pandora and Netflix. PC users that live in countries like India, China, and Russia, where Internet censorship applies may be interested in installing Counterflix. The services provided by Counterflix are available through the app and the modification of your DNS configuration. The setup page for Counterflix can be found at Counterflix.com and users will need to edit their system settings to install the Counterflix correctly. You should note that the Counterflix software is provided on an “As-Is” basis and you will not receive support from its developers. Unfortunately, the makers of Counterflix do not provide contact information like a Facebook page or a Twitter account, which you may need in case of...

The Yeadesktop.com domain is presented to Web surfers as a search service that includes links to third-party service like LinkedIn, Netflix, Yahoo, YouTube and Facebook. Yeadesktop.com offers visitors access to curated collection of Web-based mini-games as well. The site may appeal to users of all ages, but you should take into consideration that Yeadesktop.com is supported by intrusive advertisements. Additionally, Yeadesktop.may be associated with a program with the same name ('Yeadesktop') that is mentioned in cases of browser hijacking. Computer users that are affected by the Yeadesktop browser hijacker have reported that their Internet browser loads Yeadesktop.com as the default start page and new tab. We have detected that a program with the name 'Yeadesktop' may be delivered to PC users via free software bundles and make...

The Luckysite123.com domain has been linked to Web browser redirects that may be caused by browser hijackers, Potentially Unwanted Programs (PUPs), adware, and various other parasites or low-level threats. The Luckysite123.com website is designed to impersonate a legitimate search engine, as well as offer various other supposed features. The Luckysite123.com layout is designed to mimic Google, Yahoo, Bing, and other legitimate search websites. However, the real purpose of Luckysite123.com may not be the delivery of legitimate search results. Rather, Luckysite123.com may be designed to expose computer users to advertising material and keep tabs on their online searches and activity. Furthermore, the way in which computer users may be forced to visit and use Luckysite123.com against their will may make these websites problematic. How a...

The Jungle Arcade software from Junglearcade.com/games is promoted as a browser extension that offers free access to quality games on the Internet. The software is classified as a Potentially Unwanted Program (PUP) that is designed to modify your browser settings, load content from Junglearcade.com/games, load persistent tracking cookies and change your new tab page. The Jungle Arcade software is available to Google Chrome, Internet Explorer and Mozilla Firefox users. If you intend to install the Jungle Arcade extension, you should read the terms of use and privacy agreement at: junglearcade.com/Terms junglearcade.com/Privacy The Jungle Arcade program changes your new tab page to a custom version of Junglearcade.com and reads information like your Internet history, bookmarks collection and download log. The data is transmitted to...

The GoPlay Search browser extension is a product by the same team who created the Videodrome Search extension. The GoPlay Search program is developed by a team of programmers associated with the bettersearchtools.com site. The bettersearchtools.com site appears to be the homepage for a dozen extensions on the Chrome Web Store including Better Search Tools, bestMovies Search Plus, Videodrome Search and betterMovies Home. Additionally, the GoPlay Search software has a clone named justPlay Search, which supports the same functionality and connects to the same sites, but it has a separate page on the Chrome Web Store. Both versions of GoPlay Search are classified as Potentially Unwanted Programs (PUPs) that are ad-supports products by bettersearchtools.com. The GoPlay Search (a.k.a. justPlay Search) extension and its clone can be found on...

The CloudExtender software is classified as an adware that you may install with a free program bundle if you forget to explore the 'Advanced' and 'Custom' options. The CloudExtender adware places a virtual layer between the user and the loaded site, which enables the app to display promotional images, banners, play video/audio commercials, redirect the user to third-party sites and show pop-up windows. Computer security experts note that the content provided via the CloudExtender adware may include links to fake lotteries, prizes on Facebook, coupons, and discounts at reputable stores like Amazon and Walmart. The CloudExtender program is not your typical adware considering that it is reported to perform multiple browser redirects every time the user starts an online session. Apparently, the CloudExtender adware may edit the shortcut...

The 'Critical Chrome Update' pop-up alerts that you may notice in Google Chrome and other browsers are not legitimate notifications by Google Inc. about updates regarding their browser. The 'Critical Chrome Update' notifications may include the Google Chrome logo and originate on a page that supports HTTPS connection, but it does not mean that it is safe to download the proposed update. Modern-day browsers support automatic updates and do not use pop-up windows from sites like 'oolidvagrantup.com' to invite the user to take action. Companies like the Mozilla Foundation, Google Inc., Microsoft Corp and many others rely on an automated system to push updates fast, securely and reliably. Do not trust the 'Critical Chrome Update' warnings on your screen. If the browser fails to install new updates, an exclamation mark icon would appear in...

The Search.heasyspeedtest.co site is associated with yet another clone of the Test My Speeds that comes under the name of Easy Speed Test. Both programs come from the same developer—Polarity Technologies Ltd. and offer the same functionality. However, Test My Speeds changes the user's browser settings to Search.testmyspeeds.co while the Easy Speed Test browser extension changes the new tab, start page and search to Search.heasyspeedtest.co. Regardless of the small differences, the Easy Speed Test extension offers access to the same Internet speed tool at openspeedtest.com, which is embedded into Search.heasyspeedtest.co as a widget. You may be interested to know that Polarity Technologies Ltd. is not a partner of openspeedtest.com and the service has its own extension named Internet Speed Test by openspeedtest.com, which can be...

The TeslaWare Ransomware is a general detection name associated with a RaaS (Ransomware-as-a-Service) platform being sold on the Black Market online. Cyber security researchers alerted of the TeslaWare Ransomware campaign going live in the third week of June 2017. Evidently, access to the source-code for the TeslaWare RaaS is sold for prices that range from 35 EUR (39) to 70 EUR (78 USD). Wannabe-cyber-extortions are welcomed to buy the TeslaWare Ransomware and make modifications to its appearance, behavior, and functionality. The TeslaWare Ransomware is one of the many RaaS platforms to emerge in the first half of 2017, which includes names like the Ranion Ransomware and the FileFrozr Ransomware. However, the TeslaWare Ransomware appears to be a work-in-progress RaaS considering the encrypted data can be recovered. Compromised users...

The Xmrig32.exe file is associated with the mining of the Monero cryptocurrency. The Xmrig32.exe file serves as the primary process for the Monero currency miner, which is available for free download online. The XMRig (Xmrig32.exe) software is deemed as a Potentially Unwanted Program (PUP) that allows users to facilitate Monero transactions using their machines and claiming a percentage of the money transfers. The XMRig program is a very resource-hungry application that requires a lot of computational power. The activity of the XMRig Monero miner (Xmrig32.exe) might need more than 80% of the CPU and GPU resources on the system. The XMRig Monero miner supports computation with CPU and GPU dedicated resources as the currency transactions are packed as small data packets, but their number is significant. Running the XMRig Miner...

On June 14, Ulster University and University College London reported that they have both been hit by what was described as a 'widespread ransomware attack.' The two institutions quickly put together response teams which set off to contain and remove the malware. Although the term 'zero day' was used rather lightly, the people tasked with fending off the attack did a good job overall. The first thing they did was to take the drives hosting shared information for students and teachers offline. Sadly, by that time, some of the data had already been encrypted. There was good news, though. Both universities had fresh backups that weren't affected by the ransomware. Over the next few days, the response teams restored the information, made sure that the malware is well and truly gone, and on June 19, everything went back to normal. At first,...

The 'Unknown Security Breach' pop-up windows are generated on untrusted pages that feature bad scripts, which might crash your browser when loaded. The 'Unknown Security Breach' warnings may look like security alerts from companies like Microsoft Corp. and Google Inc., but they offer misleading content. The text on the 'Unknown Security Breach' signs is intended to scare users with unfamiliar system files, virus names and error codes. PC security experts advise against following the instructions displayed on the 'Unknown Security Breach' pop-ups. The 'Unknown Security Breach' alerts are part of a technical support tactic and advertise toll-free phone lines that are operated by uncertified computer support agents. In reality, con artists pose as employees of Microsoft that are ready to help you remove the threats mentioned on the...

The Soundrad.net site is offered to users as a nice new tab and home page replacement that comes with an integrated search from search.soundrad.net. PC users that love to listen to radio stations on the Internet may like the Soundrad.net site. You may want to know that the Soundrad.net site supports a browser extension named 'SoundRad Default Search.' At the time of research, the SoundRad Default Search browser extension is available to Google Chrome users only. Additionally, the SoundRad Default Search extension can be installed as an optional offer to a free software bundle. The SoundRad Default Search extension does not appear to have an official page on the Chrome Web Store considering the product page is hidden, and a careful research revealed it to be on:...

The TraNs Ransomware is an encryption Trojan that was detected by cyber security scanners in the second week of June 2017. The cyber parasite appears to be used in attacks on regular PC users. Cases that involve the TraNs Ransomware suggest the Trojan is aimed at English-speaking users. The payload for the TraNs Ransomware is packed as a macro-enabled Microsoft Word document, which users may download from spam emails. Computer security experts alert that the corrupted documents related to the TraNs Ransomware campaign may be sent to users as invoices, pending bills, order confirmations and fake messages from social media. The TraNs Ransomware encryption Trojan is designed to run on the latest versions of Windows and supports 32-bit and 64-bit system architectures. The programmers behind the attack enabled the TraNs Ransomware to scan...

The NSMF Ransomware is a file encoder Trojan that is proven to be a modified version of the HiddenTear open-source ransomware released by Utku Sen in August 2015. Since its release, HiddenTear has become one of the popular platforms to create new crypto-threats. The NSMF Ransomware joins an expanding family of HT variants that include well-documented threats like the CryptoSweetTooth Ransomware and the VindowsLocker Ransomware. The cyber-parasite appears to spread via spam emails that urge the user to open an invoice, look like an order confirmation or an important message from a respected bank. The developer of the NSMF Ransomware decided to follow the example of the Ruby Ransomware and use an embedded macro script that handles the installation of the Trojan when the unsuspecting user opens the payload. The NSMF Ransomware is...

The Gansta Ransomware is a Screen Locker Trojan that demands ransom from the user to restore access to the desktop. The Gansta Ransomware was released in December 2016 under the name Free-Freedom Ransomware, and the project was revitalized in June 2017 with a new release. The new version of the Trojan was sent to users with spam messages that invited them to open a file named 'worksheet.pdf.exe.' As you can imagine, the file has a double extension and may be disguised as a spreadsheet to fool users into double-clicking it. The programmers who created the Gansta Ransomware may release their product as a free desktop app named 'FolderLocker' as well. Computer security analysts note that the new version of the Trojan is slightly different from the original, but it is detected by AV scanners as: MSIL11.EGA Ransom/W32.Agent.647168...

Have you ever wondered how damaging and expensive a ransomware attack can be exactly? Here's an example that should give you an idea. On June 10, a Korean web hosting provider going by the name Nayana was hit by a file-encrypting malware known as Erebus. 153 Linux servers were affected which represent more than half of the company's entire infrastructure. Thousands of websites went down, and according to ZDNet's Korean edition, the list of victims includes the AIDS Prevention Association of Korea and the National University Department. Of course, countless small and medium-sized businesses were also left without an Internet presence, and because Nayana is still in the process of paying the ransom and bringing everything back to normal, the amount of lost money is still growing. But why is the whole thing taking so long? In the...

The SpecialSearchOffer Search browser extension may be promoted to users as an online shopping utility that can help you save money while purchasing goods on the Internet. The SpecialSearchOffer Search browser extension is a third-party software that is not associated with reliable online stores like Amazon, eBay, Walmart and others. The SpecialSearchOffer Search app is identified as a browser hijacker that may make changes to your Internet settings and reroute your searches via Search.ssoextension.com/s?q= to Search.yahoo.com. The SpecialSearchOffer Search browser hijacker was reported by users in June 2017 after their browser began to use the Search.ssoextension.com/s?q= site as their default search provider. Web surfers reported being sent to Search.ssoextension.com/s?q= and then to Search.yahoo.com, which is the legitimate version...