Warning! Ryuk Decryptor Can't Promise Full Recovery

Warning! Ryuk Decryptor Can't Promise Full Recovery screenshot

The Ryuk ransomware has become notorious in the past several years, raking in hundreds of millions in ransom payments for its creators. The Ryuk ransomware has targeted both private and public sectors, encrypting files on the infected network with a combination of AES and RSA. One of the reasons for the persistent success of the Ryuk ransomware is that its creators haven't stopped improving and evolving it throughout the years. Just over the past year, we have seen multiple new features being added to the Ryuk ransomware, making it into an even bigger threat than it previously was. One of the new features that haven't been so well-documented is Ryuk's capability to encrypt files...

Posted on January 10, 2020 in Computer Security

Dustman

Around the end of 2019, malware researchers uncovered a brand-new data wiping threat. The newly discovered malware is called Dustman, and it is likely the creation of an Iranian hacking group. Iranian cybercriminals are known to have an affinity for data wipers as this threat type ensures a very significant amount of damage. Attacked the Bahraini Oil Company Bapco The Dustman data wiper has already claimed one high-profile victim in the face of the large Bahraini oil corporation named Bapco. A Saudi Arabian security company detected that Bapco had fallen victim to a previously unknown data wiper. After the discovery of this new threat named Dustman, many other cybersecurity agencies worldwide began studying the new strain of malware. Data wipers, in general, aim to cause as much damage as possible, usually, by deleting the data present...

Posted on January 9, 2020 in Malware

DarkCrypt Ransomware

Many cyber crooks opt to borrow the code of existing ransomware threats, alter it slightly, and distribute it to generate revenue from ransom fees. However, some authors of ransomware threats choose to mimic well-established, infamous data-locking Trojans as they carry a recognizable name that is likely to strike fear in the heart of their victims. This is the case of the DarkCrypt Ransomware. At first glance, the DarkCrypt Ransomware appears to be a copy of the notorious WannaCry Ransomware. This, however, is not the case, and the DarkCrypt Ransomware is nothing but an imitation of the highly potent and threatening WannaCry Ransomware. Luckily, the DarkCrypt Ransomware is not nearly as destructive as the previously mentioned threat. Propagation and Encryption There is no confirmation regarding the propagation method employed in the...

Posted on January 9, 2020 in Ransomware

Somik1 Ransomware

Sometimes, malware experts create threats for purely educational purposes and make the code available publicly in the hope of informing more users on how certain strains of malware operate. However, cybercriminals often see this as an opportunity and borrow the publicly available code to wreak havoc and generate revenue off the backs of innocent users. This is what the authors of the Somik1 Ransomware have done. The creators of this data-locking Trojan have used the code of the HiddenTear Ransomware project to build the Somik1 Ransomware. Propagation and Encryption Many authors of ransomware take advantage of spam emails with compromised attachments, corrupted advertisements, fake application updates and downloads, and other popular distribution means to propagate their nasty creations. As soon as the Somik1 Ransomware infiltrates a...

Posted on January 9, 2020 in Ransomware

Piolo.xyz

The Piolo.xyz website is among the numerous bogus Web pages that are plaguing the Internet nowadays. The goal of this fake site is to get its visitors to use a dodgy search engine, often without their consent. This should be accomplished a PUP (Potentially Unwanted Program) that may have sneaked into the user's system. The PUP would ask the user to allow it to replace the default search engine with a bogus one. Furthermore, the PUP in question also would attempt to gain permission to alter the new tab page too. Piolo.xyz Site Works with the Help of a PUP The goal of the PUP is to generate traffic for the Piolo.xyz website. Every time the user attempts to search the Web, their traffic will go through the Piolo.xyz site. The search engine utilized by the Piolo.xyz page is powered by the Russian QIP search engine. This search engine is...

Posted on January 9, 2020 in Browser Hijackers

Myceterparagr.info

Many shady individuals online opt to build fake, useless Web pages and attempt to gain some revenue via this low-end tactic. Some of these bogus pages' goal is to trick the visitors into providing them with permission to display Web browser notifications. Instead of providing the user with useful information via the Web browser notification, like good deals or breaking news, operators of shady websites like the Myceterparagr.info page will bombard them with unwanted advertisements. Uses a Variety of Social Engineering Tricks To trick their visitors into allowing them to display Web browser notifications, the operators of the Myceterparagr.info site claim that the user needs to complete a CAPTCHA to confirm they are not a robot. However, this is not a legitimate CAPTCHA, and clicking on the 'Allow' button the Myceterparagr.info site...

Posted on January 9, 2020 in Browser Hijackers

Pashka Ransomware

Cyber crooks are not taking days off in 2020, and malware researchers have already begun spotting new ransomware threats lurking the Web. Among the newest uncovered file-locking Trojans is the Pashka Ransomware. There are no indications of this threat being a variant of an already existing data-encrypting Trojan, yet. There is a possibility that the Pashka Ransomware might have been built from scratch. Propagation and Encryption The preferred propagation method by many Ransomware creators is spam email campaigns. The attackers would target innocent users and send them an email containing a fraudulent message. Alongside the fake message, the attackers usually attach a corrupted file that, at first glance, appears to be harmless. However, users who fall for this trickery would give the Pashka Ransomware green light to compromise their...

Posted on January 8, 2020 in Ransomware

SNAKE Ransomware

SNAKE Ransomware screenshot

Hundreds upon hundreds of low-quality ransomware threats are distributed online every year. However, high-end data-locking Trojans are far sparser and more interesting. One of the latest threats of this type is called SNAKE Ransomware. The SNAKE Ransomware appears to be a sophisticated and well-thought-out project likely the doing of experienced cybercriminals. This threat targets corporate networks and makes sure to cause maximum damage by encrypting the data of whole networks. Interestingly enough, the SNAKE Ransomware is written in a programming language that is not very common when it comes to the creation of malware – the Golang language. On top of this, the authors of the SNAKE...

Posted on January 8, 2020 in Ransomware

Prizedeal0919.info

More and more individuals with questionable morals are opting to set up fraudulent pages that appear to host interesting content or promise various prizes but are, in fact, nothing more than a marketing trick. Such Web pages work with shady advertising networks, whose goal is to promote numerous fake services or overpriced, low-quality products that no legitimate advertising company would work with. Nonetheless, this seems to be working as this low-end tactic is extremely popular online. Tricks Users into Believing They Have Won a Prize One of these websites is the Prizedeal0919.info page. This site attempts to trick users into thinking they have won a prize. However, if they want to claim the prize, the website demands them to follow the instructions they are provided with. The instructions state that the users need to click on the...

Posted on January 8, 2020 in Browser Hijackers

Betanews.me

There are numerous fake websites whose sole purpose is to trick users into allowing them to display Web browser notifications. Such pages tend to work hand in hand with dodgy advertising networks. The bogus pages would mislead their visitors into giving them permission to display Web browser notifications, and as soon as this is completed, the site will begin bombarding the user with numerous unwanted and irrelevant advertisements. These advertisements tend to promote low-quality products alongside overpriced or bogus services. If the user clicks on an ad or purchases a product or service, the fake website gets paid by the shady advertisement network. Applies Social Engineering Tricks The Betanews.me page is a prime example of this trickery. The operators of this website have likely named it Betanews.me to make it seem like this is a...

Posted on January 8, 2020 in Browser Hijackers

US Government Site Defaced Using Pro-Iranian Messages

US Government Site Defaced Using Pro-Iranian Messages screenshot

The government website of the US Federal Depository Library Program (FDLP) was attacked by what claims to be a group of Iranian hackers. The event comes on the heels of the US drone strike that killed Iranian general Qasem Soleimani and caused an escalation of tensions between Washington and Tehran as well as on a global level. In the past, we have witnessed many other attempts by Iranian culprits for hacking websites and initiating attacks over the Internet. The website had its content replaced by a black screen with both English and Perso-Arabic script on it. Below the text was a collage depicting US President Donald Trump with a bloodied lip, being hit in the face by a fist. The fist...

Posted on January 7, 2020 in Computer Security

Dever Ransomware

Most authors of ransomware build their creations based on already existing data-encrypting Trojans. This is the case with the Dever Ransomware. This file-locking Trojan belongs to the Phobos Ransomware family. When the Dever Ransomware targets a system, it will make sure to lock all the files present on it. From images to audio files, documents, and archives – no data will be spared. Propagation and Encryption According to reports, the Dever Ransomware is being propagated via spam emails. The emails in question would contain a fake message riddled with social engineering tricks designed to convince users to launch the attached file. Executing the attachment would ensure that the target's system gets compromised. Often, the emails appear to be from a large and well-known company or a government body. The Dever Ransomware would use an...

Posted on January 7, 2020 in Ransomware

SlankCryptor Ransomware

Cybersecurity researchers keep uncovering more and more ransomware threats daily. Data-locking Trojans are one of the worst threats a regular user may come across. They would sneak into one's system, encrypt all their data, and then demand money in exchange for a decryption tool. Among the newest ransomware threats is the SlankCryptor Ransomware. It would appear that this threat is named after a popular rock band hailing from Indonesia called Slank. After studying the SlankCryptor Ransomware, researchers found that this threat is still in development. Despite being an unfinished project, the SlankCryptor Ransomware is still fully capable of encrypting data and blackmailing users. Propagation and Encryption The SlankCryptor Ransomware is likely being propagated via fake emails masked as important messages from the government or a...

Posted on January 7, 2020 in Ransomware

BDDY Ransomware

Cybercriminals keep pumping out numerous new ransomware threats every year. File-locking Trojans are one of the nastiest threats online as they sneak into user's systems and lock all their data. Attackers tend to require a ransom fee in exchange for a decryption key that will help the victim recover their data. Malware researchers work tirelessly to create free decryption tools for ransomware threats that have claimed a significant number of victims, but, unfortunately, most data-encrypting Trojans are not decryptable for free. One of the newest file-locking Trojans is called BDDY Ransomware. When researchers dissected the BDDY Ransomware, they found that this is a variant of the Matrix Ransomware. The bad news is that Trojans that belong to the Matrix Ransomware are not decryptable for free. Propagation and Encryption The infection...

Posted on January 7, 2020 in Ransomware

Clk2win.com

The Clk2win.com Web page is a dodgy site that users should avoid. Instead of hosting worthwhile content and providing value to its visitors, the only goal of the Clk2win.com site is to trick users into allowing the page to display browser notifications. Many legitimate websites would request permission to display Web browser notifications and would send the user useful notifications like news alerts, stream updates, great deals, etc. Though, this is not the case with the Clk2win.com. This shady site uses Web browser notifications to spam the user with unwanted and irrelevant advertisements. This sort of behavior does not pose a threat to your system, but it can, nonetheless, be disruptive. It is likely that the constant bombardment with unwanted advertisements will diminish your browsing quality greatly. Many websites, similar to the...

Posted on January 7, 2020 in Browser Hijackers