FuckTheSystem Ransomware

The FuckTheSystem Ransomware is a Trojan that was reported by PC security researchers in the second week of May 2017. Samples of the Trojan have been found running on infected devices as 'Crypto.exe.' Initial threat analysis revealed that the FuckTheSystem Ransomware is installed on machines via macro-enabled documents, which are delivered to users in spam emails. The program behaves as an encryption Trojan that uses cryptographic algorithms to encipher the content of the files on the system and hold them hostage until the user pays a ransom for the decryption key. The FuckTheSystem Ransomware does not have connections to projects like Cerber 6 and Ranion, which are offered as Ransomware-as-a-Service on the Internet. The FuckTheSystem Ransomware appears to be the product of an independent team of threat programmers who aim the Trojan...

Posted on May 12, 2017 in Ransomware

DirectionsOnline

The DirectionsOnline browser extension by Mindspark Interactive Network, Inc. is another addition to their line of navigation aid extensions, which include DirectionsBuilder, OnlineMapFinder, DirectionsWhiz, and MyMapsWizard. The DirectionsOnline extension claims to offer access to maps, directions instructions and traffic information. The services of the DirectionsOnline app are provided by modifying your new tab and homepage settings. The changes may be applied to Google Chrome, Internet Explorer and Mozilla Firefox. You might want to read the Terms of Use and Privacy Agreement before you proceed to install the DirectionsOnline app since it is an ad-supported product. DirectionsOnline is perceived as a Potentially Unwanted Program (PUP) that requires the following privileges: Read and change all your data on the websites you visit....

Posted on May 12, 2017 in Possibly Unwanted Program

Magic PC Cleaner

The Magic PC Cleaner software is developed by a company named Softfix Solutions Pvt. Ltd., which is based in Gurugram, India. Magic PC Cleaner is presented to Windows users as an optimization utility that is supposed to fix and remove errors from the system with the aim to improve your computer's performance. The homepage for the Magic PC Cleaner program can be found at Softfix.com/Products.aspx, and the marketing pitch for the software reads: 'Magic PC Cleaner is the most advanced PC cleaner to take care of your day to day computer's general issues. It is the lightest and the fastest PC cleaner that installs itself in no time and gives you a round the clock proctection from junk files, cookies, system errors, browser related errors and clear your prefetch data.' The lack of proper proofread and valid digital certificate for the site...

Posted on May 11, 2017 in Possibly Unwanted Program

‘Get the Chrome Cleanup Tool’ Pop-Ups

The 'Get the Chrome Cleanup Tool' pop-ups you may be shown while surfing the Internet are not to be trusted. The 'Get the Chrome Cleanup Tool' pop-up windows are not associated with products and services by Google Inc. We have seen the 'Get the Chrome Cleanup Tool' notifications appear on untrusted pages that are not part of the Google's infrastructure. The 'Get the Chrome Cleanup Tool' messages aim to scare users into thinking their browser is affected by spyware and adware, which can be removed with the 'Chrome Cleanup Tool.' The 'Chrome Cleanup Tool' program is a legitimate product of Google Inc., which can be found at google.com/chrome/cleanup-tool and downloaded for free in case you need to clean and repair your installation of Google Chrome. However, untrusted software developers use the name to lure users into downloading a...

Posted on May 11, 2017 in Adware

Better Tab

The Better Tab software (a.k.a. TheBetter Tab) by BeeStripe LLC is promoted at thebettertab.com as a Web-based service aimed at simplifying your digital life. Web surfers that visit thebettertab.com are suggested to allow Better Tab access all their data on the pages they load in Google Chrome and set thebettertab.com as their homepage and new tab. The Better Tab browser extension may enable users to make short to-do lists, change the background image of their homepage and search via Seekit.com. The Seekit.com portal is a default search provider to users that have installed Better Tab. The search service offered at Seekit.com is supposed to be powered by Google, but the search results do not appear to be the same as those displayed at Google.com. Better Tab is perceived as a Potentially Unwanted Program (PUP). The main distribution...

Posted on May 11, 2017 in Browser Hijackers

ThunderCrypt Ransomware

The ThunderCrypt Ransomware is a ransomware Trojan that is used to infect computers in an attempt to extort computer users. The ThunderCrypt Ransomware was first observed in May 2017, and it seems to be a standalone infection rather than part of a larger family. PC security researchers suspect that the ThunderCrypt Ransomware is being delivered using corrupted spam email attachments that abuse vulnerabilities in macros to execute a corrupted code on the victim's computer. The ThunderCrypt Ransomware also has been observed to be delivered as a bogus update for Adobe Flash Player, a common tactic that has been seen in numerous threat variants over the years. How the ThunderCrypt Ransomware Carries out Its Attack When the victim is exposed to the ThunderCrypt Ransomware's downloader, the User Account Control will display the following...

Posted on May 11, 2017 in Ransomware

GruxEr Ransomware

The GruxEr Ransomware is a ransomware Trojan that is based on Hidden Tear, an open source ransomware platform that was released in 2015. Today, countless ransomware variants are descendants of Hidden Tear, and the GruxEr Ransomware, released in May 2017, is just one of many other ransomware Trojans being created using this platform. The GruxEr Ransomware is not being distributed widely currently but is capable of carrying out highly effective ransomware attacks. The GruxEr Ransomware uses a ransom note in English and carries out a typical ransomware tactic, encoding the victim's files and then demanding the payment of a ransom from the victim. The GruxEr Ransomware is designed to work as a 32-bit application and will infect computers running practically any version of the Windows operating system. How the GruxEr Ransomware Infection...

Posted on May 11, 2017 in Ransomware

UIWIX Ransomware

The UIWIX Ransomware is a Trojan that will extort victim by encrypting their files and then requiring the payment of a ransom in exchange for the decryption key. The UIWIX Ransomware's preferred targets are networks protected poorly, servers, and online shopping websites using certain shop platforms. The UIWIX Ransomware may be delivered by taking advantage of software vulnerabilities and computers protected poorly and remote desktop connections. The UIWIX Ransomware will use a strong encryption algorithm to make the victim's data inaccessible. The UIWIX Ransomware then demands the payment of a ransom by delivering a text file named '_DECODE_FILES.txt' with instructions on how to proceed. The UIWIX Ransomware has been observed in infections of computers running the Windows Server 2008 with exploitable vulnerabilities. Currently, PC...

Posted on May 11, 2017 in Ransomware

New Tab Aid

The New Tab Aid browser extension that you can find in the Chrome Web store and freeware bundles is promoted as a viable new tab page replacement for users. The New Tab Aid browser extension is developed by programmers associated with Mybrowserbar.com, which has ties to browser hijacking software. The New Tab Aid extension is promoted to users with the following marketing pitch: 'Enhance your New Tab Page with a Yahoo search box New Tab Aid is a free, safe and friendly extension that offers you the possibility of searching the web with Yahoo from your new tab page.' At first glance, the New Tab Aid app appears to make little to no modifications to your browser and only makes your browser load Search.yahoo.com instead of the default page. Web surfers that favor the Yahoo search engine might like what the New Tab Aid app has to offer....

Posted on May 11, 2017 in Possibly Unwanted Program

SrchUSk

The SrchUSk browser extension is not classified as a reliable app. The SrchUSk software is promoted via ads generated by adware, it does not have an official site, and its primary distribution method involves bundling with riskware. The SrchUSk extension may support Google Chrome, but there may be versions for Mozilla Firefox and Internet Explorer. PC users that install the SrchUSk app should expect to experience browser redirects constantly. Additionally, the SrchUSk app might read information like your Internet history, IP address and software configuration to facilitate the display of targeted commercials. The SrchUSk may not be a legitimate program that you can rely on. The SrchUSk app is an adware-powered product that is designed to reroute users via privsearch.club to search.hr, which loads content at Yahoo.com. The SrchUSk...

Posted on May 10, 2017 in Browser Hijackers

Weather Hub

The Weather Hub software from ClientConnect Ltd. is promoted as a widget for your Internet client that can enhance your new tab and provide relevant weather forecast at the tip of your fingers. The Weather Hub is promoted via free software bundles and ads on browser extension libraries primarily. You may install the Weather Hub widget unknowingly if you choose the 'Express' and 'Typical' option when installing a free software package. You may be taken by surprise to find that your new tab in Google Chrome, Mozilla Firefox and Internet Explorer loads Searchespro.com by default. The Weather Hub program makes its services available by modifying the new tab page settings of various browsers that are based on the Chromium and Mozilla projects. The new tab powered by Weather Hub offers a search bar that redirects users to Bing.com, links to...

Posted on May 10, 2017 in Browser Hijackers

ZipLocker Ransomware

The ZipLocker Ransomware is a ransomware Trojan. The Trojans in this category are designed to take the victim's files hostage, asking for the payment of a sum to restore access to the infected files. These tactics are becoming common increasingly due to the effectiveness of the attack; even if the ZipLocker Ransomware infection itself is removed, the victim's files remain inaccessible. Because of this, dealing with ransomware Trojans like the ZipLocker Ransomware is not only a matter of preventing the ZipLocker Ransomware infection itself but also of taking steps to ensure that data can be recovered in case that it becomes compromised in one of these attacks. Disclosing the ZipLocker Ransomware Trojan Infection The most common tactic used in these attacks is to use an encryption algorithm to encrypt the victim's files. The ZipLocker...

Posted on May 10, 2017 in Ransomware

Crypto-Blocker Ransomware

The Crypto-Blocker Ransomware is a ransomware Trojan that is used to target computer users that speak English. The Crypto-Blocker Ransomware, like most ransomware Trojans, uses a strong encryption algorithm to make the victim's files inaccessible, essentially holding them ransom until the victim pays for the decryption key needed to access the affected files. There are many methods with which Trojans like the Crypto-Blocker Ransomware can be delivered to victims. The most common method involves spam email attachments, which use corrupted scripts to download and install the Crypto-Blocker Ransomware on the victim's computer. The Crypto-Blocker Ransomware will attack computers running the Windows operating system, up to the latest versions. Current attacks have been spotted in North America and Europe. PC security researchers are...

Posted on May 10, 2017 in Ransomware

Maykolin Ransomware

The Maykolin Ransomware is a ransomware Trojan that is used to extort computer users. The Maykolin Ransomware was first observed in May 2017. The Maykolin Ransomware receives its name from the email address that is used by its perpetrators to contact the victims. The Maykolin Ransomware, like most ransomware Trojans, encrypts its victims' data, then asks the infected user to pay a ransom so that the con artists can provide the decryption key necessary to recover the affected files. Threats like the Maykolin Ransomware may be distributed to victims through the use of corrupted spam email attachments. These attachments may include a macro script that downloads and executes the Maykolin Ransomware on the infected PC. The Maykolin Ransomware may be installed without alerting the victim, running in the background and carrying out its attack...

Posted on May 10, 2017 in Ransomware

Ruby Ransomware

The Ruby Ransomware is an encryption Trojan that is used to extort computer users. The Ruby Ransomware is one of the countless ransomware Trojans based on HiddenTear, the open source ransomware engine released in Summer of 2015 that has since spawned numerous variants. The Ruby Ransomware was first observed in late Spring of 2017 and seems to be in a testing phase currently. The Ruby Ransomware Pretends to be a Game to Induce Its Victims to Download It The Ruby Ransomware was released in the same way as other recently released Trojans such as the Click Me Ransomware, which are advertised as some game. Most ransomware Trojans are distributed through the use of corrupted email attachments or by hacking into victims' computers. In the case of the Ruby Ransomware, this Trojan is being released through the use of an application named...

Posted on May 10, 2017 in Ransomware