Cerber 6 Ransomware

The Cerber family of ransomware is known for its sophistication and its development of cutting- edge threats technology. PC security researchers have noticed a new variant in this family, the Cerber 6 Ransomware, which first appeared in April 2017. The Cerber 6 Ransomware is being delivered in a wide variety of ways and seems to include new encryption methods and attack strategies. The Threat Presented by a Cerber 6 Ransomware Attack The members of the Cerber family have been near the top of the charts of most widely disseminated ransomware threats. In fact, threats in this family accounted for more than 85% of ransomware infections in the first quarter of 2017. The Cerber 6 Ransomware and its previous variants have been responsible for generating millions of dollars for its creators around the world. One of the reasons why the Cerber...

Posted on May 5, 2017 in Ransomware

PEC 2017 Ransomware

The PEC 2017 Ransomware is a ransomware Trojan that seems to be targeted towards computer users in Italy (judging from its ransom note, which is written in Italian). The PEC 2017 Ransomware is being delivered using spam email messages that may use social engineering techniques to convince computer users into opening a corrupted file attachment. The PEC 2017 Ransomware was first observed in early May 2017 and seems to be an isolated threat rather than belonging to a larger family of threats. How the PEC 2017 Ransomware Attack is Carried Out The PEC 2017 Ransomware may be delivered in corrupted text documents that display the following pop-up message when opened: 'This document contains links that may refer to other files. Do you want to update this document with the data from the linked files?' If computer users agree, the document will...

Posted on May 5, 2017 in Ransomware

Lockify Ransomware

The Lockify Ransomware is a ransomware Trojan that is designed to attack computers with the Windows operating system. First observed on May 4th, 2017, the Lockify Ransomware is being delivered through corrupted email attachments. Victims will receive spam email messages containing attached DOCX files that use macros to execute a corrupted code on the victim's computer. When victims open the corrupted DOCX file, the Lockify Ransomware is downloaded and installed on the affected computer. The Lockify Ransomware is based on HiddenTear, a well-known open source ransomware engine that has spawned countless ransomware variants. The PC User will Notice the Lockify Ransomware's Actions Too Late The Lockify Ransomware will run in the background, using little memory resources to remain undetected. The Lockify Ransomware executable file can take...

Posted on May 5, 2017 in Ransomware

Clouded Ransomware

The Clouded Ransomware Trojan was first observed on May 3, 2017. The Clouded Ransomware is being delivered through corrupted spam email attachments, which typically take the form of Microsoft Word documents that use corrupted scripts to download and install the Clouded Ransomware on the victim's computer. Because of this, the best way to prevent attacks like the Clouded Ransomware is to exercise caution when handling unsolicited email attachments, and a good spam filter that can prevent these corrupted email messages from arriving in the victim's email inbox to be opened. The Clouded Ransomware is based on the HiddenTear project, an open source ransomware engine released in Summer of 2015 for 'educational purposes.' Since its release, HiddenTear has spawned countless variants, which include the Clouded Ransomware, released nearly two...

Posted on May 5, 2017 in Ransomware

Cry128 Ransomware

The Cry128 Ransomware is a ransomware Trojan that is a variant of Crypton, a ransomware family that includes the recently released Cry9 Ransomware variant. The Cry128 Ransomware and its variants are being delivered by attaching corrupted macro-enabled files to spam email messages. These files exploit a vulnerability in Windows that allows con artists to download and execute threats onto the victim's computer. The Cry128 Ransomware seems to be targeted towards English speakers and will encrypt the victim's files to demand the payment of a ransom. The Cry128 Ransomware Attack Like most ransomware Trojans, the Cry128 Ransomware is designed to infiltrate a computer and take the victim's files hostage, encrypting them using a strong encryption algorithm. Among the many file types that the Cry128 Ransomware will encrypt, the following are...

Posted on May 5, 2017 in Ransomware

CTF Ransomware

The CTF Ransomware is a ransomware Trojan that was the result of a 'Catch the Flag' competition. Programmers had a competition to create a fully functional ransomware Trojan in the shortest possible time. The CTF Ransomware was first observed in May of 2007. Unfortunately, the results of this competition are being used to carry out attacks on victims. The CTF Ransomware is being delivered using corrupted spam email attachments currently. These email messages may be disguised as notifications from messaging companies like FedEx of UPS, with messages such as the following: 'Hello, We have delivery problems with your parcel #7315475325 Please, open the attachment for more details' Opening the attachment allows a macro-enabled file to run, which downloads and executes the CTF Ransomware's executable file. The CTF Ransomware Works Very...

Posted on May 5, 2017 in Ransomware

nJoy Movies Search

The nJoy Movies Search browser extension for Google Chrome is deemed as a Potentially Unwanted Program (PUP) that is an ad-supported software, which you can find at Njoyapps.com. The nJoy Movies Search software can be seen under the names nJoyMovies Now and nJoyMovies Search Plus as well. The nJoy Movies Search extension is delivered to computers via software bundles primarily. The nJoy Movies Search widget is not part of the Top 50 extensions at the Chrome Web store, and most users may not be familiar with the app. The nJoy Movies Search app is developed by a company titled nJoyApps, and it appeared to be almost identical in functionality and named to the MyMovie Start browser extension by myAppline found at Myappline.com/utilities/moviesearch/. Both apps are reported to redirect users to content on GoMovix.com and aim to appeal to...

Posted on May 4, 2017 in Possibly Unwanted Program

MyFileConvert by MyWay

The MyFileConvert by MyWay software is packed as a browser toolbar under the MyWay family of apps, which are created by Mindspark Interactive Network Inc. The MyFileConvert by MyWay Toolbar is owned and operated by Mindspark Interactive Network Inc. as an ad-supported and free-to-use service, which is available to Google Chrome, Internet Explorer and Mozilla Firefox users. The MyFileConvert by MyWay software is made available via Free.myfileconvert.com/index.jhtml, the Chrome Web store, free extension platforms, and free software bundles but it lacks a page on the Firefox Add-Ons platform. The MyFileConvert by MyWay Toolbar is said to enable users to convert PDF, DOC, TXT, RTF, XLS, PPT, BMP, JPG, TIFF and AZW files. The services of MyFileConvert by MyWay require only a browser to run. Thus, the MyFileConvert by MyWay app is available...

Posted on May 4, 2017 in Possibly Unwanted Program

Find Pro Ads

The Find Pro browser extension that Web surfers may be urged to install after clicking on an ad is not perceived as a recommended software. At the time of writing, the Find Pro extension was installed by 2,366 according to its Chrome Webstore page, but it may have a bad reputation because it is adware. The Find Pro adware is promoted as a budget-friendly extension that is supposed to help you discover amazing opportunities while shopping online. However, it does much more, and you may not like what follows. The Find Pro adware may be advertised on several sites registered to the 185.181.103.166 IP address that include: apps-featured[.]net browser-web-store[.]net featured-extensions[.]net find-pro.browser-web-store[.]net The Find Pro adware might keep a record of the pages you visit and content you engage in. Additionally, the Find Pro...

Posted on May 4, 2017 in Adware

FailedAccess Ransomware

The FailedAccess Ransomware is a ransomware Trojan that uses encryption to force computer users to pay large ransoms. This is a typical approach to a tactic that has become very common in the last few years. The FailedAccess Ransomware was first observed in late April 2017. Malware researchers suspect that the FailedAccess Ransomware is a work in progress since various of its elements seem to be part of a test version submitted to online anti-virus scanners (an approach often taken as a way of testing whether newly developed threats can bypass security detection). The FailedAccess Ransomware Trojan's Test Version While a finished ransomware Trojan will encrypt the contents of the victim's hard drives, the version of the FailedAccess Ransomware that has been uncovered by PC security researchers limits its attack to a single directory:...

Posted on May 4, 2017 in Ransomware

Cryptoboss Ransomware

The Cryptoboss Ransomware is a ransomware Trojan that is used to extort computer users. The Cryptoboss Ransomware may be delivered through corrupt email attachments, which use compromised scripts to download and execute bad code on the victim's computer. The Cryptoboss Ransomware, like most other ransomware Trojans, is designed to encrypt the victim's files using a strong encryption algorithm, and then demand the payment of a large ransom. Malware analysts strongly advise computer users to refrain from paying the Cryptoboss Ransomware ransom. It is clear that the people responsible for the Cryptoboss Ransomware attack cannot be trusted to keep their word and decrypt the victim's files after payment. Even if they do decrypt the files, paying these ransoms allows them to continue creating and developing threats like the Cryptoboss...

Posted on May 4, 2017 in Ransomware

vCrypt1 Ransomware

The vCrypt1 Ransomware seems to be a stand-alone ransomware threat rather than belonging to an established family of threats. The vCrypt1 Ransomware has some obfuscation features that allow it to avoid detection and removal by anti-virus programs. The vCrypt1 Ransomware also will detect whether it is present in a virtual environment or debugger as a way to prevent PC security researchers from analyzing it. The vCrypt1 Ransomware carries out a typical ransomware attack, encrypting the victim's files and then demanding the payment of a ransom. The files encrypted by the vCrypt1 Ransomware are easy to recognize because of the file extension '.vCrypt1,' which is added to the end of each affected file's name. How the vCrypt1 Ransomware Carries out Its Attack The vCrypt1 Ransomware may be delivered to the victims' computers through the use...

Posted on May 4, 2017 in Ransomware

Devious Google Docs Phishing Scam Attacks Millions of Users

Just as the sun rises every day, hackers wake up on the wrong side of the bed ready to attack computer users around the world with the latest and greatest scheme. Unfortunately, this week, hackers have taken to Google to utilize an aggressive and rather sneaky phishing technique to gain access to user's Google Docs and Google Drive accounts potentially affecting millions of users. The recent phishing scam is one that could compromise your account where Internet users from all ends of that nation are being spammed with a malicious invitation to log into their Google accounts. The sneaky and devious part of this attack is that it uses a clever login screen, one that lacks the telltale signs of it being a phishing attack or one that draws suspicion among everyday computer users. As an example, the attack appears to display a login screen...

Posted on May 4, 2017 in Computer Security

RSAUtil Ransomware

The RSAUtil Ransomware is a ransomware Trojan that is used to extort computer users. The RSAUtil Ransomware will encrypt the victims' files and then demand the payment of a ransom. Computer users have reported the presence of a poorly-spelled pop-up message associated with the RSAUtil Ransomware. The following is the text contained in the RSAUtil Ransomware's pop-up message: 'Hello my friend! All files on your PC encryphted! my email: helppme@india.com or hepll 112@aol.com' The Unfriendly Work of the RSAUtil Ransomware Trojan The RSAUtil Ransomware is written in Delphi, which allows extortionists to modify the RSAUtil Ransomware easily and integrate this ransomware Trojan with the Windows operating system. The RSAUtil Ransomware's intended victims seem to be individual computer users and small businesses. The most common way in which...

Posted on May 3, 2017 in Adware

Mordor Ransomware

The Mordor Ransomware is a ransomware Trojan that is used to blackmail computer users, keeping their files locked and then demanding the payment of a ransom. The Mordor Ransomware receives its name because it uses certain imagery from The Lord of the Rings in its attack. The Mordor Ransomware's payment portal includes an image of the iconic Eye of Sauron from this book series and movie franchise. Apart from its branding, though, there is little to differentiate the Mordor Ransomware from the numerous other ransomware Trojans that are being used to carry out attacks against computer users currently. The Mordor Ransomware – A Fictional Name for a Real Threat The Mordor Ransomware was first uncovered in the first week of May 2017. The Mordor Ransomware will mark the files it encrypts with the file extension '.mordor.' The Mordor...

Posted on May 3, 2017 in Ransomware