Q1G Ransomware

At the beginning of August 2019, malware researchers spotted a brand-new ransomware threat. Its name is the Q1G Ransomware, and upon further inspection, this threat revealed to be a part of the Dharma Ransomware family. It is a common practice among cyber crooks to base one's ransomware threat on the code of already established file-encrypting Trojans. Propagation and Encryption Cybersecurity experts have been unable to determine with any certainty what infection vectors are involved in the propagation of the Q1G Ransomware. Some believe that the creators of this ransomware threat may be using some of the classic propagation methods – emails that contain infected attachments, bogus application updates, and pirated fake copies of legitimate software tools. If the Q1G Ransomware succeeds in compromising your PC, it will scan it to reveal...

Posted on August 5, 2019 in Ransomware

How to fix "Some apps need to be uninstalled" Windows Update Failure

How to fix

Since launching the Windows 10 Operating System (OS) in 2015, Microsoft has been rolling out one update after another every six months or so. More often than not, you would have no trouble installing those updates on your machine. Every once in awhile, however, you may get a random error message when trying to update your Windows 10 PC. Depending on the message, there may be something – a program, driver, or tool – that is preventing Windows from proceeding with the update. When you get a message which either states that "You need to uninstall a program in order to continue", or "Some apps need to be uninstalled", you are very likely to be dealing with a software compatibility problem...

Posted on August 2, 2019 in Computer Security

Syrk Ransomware

An increasing number of cybercriminals are taking an interest in ransomware threats in particular. This is likely because they are often perceived as a way to make a quick buck at someone else's expense. One of the newest ransomware threats that experts have spotted is the Syrk Ransomware. Propagation and Encryption The propagation method employed by the authors of the Syrk Ransomware is not yet known. Some cybersecurity experts believe that the creators of this data-encrypting Trojan may be using some of the most common techniques for ransomware propagation – fake software updates, pirated copies of legitimate applications, and spam email campaigns containing macro-laced attachments. If you fall for the trickery of the Syrk Ransomware and give it access to your system, this threat will kick off the attack by performing a scan. The...

Posted on August 2, 2019 in Ransomware

SystemBC

Cybercriminals tend to use various EKs (Exploit Kits) to spread all malware types to unsuspecting victims. Often, they use already known exploits in popular software tools. These exploits are usually patched up by the developers of the applications quickly, but users often neglect to update all their software on a regular basis, and this is how they become vulnerable to cyber crooks. Operates Silently Some of the most popular EKs are the Fallout Exploit Kit and RIG Exploit Kit, and they have been spotted to distribute the Amadey Loader and the DanaBot Banking Trojan regularly. Researchers also saw a malware sample that they had not encountered previously. Unlike the Danabot Banking Trojan, it serves a much simpler purpose - to set up a SOCKS5 proxy server on the infected computer. This might not looks like a major issue to the average...

Posted on August 2, 2019 in Malware

Cosakos Ransomware

The Cosakos Ransomware is one of the most recently spotted ransomware threats. When inspected, the Cosakos Ransomware revealed to be a variant of the very popular STOP Ransomware. This is a common practice among cybercriminals – instead of building a file-encryption Trojan from the bottom up they use the code of an already well-established threat like the STOP Ransomware and only slightly change it. Propagation and Encryption Malware researchers have been unable to determine the propagation techniques used by the creators of the Cosakos Ransomware. Some believe that the cyber crooks may have employed some of the most popular infection vectors in the spreading of the Cosakos Ransomware, namely mass spam email campaigns containing infected attachments, bogus application updates and pirated fake variants of popular software. When the...

Posted on August 2, 2019 in Ransomware

LookBack

LookBack screenshot

Recently, there has been a series of attacks targeting various companies and institutions located in the United States and dealing in the utility industry. The attackers use phishing emails to propagate their threat. These emails would claim to be sent by the National Council of Examiners for Engineering and Surveying and are designed to look legitimate carefully and not raise any red flags. The emails would state that the recipient has failed to meet the standards set by the organization. They offer further information on the issue which is supposedly contained in the '. DOC' file, which is attached to the fraudulent email. This appears to be the work of a high-end group of cyber crooks,...

Posted on August 2, 2019 in Malware

MDRL Ransomware

Recently, cybersecurity researchers uncovered a new ransomware threat roaming the Internet. This new data-locking Trojan is called MDRL Ransomware. Upon further inspection, it became clear that the MDRL Ransomware is a variant of the Matrix Ransomware. Propagation and Encryption Malware experts are not certain what infection vectors have been employed in the propagation of the MDRL Ransomware. It is likely that the spam emails containing macro-laced attachments, bogus software updates, and fake copies of legitimate applications may be among the propagation methods used by the authors of the MDRL Ransomware. When the MDRL Ransomware compromises a system, it will first run a scan. The scan is used to determine the locations of the files that will be locked later. The next phase is the encryption process. Once a file undergoes the...

Posted on August 1, 2019 in Ransomware

Rsalive Ransomware

The Rsalive Ransomware is one of the latest ransomware threats that malware researchers have spotted. Once they studied this newly uncovered file-locking Trojan, cybersecurity experts found out that it belongs to the Scarab Ransomware family. Spreading and Encryption It is not yet clear what are the propagation methods employed in the spreading of the Rsalive Ransomware. Some believe that mass spam email campaigns, fake application updates, and pirated copies of popular software tools may be some of the infection vectors employed by the creators of the Rsalive Ransomware. Regardless of the propagation method, once the Rsalive Ransomware infects your PC, the first step of the attack is the scanning of your data. This is done so that the Rsalive Ransomware can determine the locations of the files that it was programmed to target. Then,...

Posted on August 1, 2019 in Ransomware

Monokle

The Monokle malware is a toolkit built to target Android devices and is likely to have been created by a Russian company that deals in the cybersecurity business. This same company has interfered in the 2016 United States Presidential Elections allegedly This is a rather high-end threat, and it appears that its victims tend to be hand-picked high-ranking individuals. Can Access Encrypted Network Traffic . An interesting feature of the Monokle toolkit is that its operators can install a fake security certificate on the compromised device, and then use it as bogus authentication for connections protected by SSL or TLS. This might allow the perpetrators of the attack to access encrypted network traffic, and also to initiate MITM (man-in-the-middle) attacks. Propagated via Fake Applications As with more Android-based malware, the Monokle...

Posted on August 1, 2019 in Malware

Mogranos Ransomware

Malware researchers have uncovered a brand-new data-encrypting Trojan recently. This ransomware threat was given the name Mogranos Ransomware, and when dissected it revealed to be a variant of the very popular STOP Ransomware. Propagation and Encryption Cybersecurity experts have not been able to reach a consensus on how the Mogranos Ransomware is being propagated. Some speculate that the creators of the Mogranos Ransomware may have employed some of the most popular infection vectors used in the spreading of ransomware threats – fraudulent software updates, spam emails containing corrupted attachments, and pirated copies of popular applications. When the Mogranos Ransomware infects your PC, it will first perform a scan. The scan is meant to locate the files that will be encrypted. Then, the Mogranos Ransomware will trigger its...

Posted on August 1, 2019 in Ransomware

Tocue Ransomware

An increasing number of cyber crooks decide to try their luck in creating and spreading ransomware threats. The ones that are highly-skilled are able to build a data-locking Trojan from scratch, but the more inexperienced cybercriminals resort to using the code of already existing ransomware threats only to tweak and use for their own ends slightly. An example of the latter is the newly spotted Tocue Ransomware. This Trojan is a variant of the infamous STOP Ransomware. Propagation and Encryption It is not yet clear what propagation methods have the authors of the Tocue Ransomware used in the spreading of their creation. Some malware researchers speculate that the cyber crooks responsible for the Tocue Ransomware have likely employed mass spam email campaigns, alongside fake software updates and pirated variants of legitimate...

Posted on August 1, 2019 in Ransomware

Infected Ransomware

The Infected Ransomware is a newly uncovered file-encrypting Trojan. When cybersecurity researchers dissected the Infected Ransomware, it became clear that this threat is a variant of the rather popular Aurora Ransomware. Spreading and Encryption It is not yet known what infections vectors have the authors of the Infected Ransomware employed in the propagation of their threat. However, it is likely that emails containing macro-laced attachments, pirated copies of legitimate software, and fraudulent application updates may be among the propagation methods involved in the spreading of the Infected Ransomware. When the Infected Ransomware worms its way in your system, it will scan it so that it can establish the locations of the files, which it was programmed to target. Then, the Infected Ransomware will start encrypting all the data that...

Posted on August 1, 2019 in Rogue Anti-Spyware Program

BS2005

In 2013 the Chinese based hacking group APT15 (Advanced Persistent Threat), also known as Ke3chang, launched a series of attacks against various European government bodies. One of the hacking tools employed in these campaigns was the BS2005 backdoor Trojan. Recently, cybersecurity experts came across the updated variant of the BS2005, which is now called TidePool. This new and improved version of the BS2005 has an improved list of capabilities among which is an update in its ability to spot software used in malware debugging. Propagation via Phishing Emails From 2011 to 2013, the Ke3chang hacking group relied on the BS2005 backdoor Trojan in the majority of their campaigns. Their preferred propagation method was via phishing emails, which would be tailored according to the targeted user's interests. Some were about the presence of the...

Posted on August 1, 2019 in Backdoors

TFlower Ransomware

More and more cyber criminals are taking an interest in the ransomware threats specifically. Data-locking Trojans seem to be perceived as a quick and easy way to make some cash with minimum repercussions. Among the newest ransomware threats detected is the TFlower Ransomware. Spreading and Encryption Since malware researchers have not been able to determine the exact propagation method used in the spreading of the TFlower Ransomware, they are only left with speculations. It is highly likely that the authors of the TFlower Ransomware may be employing some of the most popular propagation techniques out there, namely bogus software updates, pirated copies of legitimate applications, and emails containing infected attachments. Once the TFlower Ransomware manages to infiltrate your system, this file-encrypting Trojan will perform a scan on...

Posted on August 1, 2019 in Ransomware

StoneDrill

The StoneDrill malware is a very potent threat that has were first spotted in 2017. Back then, there was a campaign employing the StoneDrill malware that was launched against a European corporation that deals in the sector of petrochemistry. The StoneDrill malware can serve both as a tool for espionage, as well as a wiper. Also, this threat can be used as a backdoor for the attackers to plant additional malware on the infiltrated host. The StoneDrill malware has several variants that have been identified so far, and they all seem to have various features. Researchers found Persian and Arabic (from the Yemeni region) strings and comments in the code - an unlikely finding since the malware developers are obviously experienced, and should not leave traces of this sort. This might mean that the clues were left on purpose to leave...

Posted on July 30, 2019 in Trojans