GrodexCrypt Ransomware

First discovered in June of 2017, the GrodexCrypt Ransomware is a ransomware Trojan that is based on Mircop, a ransomware Trojan that had been active in the months prior to the appearance of the GrodexCrypt Ransomware. The GrodexCrypt Ransomware carries out a typical ransomware tactic, encrypting the victim's files using a powerful encryption method and then requiring that the victim pays a ransom to recover the affected files. The GrodexCrypt Ransomware will identify the files compromised in the attack with the string 'Lock.,' which is added to the beginning of each file's name (this is something uncommon since most ransomware Trojans will instead add a new extension to the end of each file's name rather than the beginning). Although not Expensive. PC Users shouldn't Pay the GrodexCrypt Ransomware Ransom The GrodexCrypt Ransomware...

Posted on June 5, 2017 in Ransomware

OoPS Ransomware

The OoPS Ransomware is an encryption ransomware Trojan that is used to extort computer users. The OoPS Ransomware may be delivered to its victims as an attachment contained in spam email campaigns. The OoPS Ransomware is part of a large family of ransomware, with previous variants having been detected previously. The OoPS Ransomware has variants that will encrypt individual files, while other variants will place the victim's files into a password-protected archive. In both cases, the file extension used to identify the encrypted content is '.oops,' which is included to the end of the files' names. This is why the OoPS Ransomware is referred to with this name. Regretfully, as soon as the files have been encrypted in the OoPS Ransomware attack it can be nearly impossible to restore the affected files if there are no backup copies...

Posted on June 5, 2017 in Ransomware

AVBoost Ads

The AVBoost program may be promoted to users as an added security layer that can provide extra security features to users who employ the services of an active AV engine. The AVBoost software may be proposed as a Web filter that can aid you in avoiding insecure pages and help you block connections to known infection sources. You may find the AVBoost program in the company of tools like NetLiker and Protector. AVBoost does not appear to have an official site on the Internet, and PC users may install the desktop app unknowingly by handling a freeware bundle with the 'Express' and 'Recommended' option. You may be lead to believe that AVBoost provides added security but that it not true necessarily. The AVBoost software is an ad-supported service, and it may collect information like your Internet history, downloads log and bookmarks...

Posted on June 4, 2017 in Possibly Unwanted Program

Hackers Blackmail Celebrities and Clients of Plastic Surgery Clinic with Stolen Images

Stooping low appears the be the forte of today's hackers as they continually seek methods to blackmail people, attack computers around the world, and leverage new ransomware all to extort money from their victims ultimately. Over the past few months, according to a report from ABC news, hackers have taken the road to fame in an attempt to blackmail thousands of victims who had been a client of a high-profile European plastic surgery clinic. The hackers attacked the clinic's records through a breach of servers that contained over 25,000 private photographs and personal information of previous clients and later demanded each victim to fork over $2,200 to stop the spread of the material. The stolen data consisted of several nude photos of clients, which includes many celebrities, before and after surgery. The hackers threatened to make...

Posted on June 2, 2017 in Computer Security

Search.starttab.co

The Search.starttab.co is advertised to users as a customized and improved new tab replacement for Google Chrome, Mozilla Firefox and Internet Explorer users. The Search.starttab.co site is associated with the Start Tab a.k.a. Starttab browser extension developed by Polarity Technologies Ltd. You may be familiar with the company's name from software like 'Quick Search' and 'Sonic PDF Converter' that we covered in April 2017. Polarity Technologies Ltd. is a software developer that creates ad-supported browser extensions like HD Radio Player, Directions Express, and a dozen more, which alter the appearance and functionality of your new tab. The services provided with Starttab by Polarity Technologies Ltd. are provided free-of-charge, and you can install the Starttab browser extension without paying a dime. You should read the...

Posted on June 2, 2017 in Browser Hijackers

Powerfulsearch.net

The Powerfulsearch.net portal is presented to Web surfers as a simple and hassle-free search engine. The layout of the page at Powerfulsearch.net consists of a single search field, a 'Search' button, the logo of Powerfulsearch.net, and links to a contacts page and a privacy policy. The Powerfulsearch.net site started to accumulate bad reputation at the end of May 2017 when computer users reported browser redirects to Powerfulsearch.net and ads on their new tab page. An investigation followed the complaints, and it was revealed the Powerfulsearch.net site is connected to a browser hijacker that may be provided to users as a browser add-on named 'Powerful Search.' Also, the Powerfulsearch.net site appears to be registered to the 109.236.87.241 IP address, which is associated with several other browser hijackers. We have identified that

Posted on June 2, 2017 in Browser Hijackers

KillSwitch Ransomware

The KillSwitch Ransomware is an encryption ransomware Trojan that is used to make the victims' files inaccessible. The KillSwitch Ransomware uses the AES encryption to make the victims' files out of reach. However, it is clear to malware researchers that the KillSwitch Ransomware is still under development. The KillSwitch Ransomware was first observed on an online anti-virus scanner. Con artists will submit a threat that is under development as a convenient way of testing whether it can bypass anti-malware measures frequently. Monitoring these sources allows PC security researchers to catch threats like the KillSwitch Ransomware before they can become widespread. This Kill Switch is not Activated Yet The main reason to believe that the KillSwitch Ransomware is still under development is that the KillSwitch Ransomware does not include...

Posted on June 2, 2017 in Ransomware

R3store Ransomware

Malware analysts have received reports of the R3store Ransomware attacks. This is an encryption ransomware Trojan that is based on HiddenTear, a ransomware platform that was made available to the public in 2015 and that has, since then, spawned numerous ransomware Trojans like the R3store Ransomware. This ransomware Trojan, the R3store Ransomware, was first observed on May 31, 2017. It is being delivered using spam email messages that use corrupted email attachments to download and install the R3store Ransomware onto the victim's computer. There are various other ways in which the R3store Ransomware can be delivered to the victims, though, including the use of exploit kits or by hacking into the victim's computers directly. There's Nothing New on the R3store Ransomware Attack The R3store Ransomware uses a typical encryption ransomware...

Posted on June 2, 2017 in Ransomware

Amnesia 2 Ransomware

The Amnesia 2 Ransomware is a ransomware Trojan that seems to be an update of the Amnesia Ransomware, a known ransomware Trojan that claimed hundreds of victims in April of 2017. The Amnesia 2 Ransomware was first observed in early June of 2017 and seems to be delivered to its victims in the same way, through the use of corrupted email attachments delivered using spam email messages. The Ransomware that Turns Your Files Amnesic The original Amnesia Ransomware infection carried out a typical ransomware Trojan tactic, encrypting its victims' files and then demanding the payment of a ransom in exchange for the decryption key. This ransomware Trojan uses a strong encryption algorithm to make the victim's files inaccessible. The main delivery method for this threat was the use of corrupted text files containing macro scripts designed to...

Posted on June 2, 2017 in Ransomware

File Informer Ransomware

The File Informer Ransomware is an encryption ransomware Trojan that was first detected on May 31, 2017. The File Informer Ransomware carries out a typical ransomware Trojan attack, encrypting the victims' files and then demanding a ransom payment by display a ransom note on the victim's computer. The File Informer Ransomware uses the AES encryption to make the victim's files inaccessible. The File Informer Ransomware's ransom amount is $55 USD to be paid using BitCoins. Unfortunately, the files encrypted by the File Informer Ransomware attack are not recoverable. The File Informer Ransomware may be delivered to victims through the use of corrupted email attachments delivered in spam email campaigns. These email messages will use social engineering tactics to trick the victim into believing that the email was sent by a trusted source...

Posted on June 2, 2017 in Ransomware

Crying Ransomware

The Crying Ransomware is a ransomware Trojan that is one of the countless active variants of HiddenTear currently, an open source ransomware platform that first appeared in 2015. There are numerous variants of HiddenTear, which was originally released for 'educational purposes.' Like many other HiddenTear variants active currently, the Crying Ransomware may be delivered to victims through the use of email attachments by using spam email campaigns. There are various ways in which an email attachment can be used to deliver a threat like the Crying Ransomware, including the use of double extensions to hide the nature of the file, hiding the threat in a RAR archive, or using DOCX or PDF files that download and install the Crying Ransomware by using corrupted macro scripts. Once the Crying Ransomware is installed on the victim's computer,...

Posted on June 2, 2017 in Ransomware

Scangoogle.ru

Scangoogle.ru is a site that was registered shortly after we have reported problems related to Googlescan.ru. Evidently, both sitеs feature the same design and operate the same way. It is very likely they are operated by the same company. Scangoogle.ru is associated with cases of browser hijacking and redirects to advertising platforms. Moreover, the Scangoogle.ru site appears to have more than a few clones that include: installday.ru googlescan.ru installgoogle.ru These portals correspond to various IP addresses that include 37.140.192.213 and 37.140.192.178. The Scangoogle.ru browser hijacker is identical in behavior to those involved with Searchbuw.ru, Searchis-cng.ru and Clickforms.ru. These parasites share the same file structure and may use batch files to alter the behavior of browsers like Google Chrome, Mozilla Firefox,...

Posted on June 1, 2017 in Browser Hijackers

Widia Ransomware

The Widia Ransomware is presented as an encryption ransomware Trojan. However, the Widia Ransomware is not an encryption ransomware Trojan but instead, it carries out a screen locker attack, scaring computer users into paying a ransom but it is incapable of encrypting the victims' files. However, updated versions of the Widia Ransomware could be engineering to follow through on their threats and corrupt victims' data in the attack possibly. The main purpose of the Widia Ransomware is to scare computer users into believing that their machines have been infected with an encryption ransomware Trojan designed to encrypt their files. The Widia Ransomware does this to demand a ransom payment from the victim, but merely scares victims and can be removed relatively easily. How the Widia Ransomware may Attack a Computer The Widia Ransomware...

Posted on June 1, 2017 in Ransomware

Donald Trampo Ransomware

Since Donald Trump was elected as president of the United States, PC security researchers have observed numerous ransomware Trojans themed around him and about political circumstances. It also is not uncommon to find encryption ransomware Trojans named or themed after world leaders. The Donald Trampo Ransomware is just the latest in a chain of encryption ransomware Trojans with similar themes that include Trojans such as the TrumpLocker Ransomware, the Sanctions Ransomware, the Angela Merkel Ransomware and the Comrade Circle Ransomware. The Donald Trampo Ransomware was first observed on June 1st, 2017. There is very little to differentiate the Donald Trampo Ransomware from other ransomware Trojans that are being used actively to attack computer users currently. The Donald Trampo Ransomware Infection and Its Consequences The Donald...

Posted on June 1, 2017 in Ransomware

Whatafuck Ransomware

The Whatafuck Ransomware is a ransomware Trojan that is designed to encrypt its victims' data, making it inaccessible, and then demanding the payment of a large ransom to restore the affected files. The Whatafuck Ransomware takes its victims' data hostage until the victims pay a ransom, a typical attack used by most encryption ransomware Trojans. PC security analysts first received reports of the Whatafuck Ransomware infections in May of 2017. The Whatafuck Ransomware seems to be an independent ransomware infection, not part of a larger family of ransomware or a RaaS (Ransomware as a Service) family. The Whatafuck Ransomware attacks seem to be centered in Russia and Russian speaking countries. However, the Internet has no borders, and computers users outside of Russia are equally likely to become infected with the Whatafuck Ransomware...

Posted on June 1, 2017 in Ransomware