Author Archives: Sarah Stewart - Page 26

helpersmasters@airmail.cc Ransomware is not a completely new threat, as research conducted by our experienced specialists has confirmed. It is just a new variant of Scarab-Bomber Ransomware. Without a doubt, it shares some similarities with its predecessor, so it was not hard to learn more about its behavior. It has turned out that the ransomware infection acts just like its predecessor. That is, once it infiltrates users’ computers, it immediately locks files found on them. Ransomware infections encrypt those files that users value the most. Some of these files are documents, images, and music. Crypto-threats no doubt use secure encryption algorithms to lock data on affected computers so that it would be impossible for ordinary computer users to unlock them without the unique key and the special decryptor. Only cyber criminals have them, but do not let them convince you to purchase these tools from them – they might not be sent to you even if you make a payment. In other words, you will lose your money as well. Since you cannot know whether you could unlock your files after you send money to cyber criminals, we suggest that you focus on the helpersmasters@airmail.cc Ransomware removal instead. Once the threat is gone from the system, you could try out alternative data recovery methods, e.g. available automated data recovery tools. Read more »

GandCrab 5 LOADER is a threat that could spread the so-called GandCrab 5 Ransomware. The malware is vicious as it encrypts user’s personal data and then leaves instructions on how to pay a ransom. Unfortunately, restoring files without specific decryption tools is impossible, and so if the user does not have any backup copies, the encrypted data might be lost forever. Under such circumstances, we would advise learning more about GandCrab 5 LOADER as it could help you keep away from GandCrab 5 Ransomware. So far our researchers managed to find only one loader that distributed the particular ransomware application, so at the end of the article, you will see instructions showing how to erase it manually. However, there could be other malware’s loaders out there, and so we encourage you to read the rest of our report so you could learn more about them. Read more »

Matrix-THDA Ransomware is a threat that drops a text file claiming the user’s files were encrypted because of some server vulnerabilities. The cybercriminals not only claim they can provide the necessary decryption key and decryption software but also offer to help the victim to secure the server/system. However, we would not recommend trusting them as no matter how friendly and polite the ransom note may appear to be, in reality, there are no reassurances they will hold on to their end of the deal. Therefore, what we recommend to those who encounter the malware is deleting it. We believe it is safer to recover files from backup copies. Not to mention, using backup files would be cost-free as Matrix-THDA Ransomware’s creators may ask for a ransom. If you want to learn more before coming up with a decision you should read the rest of this report. For those who have already decided we would suggest completing the steps listed below the article. Read more »

Cyber criminals have not stopped developing new ransomware infections on the HiddenTear engine yet because Scrabber Ransomware, a new HiddenTear-based ransomware infection, has been spotted in the wild by malware researchers. It seems that the ransomware infection targets both Russian and English-speaking users because it drops a ransom note in both languages after encrypting users’ personal files. At first glance, it acts as an ordinary ransomware infection; however, unlike ordinary computer threats, it seems that it does not demand money from users who fall victim to it. It only asks them to send a PC name and a user name (these are the same unless there is more than one PC user created). We cannot promise that your files will be unlocked once you do so even though the message dropped on victims’ computers claims that the ransomware infection has not been developed to obtain money from users: “We are not scammers and do not pursue the purpose of collecting money, do not file a complaint against us, please’ (taken from the English version of the ransom note dropped). Cyber criminals will not remove Scrabber Ransomware from the system for you either – you will have to do so yourself. No matter what you decide to do, i.e. whether or not you send the PC/user name to the ransomware developer, do not forget that you must fully remove this infection no matter what. Read more »

Ransomware infections are one of those computer threats that apply changes once they infiltrate computers. EbolaRnsmwr Ransomware will apply changes too if it ever slithers onto your computer. Luckily, this malicious application is still in development and thus should not encrypt your files if it ever happens that it successfully enters your computer. Also, this infection is not prevalent, which means that you should not encounter it if you are cautious. Security specialists highly recommend keeping security software installed on the system. Additionally, ignoring all attachments from suspicious emails might considerably lower the chance of encountering EbolaRnsmwr Ransomware. If you have still encountered this threat, it must be removed as soon as possible. Do not worry; it is very likely that it has not encrypted a single file on your computer even though it tries to convince you that “your files got encrypted, what means you can’t use them anymore.” Have you encountered the updated version of EbolaRnsmwr Ransomware that has locked files in all the major directories on your PC? In such a case, you should not rush to pay a ransom to cyber criminals – you have no guarantees that the ransom will fix your problem. In our opinion, the malware removal is the first thing any user who encounters it has to do in the first place. Read more »