Threats - Page 5 category archyve:

Yourhope@airmail.cc Ransomware

Yourhope@airmail.cc Ransomware

One more ransomware infection - Yourhope@airmail.cc Ransomware - has been recently detected in the wild by specialists working at anti-spyware-101.com. They have immediately understood what it is capable of because research has clearly shown that this threat is a brand new variant of Scarab-Bomber Ransomware, a crypto-threat analyzed by specialists not long ago. Speaking more specifically, there is no doubt that this ransomware infection has been developed by cyber criminals to obtain money from users. One of the tactics used to push users into transferring money is locking their personal files. The ransomware infection tries to convince users that their files have been locked due to a security problem, but we can assure you that the main problem you have is the successful entrance of Yourhope@airmail.cc Ransomware. No worries; you will erase this threat yourself manually with our help. Sadly, we cannot promise that it will be very easy to unlock files encrypted by this threat. Paying money to cyber criminals is definitely not what we suggest that you do, but you need to know the truth – there might be no other ways to get files back. This is especially true if you have never backed up any of your files. Read more »

Scrabber Ransomware

Cyber criminals have not stopped developing new ransomware infections on the HiddenTear engine yet because Scrabber Ransomware, a new HiddenTear-based ransomware infection, has been spotted in the wild by malware researchers. It seems that the ransomware infection targets both Russian and English-speaking users because it drops a ransom note in both languages after encrypting users’ personal files. At first glance, it acts as an ordinary ransomware infection; however, unlike ordinary computer threats, it seems that it does not demand money from users who fall victim to it. It only asks them to send a PC name and a user name (these are the same unless there is more than one PC user created). We cannot promise that your files will be unlocked once you do so even though the message dropped on victims’ computers claims that the ransomware infection has not been developed to obtain money from users: “We are not scammers and do not pursue the purpose of collecting money, do not file a complaint against us, please’ (taken from the English version of the ransom note dropped). Cyber criminals will not remove Scrabber Ransomware from the system for you either – you will have to do so yourself. No matter what you decide to do, i.e. whether or not you send the PC/user name to the ransomware developer, do not forget that you must fully remove this infection no matter what. Read more »

Epoblockl Ransomware

Epoblockl Ransomware

Epoblockl Ransomware is a computer infection that can encrypt user and system files. This seems to be one of the many random infections that have been terrorizing users lately. The ransomware program is not prominent enough to draw attention from the media, but it doesn’t mean it is any less dangerous than the notorious WannaCry Ransomware. The bottom line is that you must remove Epoblockl Ransomware from your computer immediately, and by doing so, you have to ensure that similar intruders to do not enter your PC again. Please bear in mind that some of the infection’s consequences might not be reverted. Read more »

LoJax is the First UEFI Rootkit, and It Is a Highly Sophisticated Threat

Do you know what kind of malware might persist even if the infected operating system is reinstalled and the hard disk is replaced? It is UEFI (Unified Extensible Firmware Interface) rootkits. In the past, these rootkits were detected only in internal labs controlled by malware researchers, but LoJax has changed the history. It is the first UEFI rootkit to have been found in the wild. Intel created UEFI to replace BIOS (Basic Input/Output System), and all chipsets should use it by 2020. Unfortunately, that means that anyone could become the target of this malware. The rootkit was found to communicate with C&C servers that belong to Sednit, a well-known cyber-espionage group that is also known by other names, including Fancy Bear, PT28, Sofacy, and Strontium. This group has been active since 2004, and it is known for attacking government-level agencies and organizations. Read more »

Scarab-DD Ransomware

Scarab-DD Ransomware

Scarab-DD Ransomware shows a warning claiming the threat’s victims must contact the malicious program’s developers if they want to get their files back. As you see, the malware encrypts various data with a secure encryption algorithm, which is why once affected it cannot be opened without decryption tools. It is understandable some users might be thinking about complying with the hacker’s demands, but we do not believe it would be wise to do so. After writing to the cybercriminals, you could receive instructions on how to pay a ransom. Needless to say, there are no reassurances these people will hold on to their promises, which means you may lose your money in vain. Because of this we advise erasing the malware and restoring files from backup copies if you have any. To learn how to eliminate Scarab-DD Ransomware manually, you should take a look at the instructions placed below this report. As for more information on the threat's working manner or distribution, you should review the rest of the article. Read more »

EbolaRnsmwr Ransomware

EbolaRnsmwr Ransomware

Ransomware infections are one of those computer threats that apply changes once they infiltrate computers. EbolaRnsmwr Ransomware will apply changes too if it ever slithers onto your computer. Luckily, this malicious application is still in development and thus should not encrypt your files if it ever happens that it successfully enters your computer. Also, this infection is not prevalent, which means that you should not encounter it if you are cautious. Security specialists highly recommend keeping security software installed on the system. Additionally, ignoring all attachments from suspicious emails might considerably lower the chance of encountering EbolaRnsmwr Ransomware. If you have still encountered this threat, it must be removed as soon as possible. Do not worry; it is very likely that it has not encrypted a single file on your computer even though it tries to convince you that “your files got encrypted, what means you can’t use them anymore.” Have you encountered the updated version of EbolaRnsmwr Ransomware that has locked files in all the major directories on your PC? In such a case, you should not rush to pay a ransom to cyber criminals – you have no guarantees that the ransom will fix your problem. In our opinion, the malware removal is the first thing any user who encounters it has to do in the first place. Read more »

Sicck Ransomware

Sicck Ransomware

Sicck Ransomware is a malicious application that encrypts the victim’s data and then threatens to share it on the Internet if the user does not pay the requested amount of Bitcoins in three days. Unfortunately, the asked amount of money is not a small sum, which is why we would not recommend risking it. Especially, when there are no guarantees, the hackers will provide the needed decryption key. Even if they promise to do so and encrypt a couple of files to prove they have the required decryption tools it does not mean they cannot trick you, for example, ask for more money. To learn more about the threat you could have a look at our full article. Moreover, if you choose not to pay the ransom, we advise deleting Sicck Ransomware because it unattended could still be dangerous. At the end of this page, you can find instructions showing how to remove it manually. Naturally, if they appear too challenging, you should leave the task to a legitimate antimalware tool. Read more »

PointRoll

PointRoll might look suspicious to some users, but according to our researchers, it is nothing more than a simple tracking cookie, so there is no need to panic. It can collect various browsing information that later could be analyzed and then used to serve the user targeted advertisements. No doubt, such material can be annoying, and if you do not want the cookie to gather any information about your browsing habits at all, we would recommend erasing it from your browser. The task is not particularly tricky, and if you need any help while removing PointRoll, you can follow the instructions available at the end of the article too. For more information about the cookie, we would encourage you to read our full report. Read more »

xiti.com

xiti.com is a product of XiTi, the company which specializes in digital intelligence solutions. One of these solutions is “collecting reliable, relevant data” that fits special companies’ needs. Research conducted by specialists working at anti-spyware-101.com has shown that the company has a bunch of customers around the world. These include various media companies, e-commerce companies, companies providing financial services, and a great number of public institutions and corporations. Consequently, there must be hundreds of users who have encountered the xiti.com tracking cookie. If you belong to this group, it simply means that you have opened the website that belongs to the company using the service provided by XiTi, or, alternatively, you have clicked on the commercial advertisement produced by it. Either way, this tracking cookie is not dangerous, so it should not cause you any problems linked to your privacy and security. It is not harmful, so it is not a must to remove it too. Of course, it is up to you what to do with it. If you are worried that your privacy might be in danger due to the xiti.com presence on your system, remove it without further consideration. You do not need to be an expert to erase it from the system manually, believe us. Read more »

German Jigsaw .spaß

German Jigsaw .spaß

If you use the German language on your operating system, you are the prime target of German Jigsaw .spaß malware, a malicious file-encrypting infection that was created to make you pay a huge ransom in return for a file decryptor. The ransom is $500, but you are requested to pay it in Bitcoin, which is a highly popular crypto-currency. At the time of research, $500 (if we assume that $ stands for USD) converted to around 0.12 BTC. Of course, you should check the conversion rates yourself because they shift often. Whether you think this ransom is big or small, paying it is a bad idea. If you make the payment to the 1CpnhbLaqLj5NgXwYVQ5aXmrMzvhzjehmm Bitcoin Wallet, your money will be gone forever. Recovering it will not be possible. Unfortunately, that is why cyber criminals are unlikely to give you a decryption key. They simply do not need to, and they cannot be forced to do it. Of course, the choice is yours, and if you decide to take the risk, you are free to do so. If a miracle happens, and your files are restored, do not forget that you must delete German Jigsaw .spaß malware ASAP. Different removal methods are discussed in this post. Read more »