Trojans - Page 2 category archyve:

GarrantyDecrypt Ransomware

GarrantyDecrypt Ransomware

GarrantyDecrypt Ransomware is the latest file-encrypting malware to come to the attention of our malware researchers. It attacks operating systems in a covert manner, and most victims do not realize that it exists until all files are encrypted. The infection encrypts files because that is the only thing that its creator can hold over their victims’ heads. If files are important, victims might be more willing to pay a ransom in return for a decryptor. Of course, we only assume that a decryptor is on the table because the ransom note delivered by this infection is very vague. It simply asks to contact cyber criminals. Should you do it? Should you follow their instructions? Should you pay the ransom if it is requested? Should you try to decrypt your files or should you just forget about them now? These and many other questions are answered in this report. In the end, we also discuss the removal of GarrantyDecrypt Ransomware. Our Anti-Spyware-101.com research team has analyzed the threat, and we can offer a few tips that will, hopefully, help you delete it with ease. Read more »

GusCrypter Ransomware

GusCrypter Ransomware is a malicious computer infection that will not allow you to operate your comptue properly. This program will encrypt your files and it will tell you that you must pay the ransom fee to get them back.

Needless to say, paying the ransom fee should be the last thing on your mind because no one can guarantee that wiring the money to these criminals would restore your files in the first place. Your best bet at the moment would be removing GusCrypter Ransomware from your system, and then looking for methods to restore your files using other means. Read more »

GandCrab 5 LOADER

GandCrab 5 LOADER is a threat that could spread the so-called GandCrab 5 Ransomware. The malware is vicious as it encrypts user’s personal data and then leaves instructions on how to pay a ransom. Unfortunately, restoring files without specific decryption tools is impossible, and so if the user does not have any backup copies, the encrypted data might be lost forever. Under such circumstances, we would advise learning more about GandCrab 5 LOADER as it could help you keep away from GandCrab 5 Ransomware. So far our researchers managed to find only one loader that distributed the particular ransomware application, so at the end of the article, you will see instructions showing how to erase it manually. However, there could be other malware’s loaders out there, and so we encourage you to read the rest of our report so you could learn more about them. Read more »

French MoWare H.F.D ransomware

French MoWare H.F.D ransomware

French MoWare H.F.D ransomware is a dangerous computer infection that targets mainly the French-speaking computer users. However, it doesn’t mean that you cannot get infected with this program, too. If this application has found its way into your system, you have opened the right page because we will tell you how to remove French MoWare H.F.D ransomware for good.

Scroll down to the bottom of this description for the manual removal instructions and do not forget that the best way to deal with such infections is prevention. So please consider educating yourself on the ways ransomware apps spread around. Read more »

Matrix-THDA Ransomware

Matrix-THDA Ransomware

Matrix-THDA Ransomware is a threat that drops a text file claiming the user’s files were encrypted because of some server vulnerabilities. The cybercriminals not only claim they can provide the necessary decryption key and decryption software but also offer to help the victim to secure the server/system. However, we would not recommend trusting them as no matter how friendly and polite the ransom note may appear to be, in reality, there are no reassurances they will hold on to their end of the deal. Therefore, what we recommend to those who encounter the malware is deleting it. We believe it is safer to recover files from backup copies. Not to mention, using backup files would be cost-free as Matrix-THDA Ransomware’s creators may ask for a ransom. If you want to learn more before coming up with a decision you should read the rest of this report. For those who have already decided we would suggest completing the steps listed below the article. Read more »

Yourhope@airmail.cc Ransomware

Yourhope@airmail.cc Ransomware

One more ransomware infection - Yourhope@airmail.cc Ransomware - has been recently detected in the wild by specialists working at anti-spyware-101.com. They have immediately understood what it is capable of because research has clearly shown that this threat is a brand new variant of Scarab-Bomber Ransomware, a crypto-threat analyzed by specialists not long ago. Speaking more specifically, there is no doubt that this ransomware infection has been developed by cyber criminals to obtain money from users. One of the tactics used to push users into transferring money is locking their personal files. The ransomware infection tries to convince users that their files have been locked due to a security problem, but we can assure you that the main problem you have is the successful entrance of Yourhope@airmail.cc Ransomware. No worries; you will erase this threat yourself manually with our help. Sadly, we cannot promise that it will be very easy to unlock files encrypted by this threat. Paying money to cyber criminals is definitely not what we suggest that you do, but you need to know the truth – there might be no other ways to get files back. This is especially true if you have never backed up any of your files. Read more »

Scrabber Ransomware

Cyber criminals have not stopped developing new ransomware infections on the HiddenTear engine yet because Scrabber Ransomware, a new HiddenTear-based ransomware infection, has been spotted in the wild by malware researchers. It seems that the ransomware infection targets both Russian and English-speaking users because it drops a ransom note in both languages after encrypting users’ personal files. At first glance, it acts as an ordinary ransomware infection; however, unlike ordinary computer threats, it seems that it does not demand money from users who fall victim to it. It only asks them to send a PC name and a user name (these are the same unless there is more than one PC user created). We cannot promise that your files will be unlocked once you do so even though the message dropped on victims’ computers claims that the ransomware infection has not been developed to obtain money from users: “We are not scammers and do not pursue the purpose of collecting money, do not file a complaint against us, please’ (taken from the English version of the ransom note dropped). Cyber criminals will not remove Scrabber Ransomware from the system for you either – you will have to do so yourself. No matter what you decide to do, i.e. whether or not you send the PC/user name to the ransomware developer, do not forget that you must fully remove this infection no matter what. Read more »

Epoblockl Ransomware

Epoblockl Ransomware

Epoblockl Ransomware is a computer infection that can encrypt user and system files. This seems to be one of the many random infections that have been terrorizing users lately. The ransomware program is not prominent enough to draw attention from the media, but it doesn’t mean it is any less dangerous than the notorious WannaCry Ransomware. The bottom line is that you must remove Epoblockl Ransomware from your computer immediately, and by doing so, you have to ensure that similar intruders to do not enter your PC again. Please bear in mind that some of the infection’s consequences might not be reverted. Read more »

LoJax is the First UEFI Rootkit, and It Is a Highly Sophisticated Threat

Do you know what kind of malware might persist even if the infected operating system is reinstalled and the hard disk is replaced? It is UEFI (Unified Extensible Firmware Interface) rootkits. In the past, these rootkits were detected only in internal labs controlled by malware researchers, but LoJax has changed the history. It is the first UEFI rootkit to have been found in the wild. Intel created UEFI to replace BIOS (Basic Input/Output System), and all chipsets should use it by 2020. Unfortunately, that means that anyone could become the target of this malware. The rootkit was found to communicate with C&C servers that belong to Sednit, a well-known cyber-espionage group that is also known by other names, including Fancy Bear, PT28, Sofacy, and Strontium. This group has been active since 2004, and it is known for attacking government-level agencies and organizations. Read more »

Scarab-DD Ransomware

Scarab-DD Ransomware

Scarab-DD Ransomware shows a warning claiming the threat’s victims must contact the malicious program’s developers if they want to get their files back. As you see, the malware encrypts various data with a secure encryption algorithm, which is why once affected it cannot be opened without decryption tools. It is understandable some users might be thinking about complying with the hacker’s demands, but we do not believe it would be wise to do so. After writing to the cybercriminals, you could receive instructions on how to pay a ransom. Needless to say, there are no reassurances these people will hold on to their promises, which means you may lose your money in vain. Because of this we advise erasing the malware and restoring files from backup copies if you have any. To learn how to eliminate Scarab-DD Ransomware manually, you should take a look at the instructions placed below this report. As for more information on the threat's working manner or distribution, you should review the rest of the article. Read more »