GandCrab-3 is a new offspring of notorious GANDCRAB V2.0 Ransomware which, like the previous one, aims to take over your personal data. For this, it uses combo AES-256 and RSA-2048 encryption algorithms that randomly creates a unique key for each user. During encryption, virus adds .CRAB extension to all infected files.
HPE iLO is a new ransomware-type virus that encrypts data on server systems HPE iLO 4. Notably, the distribution method is very different from many similar viruses. To get into victims’ computers, cybercriminals exploit remote control system (HPE Integrated Lights-Out). After this, they mount malicious ISO image into computers, by opening which, the encryption process is activated.
Search.montageobox.com is a browser hijacker that spoils your browser with pop-up ads and redirects. While Search.montageobox.com looks like an ordinary search engine, in fact it’s just a site that redirects all your search queries to Yahoo.com. More than that, it generates a lot of advertising in form of pop-up ads, banners, coupons, and so on.
STOP is the name of the virus that encodes files on the infected computer thus making them unavailable for users. Combination of AES and RSA-1024 encryption algorithms are used for this purpose. During encryption, it appends STOP (or .SUSPENDED, .WAITING) extension to all infected files and creates TXT file (!!!YourDataRestore!!!.txt) that contains ransom-demanding message.
You may see “Google Chrome Critical ERROR” error message while browsing in the presence of potentially unwanted program on your system. Scammers exploit credulity of users to make them pay money literally for nothing. This message says that your sensitive information is under the threat and to prevent identity theft, you are advised to call the “tech support”.
TheSearch is a browser extension that supposedly can improve user’s searching experience. In fact, it’s created to collect information about users’ browsing habits and provide them advertising content based on the data. Developers gain revenue for each click on the ad link so they don’t care about your security and privacy.
Jijitel.net/cl is an advertising domain redirecting users to various ad-supported and scam pages. The new tabs may show up whether your browser is launched or not and the main culprit responsible for this is an adware. It may come up on your computer after you open the executable file downloaded from a dubious site.
Spartacus is a cryptovirus that demands a ransom in exchange for your files. The malware spreads mostly via spam emails with attached SF.exe file and if you accidentally launch executable file, virus will start to infect your system. It scans your system to find more sensitive files like documents, photos, videos and so on. All sensitive files is encoded and gets .Spartacus or [MastersRecovery@protonmail.com].Spartacus extension, for instance, “mydoc.doc” will turn into “mydoc.doc.Spartacus”.
Tron is a virus that instantly encrypts files once it gets on victim’s computer. Notably, the malware only targets computers outside Russia, suggesting that Tron is yet another offspring of Russian hackers. During the encryption procedure, each infected file gets .tron extension, for instance, “mydoc.doc” will turn into “mydoc.doc.tron”. Then, it displays a lock screen containing information about the amount of ransom.
Java NotDharma is a cryptovirus, the activity of which took place at the mid-April 2018. The malware got its name due to the similarity to infamous Dharma Ransomware, incidentally, many computer experts initially thought it’s just a new version of Dharma, however, this was not confirmed later. While encrypting, virus adds .java extension to all infected files. For example, “mydoc.doc” will turn into “mydoc.doc.java”.
