GandCrab attacks might stop in the near future

GandCrab ransomware is the first to accept DASH cryptocurrency

GandCrab is a dangerous cyber threat which is designed to encrypt important files on the targeted computer and demand a ransom. Victims are asked to pay 1.54 DASH within four days, or the amount of the payment will double. The information about the data encryption is presented in GDCB-DECRYPT.txt file which is considered to be the ransom note.

Since people whose computers are infected with GandCrab ransomware are unable to open files with .gdcb extension, they start feeling desperate and agree to make the transaction. However, such actions only motivate the criminals to invent new versions of their malicious programs.

Likewise, you should NOT pay the ransom under any circumstances. Note that the experts have not only developed an official GandCrab decryptor but also there are alternative data recovery methods which might help you get back the access to the encrypted files. Likewise, the era of this file-encrypting virus might come to an end.

Criminals hurried to release a new version of the ransomware — GandCrab2

Shortly after GandCrab hit the cyberspace, its developers upgraded the original version to GandCrab2. Even though both of the file-encrypting viruses are based on the same source code, there are slight changes which allow us to differentiate those two variants. Fortunately, both of them are decryptable with a professional decryption software.

The easiest way to recognize GandCrab2 ransomware is by the file extension it uses to lock the data — .CRAB. Additionally, the victims are no longer asked to pay an enormous 1.54 DASH ($1200) ransom for the decryptor. Now, the amount of the payment has decreased to $500 in DASH cryptocurrency.

Also, the information on how to decrypt files encoded by GandCrab2 is delivered in the same CRAB-DECRYPT.txt ransom-demanding message. However, remember that both versions of this cyber threat are decryptable with an official software which is generated by professional IT experts. Thus, you do NOT need to pay the criminals.

Ways how crypto-malware reaches its victims’ computers

Ransomware infections are highly sophisticated ones, so they usually do not act alone — the file-encrypting virus enters the targeted system with the help of RIG and GrandSoft Exploit kits. They are developed to identify vulnerabilities in the system and help infiltrate ransomware.

If you believe that such software was remotely infused into your computer, you are wrong. Usually, criminals send fake spam emails which hold a malicious attachment. Unfortunately, those letters look innocent, and people are often lured into clicking on file. This is the moment when the bogus program is delivered to your system.

Additionally, hackers try to create websites which insist on downloading fake Chrome Font Pack Updates to view the full content of the site. Sadly, this is another trick to make you manually install a malicious program on your system. Therefore, experts recommend you to pay extreme attention when browsing the Internet.

Learn how to uninstall GandCrab virus and recover your data

Since GandCrab decryptor is already here, there is no need to keep the virus on your system or agree to pay the ransom. On the contrary, you must get rid of it as soon as possible to start data recovery. However, we want to warn you that it is a complicated procedure and you should get assistance.

If you don’t have time to meet an IT specialist you can remove GandCrab with the help of the elimination instructions. Although, they might be tricky so you should not skip steps and read them attentively to avoid any further damage to your operating system.

Additionally, in case after GandCrab removal you are still unable to use the decryption software, try alternative recovery ways which are presented together with the elimination guidelines. We hope that the decryptor will help to bring this ransomware down.

Things to consider before using Wikibuy

Wikibuy is an extension which offers cheaper alternatives to your purchases

If you are looking for a shopping assistant, WikiBbuy may have caught your eyes. This Google Chrome browser add-on is a quite popular tool that helps to save money when shopping online.

Wikibuy is a comparison service which looks up the internet for a better deal for you. For example, if you are looking for a sofa on Amazon, the pop-up shows you a better deal somewhere else. Additionally, Wikibuy searches for coupons and offers that might be offered online by the original retailer and presents them to you to apply.

Developers of this shopping assistant also thought of other useful features, such as Wikibuy Checkouts which allows purchasing in different e-shops without having to log in to their accounts, filling forms and letting retailers know your personal information.

Moreover, users are offered order tracking feature, money back guarantee and loyalty rewards. All of these features are not unique. However, this basic functionality allows trusting the developers and trying their free application.

The service is free, and the developers generate revenue whenever a customer chooses the item suggested via Wikibuy extension. Therefore, you will not find this extension causing intrusive ads or redirects. However, users report about this extension is not as good as promised.

Downside of Wikibuy: doing your research might help to save more money

Wikibuy developers claim to have over 1 million happy customers. However, the reviews and comments online reveal that not all users are very pleased with this Chrome extension. Among negative opinions are:

  • the add-on does not tell where you can get the same goods for the lowest price;
  • longer shipping time compared to buying directly from buying directly from specific e-shops;
  • data tracking and sharing that might put user’s privacy at risk.

According to some users, developers of the add-on are not genuine. This shopping assistant does not provide the lowest price in the market. Some reports tell that doing your researcher helps to save more money than relying on Wikibuy.

The latter situation seems to be related to developer’s participation in affiliate marketing programs. It means that they get revenue if Wikibuy users buy a specific “low-priced” product. This activity makes developers look untrustworthy.

Another serious problem with Wikibuy is that it keeps a whole bunch of personal and non-personal information. According to the Privacy Policy, the following information is tracked and recorded:

  • User-provided information;
  • Cookies and automatically collected information;
  • Location information;
  • Third-party web beacons and third party buttons;
  • Information from other sources;
  • Payment information;
  • Transaction data.

What is more, aggregated details might be shared with affiliates. As a result, you might start noticing a bunch of ads based on your recently search items or bought products. However, interest-based ads might be not only annoying but in some cases dangerous too, for instance, they might redirect to phishing or infected websites.

Things to remember if you decide to install and try Wikibuy

Just like many other programs and browser add-ons, Wikibuy has its pros and cons too. If you are a user who takes his or her privacy seriously, probably you won’t consider installing it to your browser and testing it out.

Otherwise, you might just give this free extension a try. However, if you decide to use it, we want to remind that you should be careful. First of all, make sure that you are installing safe and legit Wikibuy extension. For this reason, you have to install it from the official website, Chrome app store or iTunes.

Note that this extension is not compatible with Safari, Mozilla Firefox or Android operating system. Thus, if you find offers to download such versions of Wikibuy, you might be targeted by the cyber criminals.

Additionally, be careful with ads that you notice online. Do not rush to click them. Offers that seem “too good to be true” typically are not real and designed to get your click only. Additionally, if you decide not to show through Wikibuy, make sure that you are not on a phishing website.

Finally, when shopping online, you should always do your research before entering your personal information and paying for the good. All free shopping assistants might have the same problem – their financial wealth might depend on affiliates. Hence, they might not be very honest with you.

Chrome Search browser hijacker and its versions keep actively spreading in the cyberspace

Chromesearch.win virus is nothing more than an impersonator of Google Chrome

Chromesearch.win operates as a fraudulent search directory which is remarkably similar to Google Chrome. In other terms, it aims to imitate this famous search engine to trick users into believing its legitimacy. While there are numerous claims about how this unreliable program respects your privacy, research shows the opposite — it collects private details related to your browsing sessions on purpose.

We want to warn you not to fall into the trap of an attractive description because the authors of Chrome Search explicitly point out that this is the privacy-respecting program. However, if you attentively check the Privacy Policy, its developers state that they save the personal information you provide them despite whether it happened on their request or not. Likewise, you have no guarantees that your private details will not be sold to third-parties or misused in other ways.

Note that any of the browser hijacker versions mentioned below and those still not identified, perform similar or exact activities which might put your privacy and computer security at risk. Therefore, you should remove ChromeSearch.win right away and do not believe in the fraudulent claims about its usefulness.

The activity of Chrome Search and its versions

It is essential to mention that currently, Chromesearch.win virus is on the rise. Experts have successfully identified Clean My ChromeCleanserp.net, and Chromesearch.today as the offsprings of the mother program. Additionally, ChromeSearch.club is the newest variant which has reached the cyberspace at the beginning of December. This rapid development indicates that users should not expect this browser hijacker to stop taking over their browsers.

Furthermore, once the browser hijacker enters the system, it takes over, such popular browsers as Google Chrome, Mozilla Firefox, Internet Explorer, Safari, etc. In other terms, every time you open a new tab/window or click on your homepage, you are redirected to hxxp://chromesearch.win/.

You should not let these browser modifications to slip through since after ChromeSearch hijack happens, its developers gain full access to collect various information which might be misused to deliver annoying and intrusive ads. They look genuine and attractive. Likewise, people are lured into clicking on one after another.

Also, be aware that ChromeSearch redirect is another potentially dangerous action since it might lead you to highly suspicious websites which increase the risk of getting infected with malware. Thus, avoid clicking on any types of advertisements that appear among the query results displayed by this fake search engine.

We highly recommend you to complete ChromeSearch.win removal right after you notice its presence. Note that the easiest way is to employ a professional security software to help you with different and more sophisticated variants of this potentially unwanted program. Do not hesitate and clean your computer from browser hijackers!

Learn how this PUP stealthily enters your system

While you can manually install Chrome Search extension on the Chrome Web Store, you can also unconsciously let it to your computer without notice. Developers of such browser hijackers aim to take advantage of people who are in a rush and infuse the PUP into the installers of free applications.

Likewise, if the user opts to finish the download/installation procedure as soon as possible, he or she picks Quick/Recommended settings which do not show the hidden PUP inside. Thus, we recommend you to pay more attention to this process and choose Advanced/Custom options. It is vital to de-select the marks which have been selected before and allow to install the potentially unwanted program.

Additionally, you should scan your computer afterward and make sure that the security software will perform Chromesearch.win removal if necessary. This way you will fully protect not only your privacy but computer security as well.

 

Necurs botnet helps spread Scarab ransomware via spam emails

The developers of Scarab ransomware employ Necurs botnet for distribution

While the infamous Necurs botnet was staying silent for some time, on November 23, it came back sending 12.7 million spam emails in the first several hours. According to the analysts, they were used to spread Scarab ransomware virus. The crypto-malware campaign started its malicious activity at 7 in the morning and continued until 1.30 p.m.

Previously Necurs was spotted spreading the following computer infections:

  • Locky ransomware;
  • Dridex Banking Trojan;
  • GlobeImposter virus;
  • Jaff ransomware.

Spam emails: ransomware disguises under the deceptive name

The victims report that they have received a letter with the subject line “Scanned from [printer company name]” which contains a 7zip attachment. Once the credulous computer user clicks on it, the VBScript downloader connects to the network and drops %Application Data%\sevnz.exe file which is the executable of Scarab virus.

Note that the same delusional email name was used to trick gullible people in Locky campaign. Therefore, it was easy for the IT experts to track the links to Necurs botnet.

Cybersecurity analysts found out that the majority of the email letters were sent to the .com, .co.uk, .com.au, .fr, .de, and .org addresses. In other terms, the most affected countries by Scarab ransomware are USA, UK, Australia, France, and Germany. However, it doesn’t indicate that computer users living elsewhere shouldn’t be cautious of the file-encrypting virus.

Scarab ransomware: encrypts data and asks for a ransom in exchange for recovering files

Scarab virus functions as any other ransomware — it encodes the most commonly used documents and files to swindle money from desperate computer users. Once it infects the system, the corrupted information is marked with a .[suupport@protonmail.com].scarab file extension. Moreover, the folders containing the compromised data also possess a IF YOU WANT TO GET ALL YOUR FILES BACK, PLEASE READ THIS.TXT file which serves as a ransom note.

Besides, Scarab modifies the registry entries to autostart every time the victim turns on his or her computer. The alterations are the following:

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce;
  • uSjBVNE = “%Application Data%\sevnz.exe.

IT technicians noticed that the word support was misspelled both in the file extension and in the ransom message. Likewise, it is believed that there are numerous email addresses used by Scarab ransomware to collect the demanded money. Besides, the .txt file provides an alternative way to contact the criminals — BitMessage. It raises an assumption that the email address might soon become unavailable.

After the successful infiltration the Scarab ransomware proceeds with the following commands:

  • cmd.exe /c vssadmin Delete Shadows /All /Quiet;
  • cmd.exe /c wmic SHADOWCOPY DELETE;
  • cmd.exe /c bcdedit /set {default} bootstatuspolicy ignoreallfailures;
  • cmd.exe /c wbadmin DELETE SYSTEMSTATEBACKUP -keepVersions:0.

Learn how to protect yourself from ransomware attacks

If you want to avoid not only Scarab virus but other ransomware as well, you should carefully monitor your browsing experience. It is important always double-check the files you attempt to install or emails you are going to open. Pay attention to the small details which indicate that the malicious program may hide inside — it can either be the unknown sender or a vague message. Despite what it says, avoid opening email letters from people you don’t know. Instead, delete them immediately.

Another great method to decrease the risk of malware infections is to do not get tricked to click on various advertisements. Note that they might appear as banners, in-texts or pop-ups. Usually, they also look genuine and offer great deals or effective system optimization tools. Do not fall into the trap of the hackers and never download software which is annoyingly pushed through ads.

Experts suggest using a professional antivirus system as well. It is important to update it regularly and scan the files you want to download beforehand. This way you will not only protect your system’s security from high-risk computer infections but also your privacy from banking trojans.

 

 

Developers of Zeus Panda virus present new distribution strategy

Zeus Panda virus used SEO to attack users

Security researchers warn about new and clever Zeus Panda virus distribution campaign. Developers of the malicious program used Search Engine Optimization (SEO) for poisoning specific financial and banking-related keywords. In order to succeed, crooks compromised business websites first to rank high in Google search results.

Zeus virus is known since 2017. However, for almost a decade new variants of the malicious program are emerging and trying to steal personal information about users. The Zeus Panda, or Panda Banker, virus has been detected in 2016. However, researchers from Cisco’s Talos reported about new distribution campaign at the beginning of November.

According to the report, criminals used a combination of SEO, compromised legit websites and malicious Word macro commands to install data-stealing malware on victim’s computer. Security researchers tell that malware targeted users of  these banks:

  • Nordea Sweden,
  • the State Bank of India,
  • India’s Bank of Barodia and Axis Bank,
  • the Commonwealth Bank of Australia,
  • Saudi Arabia’s Al Rajhi Bank.

Previously, Panda trojan targeted Australian and British banks. However, the interesting fact is, that malware uses geo-filtering. Once it gets inside the device, it checks computer’s language settings. The virus does not launch its activities if the default language is Russian, Ukrainian, Belarusian or Kazakh.

Criminals sophisticated and well-prepared attack

First of all, the attackers compromised legit business websites in order to rank higher in Google search. Then attackers poisoned specific keywords that were supposed to redirect to corrupted sites. According to the research, criminals managed to show their malicious results several times in Google results page when users entered these keywords:

  • “nordea sweden bank account number”
  • “how many digits in karur vysya bank account number”
  • “free online books for bank clerk exam”
  • “al rajhi bank working hours during ramadan”
  • “how to cancel a cheque commonwealth bank”
  • “free online books for bank clerk exam”
  • “salary slip format in excel with formula free download”
  • “bank of baroda account balance check”
  • “axis bank mobile banking download link”
  • “bank guarantee format mt760”
  • “sbi bank recurring deposit form”

The compromised websites included a malicious JavaScript code to initiate redirects until a macro-enabled document is installed on the system. Once opened, the document asks to enable macros to view the content. Indeed, clicking “Enable Content” button leads to the installation of Zeus Panda virus.

Developers of Panda Trojan used traditional malware distribution methods before

Since the appearance of Zeus Panda malware, authors tried several distribution methods until they came up with the idea to rely on SEO. They spread the trojan via malicious spam emails and three exploit kits – Angler, Nuclear and, Neutrino.

However, the malspam campaigns also included Word document that downloaded malware executable on the system. Other campaigns exploited CVE-2014-1761 and CVE-2012-0158 vulnerabilities to attack media and manufacturing corporations.

Magniber, Losers, Matrix ransomware keep attacking computer users

Crooks focus on distribution of Losers, Magniber and Matrix ransomware

Matrix, Losers and Magniber ransomware on a rise in November 2017

Security experts discovered cybercriminals boosting the distribution of well-known Matrix, Magniber and Losers ransomware again. Hackers came back employing even more successful methods to trick users into downloading the executable files of the viruses.

We have encouraged you to take precautionary measures before, but this time you have to be extremely careful. Cybercriminals have swindled enormous amounts of money from gullible people before, and they sure won’t stop now. Thus, check the key features and distribution methods explained below and make sure to protect your system from ransomware attack.

Matrix malware takes advantage of the Rig exploit kit

Matrix virus is designed to infiltrate on victim’s computer by disguising as a fake FBI alert. As soon as it reaches the system, it starts encrypting data. Later, it drops a matrix-readme.rtf file providing further information and urging to contact the attackers via matrix9643@yahoo.com or redtablet9643@yahoo.com e-mail addresses. Victims report being demanded to pay a ransom to recover their data.

Developers of the malware employ sophisticated AES+RSA ciphers to make the files inaccessible and swindle money from desperate computer users. Experts recently spotted an increase in the distribution rate due to the usage of RIG exploit kit, which helps to detect system vulnerabilities and successfully infiltrate the Matrix ransomware.

Losers ransomware continue its malicious activity via fake DVD burning software

2-spyware.com experts report receiving many asks for help from the victims of Losers malware. This file-encrypting virus spreads as a fake DVD burning program called Burn4Free and encrypts data on the victimized computer. You can quickly recognize it from .losers file extension appended at the end of the filename.

Victims receive a ransom note in the form of HOWTODECRYPTFILES.txt file and are insisted on paying the ransom in Bitcoins for a decryption key. Since hackers already made considerable amounts of profit, we believe that they came back for even more. Thus, you should not consider paying the demanded amount of money as an option.

Magniber crypto-malware offers to purchase My Decryptor for 0.2 Bitcoins

Developers keep releasing new versions of the virus to create new methods of distribution. Magniber malware infiltrates on the computer with the help of Magnitude exploit kit and encrypts data on the system using AES algorithm. The latest extension marks detected are .skvtb, .vbdrj, .ihsdj, .kgpvwnr and .fprgbk.

But you should be aware that once the criminals decided to renew virus activity, they will create new extensions and ransom notes to confuse people and swindle money. Currently, the ransom note is displayed in READ_ME_FOR_DECRYPT_[id].txt file and attackers demand 0.2 Bitcoins for a decryption tool called My Decryptor.

Precaution measures are necessary to resist the new flow of ransomware attack

Cybercriminals work for a reason — they want more illegal profits. Thus, you should never trust them and decline all offers. Instead, focus on the ransomware removal and try to restore your files using backups.

Tips to avoid ransomware attack:

  • Use a reliable security software and make sure to update it regularly;
  • Enable the function on your computer automatically storing backup copies in the cloud;
  • You can also save them on other external storage devices, just don’t forget to unplug them from the computer;
  • Enable System Restore function to use alternative recovery methods in case of attack.

Bad Rabbit ransomware: tips to avoid the latest version of Petya

New variant of Petya emerged – Bad Rabbit ransomware virus

On the 24th of October, the new version of Petya ransomware was reported to attack Russian and Ukrainian organizations. Petya is known for attacking Ukraine companies and public sector. However, this time the recently discovered Bad Rabbit ransomware hit harder Russia.

According to the latest information, Bad Rabbit virus attacked Kiev Metro and Odessa International Airport. Even though there’s still not a lot of information about the damaged caused to these infrastructure’s systems, the attack is warning sign to all organizations and companies to make sure that their systems and networks are protected.

Additionally, reminding employees security tips is also recommended. The current version of Petya virus spreads as fake Adobe Flash update. Thus, inexperienced users can be easily tricked into downloading a malicious file and causing serious problems to the whole computer network.

However, security researchers did not take long to find a vaccine to prevent ransomware infiltration. Though, basic security tips are also recommended to follow.

Bad Rabbit malware masquerades as Flash update

Drive-by downloads are one of the distribution methods used for spreading Bad Rabbit ransomware virus. The fake Flash update is injected into compromised websites. If users end up on a malicious site, they receive a pop up asking to install the latest update. Once they hit “Install” button, the malicious executable is dropped to the Win32/Filecoder.D folder. Then the install_flash_player.exe file is executed, malware starts data encryption procedure.

However, malware might also exploit a vulnerability in Windows Server Message Block (SMB). At first, it was thought that malware uses EthernalBlue vulnerability. However, latest analysis data says that it’s not true. Malware just scans the internal network and looks for open SMB shares. If it finds, it might affect the whole network.

Protecting computers and networks from ransomware

Bad Rabbit ransomware might cause extreme damage to your company or paralyze important city infrastructures, such as public transportation. However, home computer users should be aware of security tips too.

After the infiltration, malware immediately locks files with a combination of RSA-2048 and AES-128-CBC encryption ciphers and makes them unable to open due to .encrypted file extension. In order to recover files, victims are asked to pay 0.05 Bitcoin. However, the size of the ransom might increase.

Security researchers discovered a vaccine that helps to protect devices from the latest version of the Petya ransomware:

  1. Create infpub.dat and cscc.dat files in c:\windows directory by running cmd.exe as an administrator and entering these commands:
    echo “” > c:\windows\cscc.dat&&echo “” > c:\windows\infpub.dat
  2. Right-click on each of the newly created files and select Properties.
  3. 
Access Security tab in the appeared Properties window.
  4. Click Advanced option.
  5. In the newly appeared window click “Change Permissions…” button.
  6. Uncheck “Include inheritable permissions from this object’s parents” box (Windows 10 users have to choose “disable inheritance button” and then select “Remove all inherited permissions from this object”).
  7. You will receive a Windows Security pop up. Click Remove button.

Additionally, security experts do not recommend paying the ransom and advise to take precautions in order to avoid losing important data loss:

  • Enable automatic Adobe Flash Player updates. In this way, you or your employees will not be tricked into installing bogus update from the pop-up window.
  • Patch the Windows SMB protocol. Also, make sure that your operating system has all necessary security fixes. Install them as soon as they are offered by Microsoft.
  • Install available software updates. Enabling automatic software updates help to avoid misleading alerts. However, if you prefer monitoring updates, you should be careful and do not forget to install them regularly.
  • Do not open suspicious email attachments. Often ransomware-type viruses spread via malicious spam emails that include an infected attachment. Before opening any attached safely looking files, please check the information about the sender and provided an issue to make sure that it’s actually safe to open.
  • Backup data and update it regularly. Having extra copies of the most important files reduces the damage in case of ransomware attack.
  • Strengthen computer’s protection by installing reputable antivirus.
Identify and remove Chromium virus

Chromium virus is on the rise: Identify and remove rogue web browsers

Criminals use Chromium project to develop fake versions of Google Chrome

Chromium virus can be defined as a bogus version of Chrome browser developed by cybercriminals. Once a free access to the source code of Google Chrome was given, people were able to launch their own browsers using open-source Chromium project.

Researchers noted that today, Chromium adware spreads widely and users should be aware of the possible consequences, which may arise afterward. If you noticed any issues related to your Chrome browser, immediately scan your computer using a reliable security software.

Moreover, the project is entirely legitimate, but malevolent people can take advantage of an open-source tool to create and distribute fake browsers. Computer users may not even notice that their original Chrome browser is slightly different.

Typically, the potentially unwanted program (PUP) may overwrite the verified browser shortcuts and set fake Chrome version as a default search engine or homepage.

Afterwards, it promotes annoying advertisements or redirects to less than reliable sites. Once the user clicks on the ads or content displayed in a rogue page, s/he risks getting infected with various types of malicious programs.

Since developers of fake versions invest a lot of effort in order to make their copies look genuine, people are often misled when identifying the cause of intrusive ads or redirects to suspicious websites that Chromium virus generates.

Several best-known bogus versions of Chrome

There are many deceptive Chromium virus variants out here. Below, you can see a list of the most prevalent ones.

1. MyBrowser;
2. Torch Browser;
3. BrowserAir;
4. eFast;
5. Chroomium Browser.

These apps may claim to improve your browsing experience and offer “handy tools” to provide the functionality of your favorite social networking sites or even increase your security.

It is just a deceptive marketing trick to lure users into installing the adware. Instead, these fake browsers collect browsing-related data, that can be personally identifiable and cause serious privacy issues.

Therefore, if you noticed continuous pop-ups or other unwanted behavior, you can check the “About” section of your Chrome browser. It should open and display Google Chrome name.

If it fails to launch, we suggest seeking for unauthorized browser extensions or other unknown programs installed on your computer in order to remove so-called Chromium virus.

Potentially unwanted program infiltrates via quick installation of regular app

Developers of deceptive applications aim to generate revenue by promoting potentially unwanted programs (PUPs) via Quick/Recommended settings during the installation process.

Rushing users aim to finish the download/installation quickly and are unable to detect the presence of adware, which is hidden among “Optional Components” of free software.

Therefore, you should always opt for Custom/Advanced settings and carefully follow the steps of installation. If you are offered to install bundled apps from unauthorized developers, un-tick the box and do not permit the PUP to infiltrate.

Moreover, fake versions of Chrome can be promoted in suspicious websites or advertisements. Thus, you should avoid clicking on them in order to protect yourself from the hijack.

If you have already been infected, our IT specialists recommend downloading a security software from trusted sources and running a system check (choose full system scan option). It will quickly detect the compromised data and remove Chroomium virus. We advise looking for security software recommendations on 2-Spyware website.

Cybercrime trends Fall 2017: what cyber threats can you meet online?

Be aware of ransomware: your files are still in danger

Recently, Europol announced that ransomware is the most powerful cyber threat among all. Thus, this autumn user should be prepared for data-encrypting virus attacks. One of these threats is a new version of Locky; and we are not talking about Lukitus and Ykcol variants.

In October 2017, researchers discovered Asasin – a new example of Locky that spreads via corrupted email attachments. If it finds the way into the computer, there’s no way to get back your files.

The BTCWare family also continues to grow up. At the beginning of October, BTCWare PayDay ransomware version has been noticed spreading and asking to pay the ransom. Thus, it’s time to backup to avoid possible damage.

Facebook scammers allure victims with free iPhone X

Virtual life on the biggest social network is not simple and calm. The new wave of Facebook virus spread a scam aiming at Apple fans and those who are in desperate need to get the latest iPhone model for free.

Numerous fake pages were created on Facebook and Instagram to attract users to participate in iPhone’s giveaway. Undoubtedly, no one is going to give free Apple phones. The purpose of this scam is to collect a bunch of sensitive information about users. In order to participate in such contest, people are asked to verify their Facebook accounts, enter the full name or contact details.

Scam posts might also redirect to suspicious pages and shows numerous ads. Therefore, naive users can end up on a malicious website until he or she ends up on a phishing site. Thus, this autumn you should not forget that too-good-to-be-true offers are always created by criminals.

Malvertising attacks become bigger and more sophisticated

It seems that malvertising became a new sweet spot for cyber criminals. This autumn crooks launched two massive campaigns to spread malware-laden ads. At the beginning of October, the legit Taboola advertising platform was hacked.

Malicious Taboola ads were noticed on msn.com website. They redirected to a tech support scam website that warned about “harmful virus” and asked to call a toll-free phone number to Microsoft technicians. Indeed, there’s nothing unique about this scam example.

Later KovCoreG group showed that they are capable of hacking another legit ad-services. This hackers team aimed at one of the most popular and most visited websites – Pornhub. However, this time criminals used a sophisticated attack which targeted users by their location and used browser.

People from the US, Canada, the UK and Australia who visited this porn site using Chrome or Firefox were asked to install a critical update. Meanwhile, Microsoft Edge and Internet Explorer users were tricked by fake Adobe Flash Player update. In this way, cyber criminals tricked millions of users to install Kovter click fraud adware. Thus, being careful with ads this fall is more than important.

Yahoo Data Breach 2013: Every Account Was Hacked

New details discovered about Yahoo data breach

If you had or still have a Yahoo email account, it is high time you changed your password. When it comes to bad luck, Yahoo company certainly knows what it feels like. Begining from 2013, it has been continuously terrorized by cyber criminals. Unfortunately, they managed to succeed in their misdeeds.

The scale of data breach scales turns out to be massive

In August 2013, after the security of Yahoo email accounts was breached, the company stated that 1 billion accounts were hacked. The “unauthorized third-party” was the culprit for leaked data. The latter was comprised of the following:

  • Contacts
  • Full name;
  • Birthday date;
  • Hashed passwords (using MD5);
  • Phone number;
  • Security passwords and answers;

The company assured that no credit card information was leaked. Users were urged to change their passwords. The incident also revealed a bad tendency among users of using “password123” security phrases.

Data breach every year

After more than a year has passed, cyber criminals struck again. On September 22, 2014, 500 million accounts were violated. This time, the specialists claimed that it was a state-sponsored attack.

The data was said to benefit the felons penetrate Gmail and iTunes accounts. The FBI investigation presented the results that the convicts were Russian FSB officers, Dmitry Dokuchaev and Igor Sushchin, cooperating with a few Canadian hackers.

Later on, another incident in 2016 followed these data breaches. The cyber villain, by the pseudonym of “Peace of Mind,” was selling leaked account data on darknet already since late 2015. Further disclosed details led to assume that the data had been obtained prior 2013 data breach incident. Unfortunately, Yahoo security experts’ late discovery about the incidents only made matters worse.

However, while it seems that it cannot get worse, further investigation denies such assumption. The company experts revealed that the 2013 data leak was much bigger in scale than expected. The analysis disclosed that all 3 billion Yahoo accounts, active in 2013, were violated.
Unfortunately, these findings only harm the dubious reputation of Yahoo even more.

If you still have an email Yahoo account, you should change your passwords again. However, considering the fact that more details are unraveled about data breaches dating back three years ago suggests that your account might be still at risk even if you alert the passwords.

On the final note, even if you have Gmail account, you should be vigilant as well. Connecting different accounts might not be a good idea since if perpetrators hack into one, they might breach another. In addition, recent IT experts’ analysis reveals that hackers developed a new campaign called “Free Milk.” By violating one’s users email account, they break into ongoing email chats and foist malicious attachment.
All in all, when it comes to cyber security you can never be too cautious:

  • double-checking the identity of a sender and enabling two-step verification are still viable prevention tips
  • ensure the security of your email and PC with a couple of different cyber security tools