Osiris is pushing Locky out of its throne

Ransomware developers have always been competitive, trying to get more victims involved in their scams. Nevertheless, during the recent months, we have been witnessing a boiling battle of the Titans as Osiris and Locky virus were competing for the top position in the most successful ransomware list. And it looks like the ruling of the notorious Locky is coming to an end with Osiris slowly but surely pushing it out of its throne. It is interesting that both of these infections were programmed by the same group of hackers. In fact, Osiris is considered as one of Locky’s follow-up versions. However, its new distribution strategies and better obfuscations techniques make it a serious competitor capable of outrunning its predecessor.

Over the last couple of years, the popularity of ransomware viruses has drastically sprung up as more and more hackers began to feel the itch of making some easy money. The success of this illegal money extortion technique has even inspired creators of other malware, (Tech Support Scams for instance), to adapt ransomware features in their own work. It is likely that this virus family will grow even more dangerous over time, so you have to be prepared to withstand it. Either you find yourself in the target of Osiris or Locky, be sure you have backup copies of your important files saves somewhere safe, preferably, on some external storage device.

Malware infections doubled during first holiday weekend

Holiday shopping this year is and will be more dangerous than never. Cyber security specialists warned about expected malware increase during Black Friday and Cyber Monday; however, criminals managed to surpass these expectations. During this long four-day weekend malware attacks doubled compared to other days of the year. In the United States malware infections skyrocketed up to 106%. Instead of purchasing a ridiculously cheap gadgets, a new pair of shoes or other goods, many shoppers got ransomware, Trojans, and other computer infections.

For several years specialists notice that malware activity starts increasing during Black Friday and do not stop after Cyber Monday. Actually, last year the biggest malware activity was noticed two days after Cyber Monday. However, chances to catch computer infection stay high during all holiday season. So, it’s important to be careful buying presents to your family and friends online.

During the first holiday weekend, cyber criminals tricked people by sending fake spam and commercial emails, including infected websites into search results and sending malicious links on social networks. Email inboxes have been flooded with tons of fake offers to purchase goods for a low price, special prices, and various great deals and so on. Victims received fake emails from Amazon, and other well-known retailers informing about problems with their latest orders. These misleading emails tricked people into opening attached files which is typically used to spread ransomware viruses. Criminals also used social networks for their illegal activities and sent infected links on Facebook and Twitter. Well, some crooks worked very hard and created fake websites that managed to rank quite high in Google search results.

Cyber infections are lurking everywhere, so it’s important to be extremely careful this holiday shopping season. We recommend having trust issues and not relying on each receive offer or discount coupon even if it has been sent from a popular retailer. Do not trust any emails that are sent from retailers and claiming about various problems with your order. If you need to check the status of your purchase, go straight to retailer’s website, log in and check if there’re any issues. Keep in mind that thousands of malware developers are targeting lots of computer users in Europe, the U.S.A., and other continents. So, it’s better to be careful and do not rush with last minute’s shopping.

Locky ransomware goes on Facebook: malware started spreading via instant messages

Most of the time we became excited when we hear a Facebook notification about the new message. Our friend was excited on Sunday as well before he realized that the message was suspicious. He received a .svg picture without any explanation, and it smelled a bit fishy. His friend is not one of those users who sends lots of pictures just for fun. Besides, Facebook always shows a full or a part of the pictures. This time it looked like a link. He thought it’s just another version of the Facebook virus. Curiosity killed the cat, and he clicked on received picture. He ended up on the website that looked identical to YouTube where he was asked to install a necessary extension to watch the video. This seems suspicious, right?

Indeed, this SVG file hides a Nemucod Trojan which is responsible for installing and executing infamous Locky virus. Finally, hackers managed to step in Facebook and launched the first ransomware distribution campaign on social media. Malware spreads via previously mentioned SVG file which is known as XML-based vector image that allows adding JavaScript. As we already explain, when the victim clicks on file, he or she is redirected to the website that looks like YouTube but has different URL. Honestly, who looks to URL bar? We are all interested in the content! However, this bogus site asks to install “Ubo” or “One” extension, and if users agree to do it, ransomware infiltrates the system, starts encrypting personal files and spreading the malicious message to all Facebook friends. After a couple of minutes you receive a ransom note, and after several hours or days, you can expect your friends start blaming you for spreading viruses and causing them problems.

The realization that Locky can reach computer users even in such a small European countries like Lithuania gives us a feeling that it’s impossible to hide from ransomware. The developers are still working hard and looking for various ways to infect computer users worldwide. Therefore, you should be careful and backup your files!

Web-start.org hijacker and Thor ransomware — two never-ending headaches for the virus experts

Ransomware and browser hijackers — a couple of this year’s most active cyber infections. Over the year 2016, these parasites have been developing, changing their form, behavior, and computer infiltration strategies, keeping virus analysts and security software developers constantly on their toes. During this period, multiple malicious infections have surfaced and died out, but there are a few of the most aggressive parasites which creators are not even planning on stepping back. One of these viruses is Thor ransomware. This cyber infection is known to be deriving from the notorious Locky virus family. It stands beside other malicious virus versions, including .Shit file extension virus, Perl ransomware, and ODIN virus. It is a complex infection that travels around with the help of malicious spam campaigns, uses obfuscated files to enter the computer and is capable of encrypting over 400 types of files. Cyber security experts, including eSolutions team, are actively researching the virus and working towards its decontamination. Nevertheless, it is extremely difficult to curb such a well-developed malware like Thor, so, for the time being, the users are advised to fend for themselves and protect their data by making regular system backups.

The browser hijacker frontier is no less dangerous. Though these types of viruses are much more unstable and easier to curb, there are parasites like Web-start.org that are raging on the web regardless of the attempts to stop them. This virus is based on the obscure Plus Network and is a trustworthy-looking imitation of a regular Internet search engine. If you ever find Web-start.org set as your homepage or default search engine — do NOT use it! Otherwise, the fake search results it provides may expose you to malicious websites where your computer might be infected by much more serious malware infections. It will take some time for the experts to learn how to stop this infection, but we should not forget that responsibility for the undesirable success of such programs falls on the shoulders of the users as well. We should pay more attention to our computer security and our behavior online and, maybe, problems like browser hijackers will soon become a thing of the past.

Cerber ransomware becomes the main concern of security professionals

We have been hearing news about Cerber ransomware for more than 8 months now. Unfortunately, but the latest report does not mean anything good as it claims that there are two freshly-released versions of this virus detected by security researchers several days ago. If you are happen to find README.hta file on your computer’s desktop, you should know that the virus, which you might be dealing with, is either Cerber 4.1.0 or Cerber 4.1.1 ransomware. These threats are almost identical to their predecessor. However, there are several facts that should be remembered by every PC user.

As we have already mentioned, the latest versions of Cerber start displaying Readme.hta file on computer’s desktop right after they infiltrate the system. For hijacking computer, these threats use an infamous exploit kit which is known as PseudoDarkleech Rig. If your computer is vulnerable, you can become a victim of such exploit kit just by browsing thru the Internet and visiting your favorite websites. Once Cerber 4.1.0 virus or Cerber 4.1.1 infiltrates computer, it starts its encryption process which is used to block victim’s files. The extension which is appended by these threats to each of affected files consists of four random characters. If you can’t open your data or if you can see this four character extension added to some of your files, there is a huge possibility that you are dealing with one of these ransomware viruses. Make sure you ignore their ransom notes that are usually set to inform people about their encrypted files and a need to purchase the special tool which is known as Cerber decrypter.  In this case, you should remove their malicious files from your computer and use data recovery software.

Update your anti-malware program now

Reasons to update your security software right now

Patching and updating – these are the primary keys towards cyber security. Sadly, part of computer users forget or ignore prompts to improve anti-malware programs they have installed on their computers, and unfortunately, unconcern can result in tragic consequences. Users should understand that once installed, anti-malware software is capable of protecting the computer and also removing threats that are known at that point in time, but cyber criminals continue evolving viruses and creating new ones. Therefore, if the user forgets to update it, or to enable automatic updates, the anti-malware software becomes unable to identify and remove viruses that have just appeared on the Internet. That is why software updates are important – by installing updates, you supply “knowledge” about these computer viruses to your security software and “teach” it to detect and eliminate them. Sadly, anti-virus programs do not have artificial intelligence and cannot understand which files are harmful or potentially unwanted without being programmed to recognize them.

Updates are created by IT experts and include virus definitions, which help the anti-malware software to recognize and uninstall malicious files and programs. Typically, updates are released daily or weekly – make sure you install them. If you forget to update the anti-malware software, you leave your PC system vulnerable to various computer threats, such as ransomware, trojans, worms, and other forms of malware. Do not forget that malware authors work hard too, and race with anti-malware companies. They seek to infect as many computers as possible before anti-malware programs become able to identify these new viruses and block them.

Anti-spyware or anti-malware programs typically have a button that says “Check for updates” – use it to see if its authors have released updates that can patch flaws and make the program more powerful. In some cases, computer protection programs suggest automatic updates function, which makes sure that the software checks for software updates repeatedly and automatically installs them as soon as they appear.

Crooks look for new targets after hacking MySpace, Linkedin, and Yahoo

It seems that cyber criminals have  advanced to the new level of impudence as they continue hacking major websites. It is no big news already that Yahoo was hacked twice or thrice and suffered millions of user accounts’ leak. Later on, crooks pointed their targets to MySpace and Linked domains. Such online market giant as Amazon did not escape cyber criminals‘ attention as well. While the IT specialists rush to patch security flaws, the users are left with a dilemma: is there a safe website on the Internet?

Users who have been using Yahoo mail might have been astonished after finding out that enormous amount of personal data was leaked and more than 500 million users were affected by this breach. Surprisingly, such violation, which actually took place in 2014, has been published only recently. Speculating. why such act has been concealed from public attention for such a long time, many users arrived at the conclusion that the cyber attack might have been supported by governmental institutions. Soon afterward, conspiracy theories started booming.

Another popular website, MySpace.com, also has a notorious history of hijack. The website was escalated in different news portals after detecting the data leak including more than 427 million passwords. While some crooks use them to hack into owners‘ bank accounts, others simply sell the data on the dark net. Luckily, the latter document with the size of 14 GB was spotted by a virus researcher. Despite various data leak alerts, users still keep using plain and ordinary passwords. Due to that, hackers gain more chances of invading several accounts at the same time.

Moreover, Amazon is said to be the next target as it was assaulted by a Twitter user in July after the company ignored his remarks on obvious security flaws. Their indifference resulted in 80 000 leaked user login passwords. Recently, the website has been compromised again as it rushed to reset the passwords of selected users while denying and data breach. These hijacks prove that users still are not self-cautious and do not take necessary security measures. They only realize the importance of changing login credentials regularly after they become the victims of a cyber crime. For the future note: think up of a password containing numbers and characters, change it every three months and use different passwords for different accounts.

Ransomware with ridiculous names started appearing on the web

Ransomware viruses have been around for years, just recently, though, they came back to the web more malicious than ever before. These viruses take away your files, ask you to pay the ransom but will not necessarily return them even if you pay. There are hundreds of such programs, and they are all more or less destructive. Thus, the names picked out by their creators usually correspond to their malicious nature. The 2-spyware team has already discussed such frightening infections like the Apocalypse virus, Nuke ransomware or a cyber threat named after the famous horror movie character Jigsaw. Such titles were undoubtedly chosen to add seriousness and frighten the victims into paying up for their files.

For other malware creators, money may be just as important, but they seem to have decided: why not amuse themselves while making it? As a result, ransomware with funny and even ridiculous names started showing up and infecting computers. Donald Trump ransomware, Princess Locker virus are just a few of the most bizarre virus titles that our team has come across only in the past couple of weeks. Moreover, there are still samples of cyber infections that draw from the popular culture, like for instance, Harry Potter-themed Voldemort or Norse mythology-related ODIN ransomware. Completely random names like JokeFromMars are also not uncommon. Nonetheless, despite the fact that these titles have no negative connotations, such ransomware should not be taken any less seriously than their serious counterparts. In fact, there is a greater chance of unknowingly downloading malicious files which names do not raise any suspicion or even sound hilarious. File-stealing infections are not a joke and should be avoided at all costs. On 2-spyware.com we try to update and inform you on the latest ransomware releases, but there still might be viruses roaming the Internet not yet discovered by the virus experts. Thus, we urge everyone to take steps to protect computers from potential breaches and not allow malware creators to make fun out of you.

Warning from 2-spyware: do NOT visit Safe-web.tk

Several weeks ago, researchers from one of eSolutions projects, 2-spyware, received a question on Safe-web.tk. A person who was contacting them asked how could he remove this annoying virus. After starting their own research, experts discovered that Safe-web.tk is a browser hijacker that causes redirects to misleading websites. Be sure to stay away from it because you can be tricked into revealing your personal information to scammers Also, you can loose the money and run into other problems.

The first domain 2-spyware researchers were redirected to was a misleading site that promotes “roulette strategy”. It is a Lithuanian domain that is filled with misleading claims about an “amazing” possibility to earn the money by playing roulette online. We must warn you that such strategies do NOT work and that you won’t be able to take the money you transferred during registration. After testing Safe-web.tk virus for the second time, experts found themselves on a site that announces about a $3500 prize. It asks the victim to enter personal details so that he or she could claim the prize. Please, do NOT reveal your personal information to people that you don’t know and remove Safe-web.tk from your computer before it achieves what it was created for.

New scam alert: a fake BSOD error

People hate Blue Screen of Death (BSOD) error because it can force their computers to reboot at the most unexpected times. Sometimes you can fix this issue by using System Restore, rebooting your machine to Safe Mode or by installing updated drivers but, in most of the cases, you can get rid of BSOD only after you reinstall Windows. However, it seems that there is one more thing to check if BSODs have started interrupting you – you should also scan your computer with updated anti-spyware for malicious software.

According to the latest reports, hackers have started spreading programs that are capable of showing a fake BSOD. Once it infiltrates computer and affects web browser, it starts interrupting its victim with such alert message. By showing it, it seeks to mislead users into thinking that their computers are dealing with malware-related problems that can be solved only by reaching MICROSOFT CERTIFIED technicians. The fake BSOD error can also report about potential data loss and similar problems that can appear due to this invented problem. Please, do NOT contact any “experts of Microsoft” because they have nothing to do with this company. In reality, they are hiding under such name just for trying to make people dial a given number and earn the money from their fake service.  Fortunately, you can remove BSOD error virus with almost every reputable anti-spyware program.