Most aggressive browser hijackers

Watch out for the latest in browser hijackers – Qtipr.com, Motious.com and Launchpage.org

It is obvious that ransomware is one of the most common computer virus types today. Cerber, Spora and Locky viruses already managed to prove victims that ransomware attack is no joke. However, ransomware is not the only computer program that can pose a threat to your computer system and your privacy. Our team points out that in 2017, developers of shady browser hijackers noticeably intensified production and distribution of potentially unwanted programs that are meant to take control of user’s web browser and push sponsored content via it. Most of the time, such questionable companies set up dozens of identically looking websites that provide web search function and create programs that change user’s browsers’ settings to make them launch a particular search engine automatically. What annoys us so much is the fact that these browser-hijacking programs are distributed in a legitimate way, which we consider to be quite unfair. These programs usually accompany various free programs, which do not adequately inform the user about their existence during the installation process.

So far the most common and bothersome browser hijackers seem to be Motious.com, Launchpage.org virus, and Qtipr.com virus. The last one is especially intrusive and deceptive one, and unlike the others, it doesn’t even promote a search engine. This browser hijacker is very hard to remove because instead of installing programs or browser extensions, it adds a VBS Script into Windows Management Instrumentations, which makes web browsers launch Qtipr.com site automatically. Speaking about Launchpage.org redirect virus, we must say that it tries to promote a fake copy of Google search engine, which can easily trick inattentive victims into using it. Finally, Motious.com hijack brings an unpleasant search tool that always fills search results with paid links. Clicking on any links provided on sites promoted by these browser hijackers can be dangerous. Although it is possible to remove such browser hijackers manually, our team recommends using anti-malware programs as they can delete the infection in a faster and safer way. The Esolutions team would like to remind you to stay clear of suspicious content online, install computer programs carefully and using Custom/Advanced settings only, and protect your computer with an anti-spyware or anti-malware program even if you have an antivirus. Such software helps to detect all kinds of spyware and malware whereas antivirus might only be good at detecting severe viruses.

Bitcoin value goes up. What should we expect from ransomware developers?

You might have already heard that the value of one Bitcoin has just reached the price of an ounce of gold. At the moment, one bitcoin will set you back $1,268, while one ounce of gold will cost you $1,233. Unfortunately, such rise can seriously encourage more hackers to step into ransomware business. Security experts have already announced that the amount of ransomware families keeps growing and has nearly doubled when compared to the last year. The same can be reported when discussing a typical ransom fee. During the last years, it has increased from several hundreds of dollars to $1K. For example, an infamous Locky ransomware requires 0.5-1 BTC. In the meanwhile, newer viruses, such as Sage 2.0 ransomware or Aes256 ransomware, have started requiring from 2 BTC to 10 BTC. 
To prevent such enourmous money loss, you need to back your data first. Keep in mind that each of your important files should be saved in more than two destinations, including your hard drives, USB sticks or clouds. Then, take care of your system’s protection properly. After installing anti-spyware software, make sure you keep it up-to-date.

Youndoo virus renews its activity

2016 was a busy year for security experts – computer virus business was booming and everyone was asking for help. Of course, the main problem which caused a serious havoc on the Internet was an infamous Locky. As soon as this ransomware showed up, the amount of infected users increased from 23,000 to 56,000 cases per month. However, the latest trends reveal that there is a lot more to come in 2017. New viruses, including Spora ransomware, HakunaMatata or Help_Help_help virus (new Cerber’s version), have already emerged. Nevertheless, it seems that we should not forget the old ones.

Security experts are reporting about a fresh tendency – reappearance of well-known viruses that were launched back in 2015 or 2016. We have already notified you about Crypt0l0cker which was first detected in the middle of 2015. Beware that it has just been noticed starting its second round of propagation. It seems that we should also not forget Youndoo virus. The most affected countries seem to be Denmark, Germany, Spain, Portugal and Hungary. Please, be careful with this browser hijacker. No matter that it is not capable of encrypting your files, it can cause unauthorized redirects on your browser. Browser redirects have already been named one of the main ways leading PC users to the infiltration of malware.

Guide that will help you avoid Hakuna Matata ransomware

Hakuna Matata ransomware came out to light in the middle of January 2017. First of all, it seemed to be like an ordinary virus which is ready to have its one second of glory. After helping its developers collect some income, it was supposed to let another ransomware take its seat, but it seems that it is not ready yet. The number of affected users keeps increasing each day, so you need to be focused enough to avoid this malware. Otherwise, you can lose your files, your money or both as there is no guarantee that hackers will give you an effective decryption key after you pay the money.

You know that you are infected with this ransomware when you see ‘.hakunamatata’ extension next to your filenames. Usually, these files become completely useless because this ransomware tends to encrypt them with AES256-bit and RSA-2048 encryption algorithms. You cannot recover these files yourself because of a very strong cipher used by this malware. The main aim of doing so is the money which is asked in exchange for a special decryption key. Virus seeks to encrypt as much victim’s data as possible, so make sure that you remove Hakuna Matata as soon as you notice its activity on your computer. For that you can use any reliable anti-spyware or anti-virus software. However, it cannot recover encrypted files.

If you what to prevent this ransomware, you need to remember several rules:

Stay away from spam – Hackers have been actively relying on social engineering while trying to infect PC users. To stay safe, make sure you carefully read messages from well known organizations and institutions before downloading attachments provided by them. Opening an infected document can launch Hakuna Matata virus on your computer.
Ignore misleading alerts and pop-ups – If you were offered to update your browser or Flash Player while browsing the Internet, it might be a scam. You should use only official websites to update your software, so forget about illegal download websites distributing pirated copies of software.

Crypt0l0cker is expected to begin the second round

We must warn you about the growing danger of Crypt0l0cker ransomware. It seems that Europe is the main target of this virus which is also known as TorrentLocker. To protect yourself and prevent a need to pay the ransom fee to cyber criminals, make sure you back up your files. Ransomware viruses are now capable of encrypting the entire network, so you need to find a safe place to your files. While we haven’t received any reports from Crypt0l0cker victims yet, we can see a clear increase in this search term what makes us believe that its developers have already started promoting its installer.

To avoid the newest, Crypt0l0cker 2017, you must know each of its distribution methods. Here are the most popular ones:

  • Fake email messages with infected attachments. Mostly, ransomware installers are presented in fake emails claiming to be financial and business reports. Hackers are trying to convince their victims that they are communicating with one of their colleagues. If an email message seems suspicious, make sure you ask the sender about it directly.
  • Infected pop-up messages and illegal websites. You can also get infected with ransomware via misleading pop-up messages offering free updates and “missing” software to the potential victims. Believe us, you don’t need anything. If you need a program, visit its official website and be sure that the needed file is safe.
  • Legitimate websites hacked by ransomware makers. Hackers have already started using a more sophisticated technique to promote their ransomware – after infecting the legitimate site with the malicious JavaScript, they make this website to show a fake error message, such as HoeflerText font wasn’t found error. Make sure you ignore such errors to prevent infiltration of ransomware and the loss of your files.

eSolutions review on Spora ransomware

Spora ransomware was introduced by its developers in the beginning of 2017. However, it has already managed to impress security experts by its encryption procedure, a well-made official website and a ransom notification. This virus is considered one of the most aggressive ones because it doesn’t need the Internet connection to encrypt victim’s files. Infected documents do not change their extensions, but you can’t open them. When trying to do that, you can see the notification that reads:

XXX can’t be opened.
This document is either corrupt or protected under Rights Management.

Infected users are also asked to connect to the payment site of the Spora ransomware to know how much do they need to pay for the decryption of their files. The most surprising thing that we found after connecting to this site is that you  can choose the amount of money are you willing to spend on the ransom. Of course, the less you pay, the less you can decrypt. Also, there is a dialogue window on the right where you can leave your question to the developers of Spora ransomware. This “customer” support has surprised even the most experienced security experts because it gives you an opportunity to talk to hackers. The first example of this malware used Russian language and was spread as Скан-копия _ 10 января 2017г. Составлено и подписано главным бухгалтером. Экспорт из 1С.a01e743_рdf.hta file. However, its developers are not silly to miss a change to increase their profit – to collect as much ransoms as possible, they launched English version of Spora ransomware after several weeks of testing their initial virus. Beware that this version has just started spreading via USB sticks, so anyone who connects his/hers USB stick to your computer can infect you with this ransomware virus.

Have you decided what anti-spyware software you are going to choose in 2017?

Selecting the security software for computer’s protection has always been a serious headache for PC users. However, there is no doubt that nowadays, when security experts report about tens of different viruses each day, you need to take care of your PC’s protection properly. Failing to use security software can end up with serious consequences – trying to find a remedy (program, specialist, etc.) for your computer. Keep in mind that there are many anti-viruses or anti-malware programs that are much cheaper than the services of computer tech guys. Besides, the latest tendencies reveal that, even after you succeed in virus removal from your computer, there is no guarantee that you will be capable of restoring the data (photos, music files, videos, business documents, art, etc.) that you kept on it.

What should you look for when choosing anti-virus software? According to PC experts, these are the main features that you should check:

  • Real-time scanner
  • On-demand scanner
  • Heuristic Scanner
  • Automatic virus updates
  • Automatic program updates

Fortunately, you can avoid spending long hours trying to find needed information about every anti-virus you are willing to install on your computer. Security experts working on the 2spyware project have already prepared several guides dedicated to helping people choose the best programs for their computers’ protection.  If you are looking for an anti-malware program, you should check Best anti-malware of 2017 and Best malware removal programs of 2017 guides. Those who are willing to step up with their computers’ protection are recommended to read Best free anti-virus of 2017 list.

Phishing attack targets Gmail users

Tricky phishing scam targets Gmail users: here’s how to protect your account

Cybercriminals are now targeting Gmail users, Wordfence reports. We have seen various tricks and methods that cyber criminals use to lure unsuspecting victims into clicking on compromised links that immediately redirect the victim to phishing websites. However, a brand new technique caught our attention recently. Attackers are using compromised user accounts to infect people on the victim’s behalf. First of all, they find an actual letter with attachments that the victim has sent to someone in the past. Then they take a screenshot of the message and the attached files, add this picture to a new letter, embed a URL of a phishing Gmail login page and send it to another victim. The new victim receives a letter from a friend whose account was compromised, but of course, the new victim doesn’t suspect that. When the new victim attempts to click on the message or attached files to preview them, an immediate redirection occurs, which throws the victim onto a phishing website that asks the victim to log into Gmail account again. If the victim doesn’t notice that the URL of this fake Gmail login page looks suspicious and enters login details, hackers instantly log into the account and hack it by changing the password and all other information that can be used in account recovery process. Then hackers use the compromised account to spread phishing emails further, infect more users, and so on.

Let us remind you that getting your email account hacked is one of the most disastrous things that can happen to you. Typically, email addresses are connected to dozens of accounts on various Internet websites, which means these email addresses are used to send account recovery instructions, reset passwords, and so on. In other words, when hackers get access to your email account, they can get access to almost every website that you have registered on using the compromised email. Therefore, they might connect to shopping sites, social media sites, and other websites, scrap your personal information from them, use bank cards you linked to these sites, and so on. To protect yourself from this phishing attacks, double-check the URL of a website before browsing it, even if it looks like the real Gmail, Paypal, Facebook, or another well-known site. Speaking about this phishing attack, we have to say that scammers redirect users to a website that has data:text/html,https://accounts.google.com[…] URL. Therefore, in order to prevent phishing attacks, you should carefully inspect URLs of sites you visit, especially if you get redirected to them. Secondly, enable two-factor authentication for Gmail. This way, hackers won’t be able to steal your account even if you provide the login details. Finally, you should install software that can identify phishing sites and block access to them. The Esolutions team has prepared informative articles about the best anti-malware software of 2017 and the best antivirus programs of 2017 to help users choose the best protection tools for their computers.

Bad news for the Internet community: a new version of Cerber ransomware has hit the web

With a different design and improved distribution tactics, the new Red Cerber ransomware has been reborn and is ready to take down as many computers it can. The virus now spreads as a javascript dropper file which might arrive into the potential victim’s inbox compressed in .zip or .rar archive. The malicious file itself is mostly delivered under a random file name and features a .js extension at the end. Talking about extensions of the encrypted files, these are (again) different from the previous Cerber versions. Now the virus adds four-character extensions that are generated from random letters and characters. Needless to say, files marked with such extensions become inaccessible because they are encrypted with military-grade RSA-512 and RC4 ciphers. To explain how these files can be retrieved, Red Cerber developers have designed the virus to drop _README_.hta file on every infected folder automatically and change the desktop picture with an image of the typical Cerber ransom note. The only thing that is different is the note’s background color. You have probably already guessed it — it is now red.

Interestingly enough, Red Cerber does not delete Volume Shadow Copies of the encrypted files anymore, so the victims may try to recover their data for free, using these Windows backup copies of the files. The experts are not sure whether this was a programming flaw that the virus developers have overlooked by accident or was it a purposeful and conscious decision. Either way, such weakness increases virus vulnerability and significantly diminishes the expected financial outcome. Thus it is likely that a new Cerber version is already on its way. If you are not infected yet — it is high time you started taking the necessary precautions to increase the security of your device and safety of your data.

Happy new year! (and make sure you stay away from Cerber)

As 2016 came to an end, we have to thank you for being with us this year. These 12 months have brought us hundreds of new viruses, scam techniques and computer-related news. Nevertheless, we hope that we managed to reach our main goal and help you protect your computer from malware.

No matter that we all feel festive, we should not forget that holiday season is perfect time for hackers to infect users with malware. At the moment of writing, we have to warn you about the newly-discovered campaign of Cerber ransomware. It has been found that the installer has been hidden in misleading email messages related to famous e-commerce sites such as Amazon, eBay and others. Besides, the virus can infect your computer via fake messages pretending to be warnings from your bank of other financial authority.

Make sure you check the message body attentively and, if you are not sure about the people who are trying to contact you, reach them via telephone or email. Finally, we will come up for the only New Year’s resolution for you – it’s time to get a professional security software to keep your computer virus-free.