Cerber ransomware becomes the main concern of security professionals

We have been hearing news about Cerber ransomware for more than 8 months now. Unfortunately, but the latest report does not mean anything good as it claims that there are two freshly-released versions of this virus detected by security researchers several days ago. If you are happen to find README.hta file on your computer’s desktop, you should know that the virus, which you might be dealing with, is either Cerber 4.1.0 or Cerber 4.1.1 ransomware. These threats are almost identical to their predecessor. However, there are several facts that should be remembered by every PC user.

As we have already mentioned, the latest versions of Cerber start displaying Readme.hta file on computer’s desktop right after they infiltrate the system. For hijacking computer, these threats use an infamous exploit kit which is known as PseudoDarkleech Rig. If your computer is vulnerable, you can become a victim of such exploit kit just by browsing thru the Internet and visiting your favorite websites. Once Cerber 4.1.0 virus or Cerber 4.1.1 infiltrates computer, it starts its encryption process which is used to block victim’s files. The extension which is appended by these threats to each of affected files consists of four random characters. If you can’t open your data or if you can see this four character extension added to some of your files, there is a huge possibility that you are dealing with one of these ransomware viruses. Make sure you ignore their ransom notes that are usually set to inform people about their encrypted files and a need to purchase the special tool which is known as Cerber decrypter.  In this case, you should remove their malicious files from your computer and use data recovery software.

Update your anti-malware program now

Reasons to update your security software right now

Patching and updating – these are the primary keys towards cyber security. Sadly, part of computer users forget or ignore prompts to improve anti-malware programs they have installed on their computers, and unfortunately, unconcern can result in tragic consequences. Users should understand that once installed, anti-malware software is capable of protecting the computer and also removing threats that are known at that point in time, but cyber criminals continue evolving viruses and creating new ones. Therefore, if the user forgets to update it, or to enable automatic updates, the anti-malware software becomes unable to identify and remove viruses that have just appeared on the Internet. That is why software updates are important – by installing updates, you supply “knowledge” about these computer viruses to your security software and “teach” it to detect and eliminate them. Sadly, anti-virus programs do not have artificial intelligence and cannot understand which files are harmful or potentially unwanted without being programmed to recognize them.

Updates are created by IT experts and include virus definitions, which help the anti-malware software to recognize and uninstall malicious files and programs. Typically, updates are released daily or weekly – make sure you install them. If you forget to update the anti-malware software, you leave your PC system vulnerable to various computer threats, such as ransomware, trojans, worms, and other forms of malware. Do not forget that malware authors work hard too, and race with anti-malware companies. They seek to infect as many computers as possible before anti-malware programs become able to identify these new viruses and block them.

Anti-spyware or anti-malware programs typically have a button that says “Check for updates” – use it to see if its authors have released updates that can patch flaws and make the program more powerful. In some cases, computer protection programs suggest automatic updates function, which makes sure that the software checks for software updates repeatedly and automatically installs them as soon as they appear.

Crooks look for new targets after hacking MySpace, Linkedin, and Yahoo

It seems that cyber criminals have  advanced to the new level of impudence as they continue hacking major websites. It is no big news already that Yahoo was hacked twice or thrice and suffered millions of user accounts’ leak. Later on, crooks pointed their targets to MySpace and Linked domains. Such online market giant as Amazon did not escape cyber criminals‘ attention as well. While the IT specialists rush to patch security flaws, the users are left with a dilemma: is there a safe website on the Internet?

Users who have been using Yahoo mail might have been astonished after finding out that enormous amount of personal data was leaked and more than 500 million users were affected by this breach. Surprisingly, such violation, which actually took place in 2014, has been published only recently. Speculating. why such act has been concealed from public attention for such a long time, many users arrived at the conclusion that the cyber attack might have been supported by governmental institutions. Soon afterward, conspiracy theories started booming.

Another popular website, MySpace.com, also has a notorious history of hijack. The website was escalated in different news portals after detecting the data leak including more than 427 million passwords. While some crooks use them to hack into owners‘ bank accounts, others simply sell the data on the dark net. Luckily, the latter document with the size of 14 GB was spotted by a virus researcher. Despite various data leak alerts, users still keep using plain and ordinary passwords. Due to that, hackers gain more chances of invading several accounts at the same time.

Moreover, Amazon is said to be the next target as it was assaulted by a Twitter user in July after the company ignored his remarks on obvious security flaws. Their indifference resulted in 80 000 leaked user login passwords. Recently, the website has been compromised again as it rushed to reset the passwords of selected users while denying and data breach. These hijacks prove that users still are not self-cautious and do not take necessary security measures. They only realize the importance of changing login credentials regularly after they become the victims of a cyber crime. For the future note: think up of a password containing numbers and characters, change it every three months and use different passwords for different accounts.

Ransomware with ridiculous names started appearing on the web

Ransomware viruses have been around for years, just recently, though, they came back to the web more malicious than ever before. These viruses take away your files, ask you to pay the ransom but will not necessarily return them even if you pay. There are hundreds of such programs, and they are all more or less destructive. Thus, the names picked out by their creators usually correspond to their malicious nature. The 2-spyware team has already discussed such frightening infections like the Apocalypse virus, Nuke ransomware or a cyber threat named after the famous horror movie character Jigsaw. Such titles were undoubtedly chosen to add seriousness and frighten the victims into paying up for their files.

For other malware creators, money may be just as important, but they seem to have decided: why not amuse themselves while making it? As a result, ransomware with funny and even ridiculous names started showing up and infecting computers. Donald Trump ransomware, Princess Locker virus are just a few of the most bizarre virus titles that our team has come across only in the past couple of weeks. Moreover, there are still samples of cyber infections that draw from the popular culture, like for instance, Harry Potter-themed Voldemort or Norse mythology-related ODIN ransomware. Completely random names like JokeFromMars are also not uncommon. Nonetheless, despite the fact that these titles have no negative connotations, such ransomware should not be taken any less seriously than their serious counterparts. In fact, there is a greater chance of unknowingly downloading malicious files which names do not raise any suspicion or even sound hilarious. File-stealing infections are not a joke and should be avoided at all costs. On 2-spyware.com we try to update and inform you on the latest ransomware releases, but there still might be viruses roaming the Internet not yet discovered by the virus experts. Thus, we urge everyone to take steps to protect computers from potential breaches and not allow malware creators to make fun out of you.

Yahoo reports about a vast data breach: what should you do?

After several years, Yahoo reports about a huge data breach that affected more than 500 million Yahoo users. According to experts, this attack could be named the biggest data breach in history, leaving LinkedIn and MySpace attacks behind. The latest information reveals that hackers got the access to users’ names, dates of birth, telephone numbers, emails, passwords, and similar data. Fortunately, Yahoo confirms that bank account information and payment data is secure and hackers did not steal it.

The company claims that it has already warned all potential victims and informed them about this security issue. The company also advises users not to reveal any personal information or click on any links or attachments after receiving a suspicious email. Next, you should change the password, especially if you are one of those, who has been using the same password since 2014. Make sure you opt for alternative verification methods this time to keep your account secure. According to the company, people should consider using Yahoo Account Key which allows accessing the account after confirming login via phone.

After this hack, eSolutions wants to remind users to think about an advanced protection of their private information online. You should always create strong passwords that include small and capital letters, numbers and symbols (if allowed). Moreover, do not use common and the most popular passwords, such as “password,” “qwerty,” “123456”, etc. Security specialists suggest making a strange but memorable sentence and taking first letters from each of words – that’s how you can create a strong and unique password. If you are not a creative person, you can look up for reliable password generators online. Also, do not use the same password for all your accounts. For better protection, we recommend using two-factor authentication.

Warning from 2-spyware: do NOT visit Safe-web.tk

Several weeks ago, researchers from one of eSolutions projects, 2-spyware, received a question on Safe-web.tk. A person who was contacting them asked how could he remove this annoying virus. After starting their own research, experts discovered that Safe-web.tk is a browser hijacker that causes redirects to misleading websites. Be sure to stay away from it because you can be tricked into revealing your personal information to scammers Also, you can loose the money and run into other problems.

The first domain 2-spyware researchers were redirected to was a misleading site that promotes “roulette strategy”. It is a Lithuanian domain that is filled with misleading claims about an “amazing” possibility to earn the money by playing roulette online. We must warn you that such strategies do NOT work and that you won’t be able to take the money you transferred during registration. After testing Safe-web.tk virus for the second time, experts found themselves on a site that announces about a $3500 prize. It asks the victim to enter personal details so that he or she could claim the prize. Please, do NOT reveal your personal information to people that you don’t know and remove Safe-web.tk from your computer before it achieves what it was created for.

New scam alert: a fake BSOD error

People hate Blue Screen of Death (BSOD) error because it can force their computers to reboot at the most unexpected times. Sometimes you can fix this issue by using System Restore, rebooting your machine to Safe Mode or by installing updated drivers but, in most of the cases, you can get rid of BSOD only after you reinstall Windows. However, it seems that there is one more thing to check if BSODs have started interrupting you – you should also scan your computer with updated anti-spyware for malicious software.

According to the latest reports, hackers have started spreading programs that are capable of showing a fake BSOD. Once it infiltrates computer and affects web browser, it starts interrupting its victim with such alert message. By showing it, it seeks to mislead users into thinking that their computers are dealing with malware-related problems that can be solved only by reaching MICROSOFT CERTIFIED technicians. The fake BSOD error can also report about potential data loss and similar problems that can appear due to this invented problem. Please, do NOT contact any “experts of Microsoft” because they have nothing to do with this company. In reality, they are hiding under such name just for trying to make people dial a given number and earn the money from their fake service.  Fortunately, you can remove BSOD error virus with almost every reputable anti-spyware program.

Why is it dangerous to deal with Trotux?

Nowadays, Internet users are facing threats every minute they spend online. Some of them can be stopped by an antivirus software, others can be avoided due to a smart behavior online. Unfortunately, but some threats can still find a way to sneak into the computer unnoticed. One of them is Trotux virus that was discovered by its 2spyware security researchers several months ago. This program has mostly been called a “virus.” However, it is not an accurate definition because it is not malicious itself. Usually, people let it infiltrate their computers without even noticing this because it has been actively promoted with the help of bundling. Beware that Trotux can come to your system bundled with download managers, PDF creators and similar freeware. To prevent it, you must always select “Custom” or “Advanced” installation of free software. Then, make sure that you uncheck check marks telling you that you are not against changing your PC’s settings. Of course, you can also install this program yourself. Why? Probably, after being convinced that this search engine delivers “relevant and comprehensive results every time you search.” However, you should keep in mind that Trotux does not fit the image of reliable search engine and there are more than three things explaining why should you and other Internet users stay away from it.

  • Trotux.com hijacks web browser;
  • This browser hijacker delivers potentially harmful content;
  • It might collect personal information.

One of the best ways to keep your computer safe is to remove Trotux and similar PUPs from your computer. You should also check this post to know more about this suspicious search engine.

Facebook Suspension scam is still active and tries to trick companies

Facebook has the audience of more than 750 million users, so there is no surprise that thousands of companies have been actively using it for their marketing campaigns and public relations. Naturally, when you are active on this social network, you receive thousands of notifications to your email box. The scariest ones are Facebook’s warnings about your suspended page. However, if you have recently received this kind of notification, there is a huge possibility that it is a scam that has nothing in common with Mark Zuckerberg’s aim to close your company’s page. It might be that you are just dealing with Facebook Suspension virus which has recently renewed its activity.

In fact, this scam is not new – it has been spreading around for several years. It spreads with the help of misleading email messages that pretend to be from Facebook and claim that company’s Page might be suspended because of Facebook’s Terms of Services violation. The email provides a link for account verification and further review. According to specialists from 2-spyware, this link has been altered for several times and that there is a huge possibility that it might redirect users to infected domains. So, you should not open this link because visiting these websites might cause serious damage to computers.

If you received a similar email from Facebook that looks suspicious, read this post about Facebook virus attentively. To spot scams, you should look for grammar or typo mistakes that are usually the red flag that the email is fake. However, most importantly, you should check the email from the sender. If it was sent from Facebook Help Center, the real service of Facebook, you may be in trouble with your suspension. 



eSolutions announce a release of a brand new site

It hasn’t been a week since eSolutions team has announced the new addition to the 2-spyware project – viruss.lv. The release of the Latvian version of the popular infosec website has already received a lot of positive feedback. But we are not planning on stopping just there. We aim at introducing current cyber security issues to even more native language speakers, ensuring our project is accessible to people of all origins and nationalities.

Today, we would like to announce the release of viirused.ee, an Estonian site which is already 28th language eSolutions administers. Now, we can finally cover all three of the Baltic countries: Latvia, Lithuania, and Estonia. Just like the Latvian site which we announced a couple of days ago, viirused.ee is still in the process of growing and its team is working on catching up with the latest and the most important online security news. As the site progresses, the Viirused will keep you updated on the latest cyber threats, infosec news and will kindly assist you with malware removal. The Virus Activity plugin implemented on this site will also give you a concise overview of the current virus activity level, warning you about the most dangerous threats to look out for.

Do not hesitate, go and check our newly released sites while we proceed to provide you with the best service. If you can’t find a site in your native language just yet, do not worry – we are working on it, and you can expect new additions soon.