Search.queryrouter.com is unwanted search engine with minimalistic design, that resembles popular search engines. Actually, this website redirects search queries to Google. Search.queryrouter.com claims to collect user browser information for purposes to improve its services, however, as we can see on the example of other hijackers, this information is used for advertising purposes, or just sold to third parties.
All-czech.com is website, that is used to hijack browser settings in Google Chrome, Mozilla Firefox and Internet Explorer. From the name of the domain one may think it is aiming Czech Republic, but in fact this is just one of the random names hijackers use to mislead users. This search engine targets international audience and redirects user search queries to cse.google.com, which is Google Custom Search.
Yeabd66.cc is potentially unwanted search engine for Google Chrome, Mozilla Firefox and Internet Explorer. It uses Google Custom Search to deliver search results to user. Main page of this hijacker contains advertising banners, links to popular shopping websites, online games, social networks. If user types search query and clicks “search” button, he is redirected to cse.google.com.
Osiris Ransomware is newest variant of Locky ransomware. According to its name, new virus adds .osiris suffix to encrypted files and modifies filenames so they look like that: [8_random_characters]-[4_random_characters]-[4_random_characters]-[8_random_characters]-[12_random_characters].osiris. Osiris encrypts files with RSA-2048 and AES-128 algorithms that currently cannot be decrypted. Ransom is near 2.5 BitCoins (~$1880) and there is no earthly use to pay it. Osiris ransomware alters desktop background with typical image with text instructions. User can only make payment to anonymous Bitcoin wallets, so that police cannot keep track on malefactors.
.zzzzz Ransomware is another variant of Locky ransomware, that adds .zzzzz extension to encrypted files. Virus encodes user files with asymmetric encryption algorithm and modifies filenames with 32-digit alphanumeric code. This makes it difficult to discern where certain files are and complicates decryption. After completing encryption ransomware creates 3 files (-INSTRUCTION.html, _6-INSTRUCTION.html, and -INSTRUCTION.bmp) and replaces desktop background image. In this files virus contains texts to persuade users to pay the ransom. Ransom is actually quite big – 3 BitCoins or ~$2200.