GandCrab V5.0 Ransomware is fifth generation of high-risk GandCrab Ransomware. Probably, this virus was developed in Russia. This crypto-extortor encrypts user and server data using the Salsa20 algorithm, and RSA-2048 is used for auxiliary key encryption. 5-th version appends .[5-random-letters] extension to encrypted files and creates ransom note called [5-random-letters]-DECRYPT.txt. Examples of ransom notes: VSVDV-DECRYPT.html, FBKDP-DECRYPT.html, IBAGX-DECRYPT.html, QIKKA-DECRYPT.html. GandCrab V5.0 Ransomware demands $800 ransom in BitCoins or DASH cryptocurrencies for decryption. However, often, malefactors deceive users and don’t send keys. Thus, victim won’t recover her/his files, but put credentials at risk on doubtful exchange of cryptocurrencies.
“YOUR COMPUTER HAS BEEN BLOCKED” is fake pop-ups alert or message, that may appear in Google Chrome, Mozilla Firefox, Edge or Internet Explorer. It is categorized as Tech support scam, as in many cases it compels or provokes users to dial some “toll free” number. Virus can imitate virus infection or Windows error directly in browser. On the other end of the line you will hear an experienced Indian fraudster, who will introduce himeself as “technical support specialist”, who will encourage you to pay cetain fee to fix problems with your computer, that did not ever existed. “YOUR COMPUTER HAS BEEN BLOCKED” pop-up has many variations of design, texts and reasons of its appearance can also be different. In some cases, such alerts may offer some rubbish “windows optimization” software for download.
PoliticalNewsCenter Toolbar is another fishy browser extension for Google Chrome, Mozilla Firefox or Internet Explorer from MindSpark Interactive Network. As any other add-on from this developer, PoliticalNewsCenter provides somewhat useful features in a narrow field (in this case political news, obviously), but in exchange in gets access to private browser data and settings. So, toolbar has quick access links to some popular news resources, posts some news on the main page. But the most vile thing is in the inside – it modifies browser search engine and homepage to third-party search.myway.com, or other unknown search with sponsored results. Frequently, after the removal of PoliticalNewsCenter Toolbar those settings remain unchanged.
MacShiny is fake Mac optimization program, that is promoted via phishing landing pages, claiming it will fix MacOS issues. After infiltration, MacShiny performs PC scan and finds nonexistent or inessential issues on Mac computer, presenting these problems like “critical”. Another trick is waiting for you in subscription payment. It is stated that monthly fee is $1.99, however, it goes up to $49.99 from the second months. There are many complains from our readers, that MacShiny slows down Mac perfomance.
Gamma Ransomware is file-encrypting virus, categorized as ransomware and belonging to Crysis-Dharma-Cezar family. This is one of the most widespread ransomware families. It got its name due to file extension it adds to encrypted files. Virus uses complex extenion that consists of e-mail adress and unique 8-digit identification number (randomly generated). Gamma Ransomware developers demand from 0.05 to 0.5 BTC (BitCoins) for decryption, but offer to decrypt 1 non-archived file for free. The file should be less than 1 Mb. We recommend you to recover 1 random file, as it can help fo possible decoding in future. Keep the pair of encrypted and decrypted samples. Currently, there is no decryption tools available for Gamma Ransomware, however, we recommend you to use instructions and tools below. Often, users remove copies and duplicates of docmunets, photos, videos – infection may not affect deleted files. Some of removed files can be restored by using file recovery software.