Newtab.review is intrusive browser hijacker. Developers claim, that it enhances search experience by providing quick access links to popular websites (Aliexpress, Travel Guru, Booking, Gearbest, Facebook, YouTube, Amazon and eBay). In fact, website is designed only for gaining revenue from advertising, search and clicks on partner sites. Newtab.review looks very similar to Google Chrome default new tab. It has search box that redirects user queries to google.com and links to gmail.com, YouTube and Google images in the top right corner. This was made on purpose, to mislead users and make them continue using doubtful website.
Apusx.com is unwanted search engine, that is used by browser hijackers to change settings in Google Chrome, Mozilla Firefox and Internet Explorer. It replaces default homepage and search engine settings, and hijacks browser shortcuts on the desktop. As a result, www.apusx.com website opens on startup. This search engine redirects users to home.parallaxsearch.com, that belongs to Infospace metasearch network. Search results visually resembles Google.com, but actually closer to Yahoo.com. As this website uses doubtful installation methods, does not allow users to revert browser modifications, Apusx.com is considered advertising browser infection. The purpose of it is to display targeted ads and sponsored results.
Chromesearch.club is another browser hijacker in the series of “Chromesearch” malware for Google Chrome, Mozilla Firefox and Internet Explorer. Its logo, color palette and elements structure are similar to Google Chrome default start page or variations of google.com. Chromesearch.club substitutes homepage, search and new tab settings in browsers and redirects user queries. Virus will not allow users to revert the changes and does not give an option to remove Chromesearch.club. This hijacker secretly gathers users private data, like browsing history, search history, online behavior, cookies etc.
30tab.com (http://30tab.com/en.htm) is deleterious browser hijacker, that replaces default settings (search engine, homepage) in Google Chrome, Mozilla Firefox and Internet Explorer. It looks like typical search engine start page, with tab, that contains quick links to popular social networks, shopping sites, news portals and advertising banners. The start page is called “30Tab Safe Navigation” and it redirects user search queries to Google Custom Search. 30tab.com targets international market, with local pages for France (30tab.com/fr.htm), Spain (30tab.com/es.htm), Germany (30tab.com/de.htm), Italy (30tab.com/it.htm), Russia (30tab.com/ru.htm), Brazil (30tab.com/br.htm).
Arena Ransomware belongs to CrySis family, previous wide-spread ransomware of this type was Dharma Ransomware, that we described on this blog. Arena Ransomware was detected by security researches first time in August 2017. Since then, it had numerous updates. Different versions of Arena Ransomware demand different ransom amounts. It varies from 0,20 to 0,73 BitCoins, which is near $5000. Security experts do not recommend to pay developers of ransomware, as this encourages them to create new variations and does not guarantee decryption of your files. Actually, most times malefactors don’t send decryption keys. Latest versions of Arena Ransomware are not decryptable, however there is a chance to restore files affected by older versions.