SafeFinder is browser extension that is installed in 3 major browsers (Google Chrome, Mozilla Firefox and Internet Explorer). SafeFinder replaces default search and homepage of all your browsers to search.safefinder.com. Even if you remove SafeFinder from Control Panel and extensions from browsers these settings will remain unchanged.
GlobeImposter 2.0 Ransomware is the second generation of file-encrypting ransomware virus GlobeImposter. The name “GlobeImposter” was originnaly given to it by crypto-ransomware identification service called “ID-Ransomware”, because of the assignment by the extortioners of the “proprietary” ransom note from the Globe Ransomware family. The purpose was to frighten the victims, to confuse the researchers, to discredit the decryption programs released for the Globe-family. Thus, all Globe-imitators, which are not decrypted by the decryption utilities released for Globe 1-2-3, received the conditional name GlobeImposter, and after that – GlobeImposter 2.0. Virus can be detected by various antivirus programs as Trojan.Encoder.7325, Trojan.Encoder.10737, Trojan.Encoder.11539, Ransom_FAKEPURGE.A or Ransom.GlobeImposter.
Search.yourmapsnow.com or YourMapsNow is misleading browser hijacker, that replaces default search engine and homepage in Safari, Google Chrome or Mozilla Firefox on Windows or Mac. Often, it is accompanied with browser extension or application called “Your Maps Now”. This add-on sneaks in browsers and takes control over main browser settings. Of course, it installs without user permission using the deceptive tactic. After installation, user search queries are redirected to query.yourmapsnow.com and then to search.yahoo.com. This allows the hijacker to collect private browser data and share it with advertising companies. The homepage also changes to Search.yourmapsnow.com and, besides search, provides quick links to main map resources such as Google Maps and Bing Maps. Page looks similar to normal search engine page, and some users don’t even see the difference until they start searching for something.
FUNNY Ransomware is nearly identical to previous versions of Crysis-Dharma-Cezar ransomware family, except that now it adds .FUNNY extension to encrypted files. Dharma-FUNNY Ransomware constructs file extension from several parts: e-mail address, unique 8-digit identification number (randomly generated) and .FUNNY extension. ID number is also used for victim identification, when hackers send decryption key (although they do it rarely). Dharma-FUNNY Ransomware authors demand from $500 to $15000 ransom, that can be paid in Monero, Dash or BTC (BitCoins), and in return they promise to send decryption key. This type of ransomware is coded and distributed as RaaS (Ransomware as service), and people your are trying to contact can be just resellers. That is why, amount of money they want for decryption can be very big. Using cryptocurrency makes it impossible to track the payee. We do not recommend to pay any money to malefactors. Usually, after some period of time security specialists from antivirus companies or individual researchers break the algorithms and release decryption keys.
Ads and redirects from Laubeyrietechnology.com in Google Chrome or Mozilla Firefox are caused by installed browser extensions. As a result, users constantly see advertising blocks before and after Google search results. After clicking on links in this ads, they are redirected to the aforementioned domain. Currently, there is a list of certain add-ons, known to be the source of infection, however, malware developers may extend distribution by purchasing more and more Chrome and Firefox extensions projects. Ads and redirects appear soon after updating such e This is a dangerous and perfidious way of spreading the infection, as it hits unsuspecting owners of previously good and safe add-ons.