Trigona is the name of a ransomware virus that encrypts data of corporate users (e.g., companies) and demands money for file decryption. During encryption, it appends the new ._locked extension (for instance,
1.pdf._locked) and creates a file named how_to_decrypt.hta after successful completion. This file contains instructions with steps on what victims should do to decrypt their data. It is said all critical information, such as documents, databases, local backups, and so forth has been encrypted and leaked. Cybercriminals also mention that file decryption is impossible without their direct involvement. Also, it is mentioned that data of those who refuse to collaborate with cybercriminals will be sold to figures potentially interested in its abuse. To prevent all of this, threat actors guide victims to open a decryption page via the TOR Browser and contact the ransomware developers.
Uyit Ransomware is a complex encryption-type virus, that uses AES (Salsa20) algorithm to cipher user files. Data affected by this malware become unavailable without a special decryption key. The virus gets slightly modified every week, and recent versions append the following extensions: .uyit. Uyit Ransomware does not touch system files, but may block navigation to certain security websites using the Windows "hosts" file. When users try to download anti-malware or decryption tools, the pest won't allow them to do it. You can easily download recommended programs from our site and read instructions on how to use them. Ransomware copies file _readme.txt, the so-called "ransom note", to the desktop and to the folders with encrypted files. The text file contains information about the infection, ways to pay the ransom, and contact information.
Bazek is a virus infection that features all the traits inherent to ransomware. Put simply, it encrypts access to data (using AES-256 algorithms) and asks victims to contact cybercriminals in order to get a special decryption key. During encryption, the virus also assigns the new .bazek extension to each targeted file. To illustrate, a file named
1.pdfwill change to
1.pdf.bazekand lose its original icon as well. Depending on what version of Bazek Ransomware attacked the computer, it will either create a text note called README.txt or display a pop-up window with similar decryption instructions.
Also known as Sullivan, RansomBoggs is a ransomware infection designed to encrypt data and demand payment for decryption afterwards. Recent research showed that this virus has had numerous attacks on various organizations placed in Ukraine. During encryption, RansomBoggs renames all targeted files with the .chsch extension. For example, a file originally titled as
1.pdfwill change to
1.pdf.chschand become no longer accessible. Following this, the ransomware also creates its own note (SullivanDecryptsYourFiles.txt) with decryption instructions.
Notifpushback.com is a hazardous site, that displays ads, pop-ups, and notifications in Safari, Google Chrome, Mozilla Firefox, Internet Explorer or Edge. If you see advertisements from Notifpushback.com while browsing certain sites, it means those sites use bad-quality advertising, or they are hacked. This can be fixed by installing ad-blocking software, like AdGuard (see description below). If you see notifications from Notifpushback.com, it means the website is allowed to show them in browser settings. In this situation, you need to check your PC for viruses and follow the instructions below. Ads promotion like this one appeared recently and uses user habits and standard browser features to create social-engineering attacks and deliver unwanted ads. Learn how to stop ads and block notifications in your browsers by removing Notifpushback.com.