BugsFighter

Weqp is a recent ransomware infection developed by the STOP/Djvu malware group and appeared in the end of May, 2023. Developers behind it have released a number of very similar infections to encrypt users' data and blackmail them into paying money for the recovery. Malware primarily uses a combination of symmetric and asymmetric encryption algorithms to encrypt victims' files. The specific encryption algorithms employed by STOP/Djvu have evolved over time as the malware has undergone several variants and updates. However, the most commonly observed encryption algorithm used by STOP/Djvu is the RSA algorithm for asymmetric encryption. Weqp Ransomware barely differs from other previously developed versions. It encrypts all kinds of important files and alters their appearance with the .weqp extension. To illustrate, a file like 1.pdf will change to 1.pdf.weqp and reset its icon under the virus affection. After this, a text file called _readme.txt ends up created to explain how files can be decrypted.

SpinOK malware is a sophisticated Android software module designed to operate as spyware, posing a significant threat to smartphone users. It functions by secretly gathering data from files stored on devices and potentially transmitting this information to malicious individuals. What makes SpinOK particularly insidious is its ability to replace and upload clipboard contents to a remote server. This malware is distributed under the guise of a marketing software development kit (SDK), which makes it difficult to detect and remove. By incorporating these functionalities, the operators behind SpinOK gain the ability to access sensitive information and files on a user's device. For example, they can target files accessible to apps containing Android.Spy.SpinOK. To accomplish this, the attackers insert the appropriate code into the HTML page of the advertisement banner, effectively exploiting the trust users place in the advertised content.

4yendex.com presents itself as a legitimate search engine, promising improved search results and quick access to popular websites. However, this rogue website employs deceptive tactics to trick users into believing its legitimacy. In reality, 4yendex.com is a browser hijacker that modifies browser settings without consent and records users' browsing activity. This article explores the dangers of 4yendex.com and provides tips to avoid unwanted installations. 4yendex.com operates as a browser hijacker, targeting popular browsers like Internet Explorer, Google Chrome, and Mozilla Firefox. It stealthily alters the new tab URL, default search engine, and homepage settings, without user consent. Additionally, the hijacker modifies existing browser shortcuts to include the 4yendex.com URL. These actions may appear minor, but they effectively hijack the browsing experience, leading to continual redirects to 4yendex.com.

Weon Ransomware is one of the newest versions developed by the STOP (Djvu) family. It was first spotted in the end of May 2023. This ransomware targets various types of personal data (e.g. images, videos, documents, etc.) using online keys randomly generated for each victim. Once they are applied and data becomes encrypted, users are no longer able to access and interact with it. During the encryption process, all of the files get assigned with .weon extension. This means that files will change their name and reset their icons. For example, a file like 1.pdf will be changed to 1.pdf.weon and lose its initial icon at the end of encryption. Then, just like other recent versions of the STOP (Djvu) family, Weon creates a text note called _readme.txt that contains decryption instructions. No matter which one was dropped on your PC, all of them display the same information.

Jigsaw Ransomware is widely-spread family of ransomware. Ransomware is designed to encrypt files on a victim's computer, rendering them inaccessible, and then demands a ransom payment in exchange for the decryption key needed to restore the files. Jigsaw Ransomware gained attention in April 2016 when it was first discovered. It was named after the iconic character from the movie "Saw" due to its use of an image of the character as its logo. Jigsaw Ransomware targets Windows-based systems and spreads through various methods such as malicious email attachments, infected downloads, or exploit kits. Once a computer is infected with Jigsaw Ransomware, it begins encrypting files on the system, including documents, images, videos, and other important data. It then displays a ransom note on the victim's screen, demanding a payment, usually in Bitcoin, within a specified time frame. If the victim fails to pay the ransom within the given time, Jigsaw Ransomware threatens to delete a portion of the encrypted files as a form of punishment. It also displays a countdown timer, adding a psychological element of urgency.

Tipz.io is a deceptive search engine that causes frustration and inconvenience for users. It operates through browser extensions, stealthily altering browser settings without consent. Once installed, Tipz.io forcefully changes the homepage and default search engine, redirecting searches to its own URL instead of reputable search engines. This invasive search engine has the ability to collect sensitive information about browsing activities, compromising privacy and security. Additionally, Tipz.io poses risks by redirecting users to malicious websites that promote scams, fake alerts, explicit content, and other questionable materials. The hijacker targets all major browsers: Google Chrome, Mozilla Firefox, Safari, and Edge. In this article we provide simple roadmap to remove Tipz.io and restore browser settings using instructions and tools.