Many experts consider VK+OK AdBlock to be an unwanted browser extension. Such an assumption is true as long as it runs suspicious activity without the consent of users. Initially, VK+OK AdBlock is the name of a Google Chrome extension available for download in the official store. Its main goal is to improve the browsing experience by blocking ads across all social media popular in Russia. However, despite it is able to perform this feature indeed, some actions taken by the extension are shady and do not consent users. At first, VK+OK AdBlock keeps sending information to its server in Russia even when users stop using any social media websites. This says there is a risk of data surveillance, which can be gathered by the developers and used in illegal needs. The second suspicious thing is why VK+OK AdBlock ads itself to the exception list of Windows Defender. Apparently, the extension has some security issues and does not want to be removed by the antivirus program. Lack of transparency, as well as unwanted distribution methods, puts VK+OK AdBlock onto the list of potentially unwanted extensions that should be removed from your system.
Irjg Ransomware is a prevalent encryption virus and blackmailer, that targets valuable personal files. After infection and data encoding hackers start extorting the ransom. There have been more than 300 versions of the ransomware, each version gets slightly modified to circumvent the protection, but main footprints remain the same. The malware uses AES-256 in CFB mode. Shortly after launch, the STOP family cryptographer executable connects to C&C, retrieves the encryption key and infection ID for the victim's PC. Data is transmitted over simple HTTP in the form of JSON. If C&C is not available (the PC is not connected to the Internet, the server itself is not working), the cryptographer uses the hard-coded key and ID in it and performs offline encryption. In this case, you can decrypt the files without paying a ransom. Variations of STOP Ransomware can be distinguished from each other by ransom notes and extensions it adds to encrypted files. For STOP Ransomware under research today, extension is: .irjg. The ransom note file _readme.txt is presented below in the text box and picture.
GABUTS PROJECT is a ransomware virus that encrypts system-stored data to extort money for its return. It does so by appending the .im back extension to each modified file. Files like music, videos, pictures, and documents will acquire the new extension and reset their original shortcut icons. Here is an example of how encrypted files will look like -
1.docx.im back, and so forth. After this, the virus features a pop-up window and creates the "gabuts project is back.txt" file containing ransom instructions. The text is written in first person with requests to send 100 BTC for data decryption. This is exactly the price victims should send in order to restore the data. It is also mentioned this payment has to be done within 1 day after infection. To begin communication, victims should write to the pinned e-mail address. According to the text, there is also an option to decrypt 1 file by accessing the tor link. Unfortunately, nobody will pay the price of 100 Bitcoins (5,712,670$) unless it is a big corporation that lost extremely important data.
Also known as Ranzy Locker, ThunderX 2.1 is a new ransomware sample that runs thorough data encryption. Depending on which version attacked your system specifically, you may see one of these 3 different extensions assigned to data - .RANZY, .RNZ, .tx_locked or .lock. To illustrate, an innocent file like
1.pdfwill change to
1.pdf.lockat the end of encryption. It will also reset its shortcut to blank. Right after this, the virus creates a text note named readme.txt that contains ransom instructions. Cybercriminals call victims to follow the listed instructions as this is the only option to recover your data. All files have been rendered inaccessible with the help of secure encryption algorithms. To revert these consequences, victims are guided to contact developers through e-mail and buy unique decryption software. While sending a message, it is also required to attach a key string and personal ID from the note. In addition, they offer to send 3 files and receive them decrypted for free. They claim this is a guarantee of their trustworthiness and ability to restore the data. Nobody apart from victims knows how much money extortionists behind ThunderX 2.1 demand.
Captchamodern.top is classified as a fraudulent website attempting to promote a stream of unwanted and compromised ads. These ads will start displaying right on your desktop in form of push notifications after you click on the Allow button. Although Captchamodern.top claims this is necessary to verify that You are not a robot, the final result ends up being completely the opposite. This is simply a ruse meant to fool users into allowing fake push notifications. Thereafter, developers will be able to earn money commissioned from clicks on displayed ads. It is not advised to interact with content delivered by websites like Captchamodern.top since there is a risk of getting redirected to dangerous resources. Sometimes allowing fake push-notifications may also permit the page to execute some hidden action, which will infect your system with malware or unwanted software. In some cases, users are unable to rid of changes promoted by Captchamodern.top because there is an adware program installed on a PC. Chances are this program snuck into your system without consent and altered some values in order to open Captchamodern.top instead of your homepage. It is also worth mentioning that such programs may access data you enter whilst surfing the web. The objective may be information like passwords, IP-addresses, geolocations, banking credentials, and more that can be abused afterwards. If you are dealing with this or other difficulties related to Captchamodern.top, follow our guide below to make sure it is removed completely and trace-free.
Babyduck is a ransomware infection that encrypts data by assigning the .babyduck extension. The word encryption means users will no longer be able to open system-stored files because they are blocked. Those files will undergo two visual changes - a new extension and a reset of shortcut icons. To illustrate, a file like
1.pdfwill be altered to
1.pdf.babyduckand drop its icon to blank. Right after this, Babyduck creates a text note with ransom instructions (README.babyduck). Research related to this ransomware version has been temporarily frozen and not yet updated. The only thing that stands out clearly is how encrypted data will look after the ransomware attack. Despite there is no precise information on ransom instructions, they are more likely similar to other file-encryptors. Cybercriminals will probably ask you to pay for special decryption software that will access your data. The payment can be usually done only in cryptocurrency like Bitcoin. Apart from this, it is also common to see extortionists offer free file encryption.