Velso Ransomware is maleficent crypto-virus, that uses AES encryption algorithm to encode user files. Ransomware mostly targets English-speaking countries, but may infect computers in any country. Affected files get .velso or .david extension and become inaccessible. After encryption Velso Ransomware creates text file get_my_files.txt with instructions to pay the ransom. The ID of the key and victim is generated by CryptGenRandom (), using AES-256 OpenSSL in ECB mode. Currently, there is almost impossible to decrypt files encrypted by Velso without master key.
STOP Ransomware is dangerous file-encrypting virus. It uses AES/RSA-1024 encryption algorithm. Depending on version, ransomware adds .STOP, .SUSPENDED or .WAITING extensions to encrypted files. First variant of STOP Ransomware creates !!!YourDataRestore!!!.txt files, second !!!RestoreProcess!!!.txt, third !!!INFO_RESTORE!!!.txt. In this files, malware demands $600 ransom, that has to be paid in 72 hours, in BitCoins. It also contains user personal id and e-mail addresses for contacting.
Hermes Ransomware wide-spread family of crypto-viruses. There have been 2 major updates of initial ransomware – Hermes 2.0 Ransomware and Hermes 2.1 Ransomware. All variants use AES-256 encryption algorithm combined with RSA-2048. First version did not add any extensions and modified only content of the files by adding HERMES file-marker. Last version started to append .hrm suffix, but then just encrypted files without filename modification. After encryption, ransomware creates text files DECRYPT_INFO.txt and DECRYPT_INFORMATION.html, that contains message with instructions to pay the ransom and contact details. You can see the contents of this files below in the next paragraph.
Prime Updater or PrimUp! or PrimeUpd is misleading application, that pretends to be software updater, but in fact delivers ads and pop-ups in Google Chrome, Mozilla Firefox and Internet Explorer. It has basic functionality to detect and download browser and flash updates (although browser offer own updates themselves and Adobe has official updater). However, such trivial functional is given by a great price. Prime Updater gets access to browser settings, can download and install not only updates but also advertising browser extensions and runs on startup.
Chumsearch.com is unwanted search engine for Safari, Google Chrome and Mozilla Firefox browsers running on Mac. It is installed by browser hijacker along with freeware. This webpage is associated with famous Safe Finder malware and search queries, that user types on Chumsearch.com are redirected to search.safefinder.com and then to search.yahoo.com. This website overrides search and homepage settings in browsers, and hijacker module does not allow user to revert this settings.