Combo Ransomware is new reincarnation of Dharma/Cezar/Crysis Ransomware family. The successor of Arrow and Bip Ransomware. This version appends complex extension, that ends with .combo or .cmb and contains e-mail address and unique ID. Combo Ransomware encrypts all sensitive files including documents, images, videos, databases, archives, project files, etc. Windows files stay untouched for stable operation. Combo Ransomware uses AES-256 encryption, which makes the victim’s files inaccessible without decryption key. As for today, decryption is not possible, however, you can attempt to decrypt files from backups or trying file recovery software. There is also chance of decryption after using methods explained in this article.
Appearance of Yetill.com ads and pop-ups in Safari, Google Chrome, Mozilla Firefox or Internet Explorer indicates adware infection on your PC or Mac. If you see them constantly, while opening habitual websites, that means unwanted browser add-on is installed or doubtful desktop application is running. In most cases, advertisements come from subdomains like 85.yetill.com, 14.yetill.com, 20.yetill.com or other 2-digit prefix. Such pop-ups can lead to dangerous services or offer to download malware. Yetill.com redirections disturb users, and in some cases won’t let them visit desired page.
Ad-Aware Secure Search is browser extension that can be installed in Google Chrome, Mozilla Firefox or Internet Explorer. It modifies newtab, homepage and search engine settings to defaultsearch.co, that redirects to lavasoft.gosearchresults.com. Unfortunately, these websites provide bad results and filled with sponsored ads. Users are unable to alter those settings until removal of Ad-Aware Secure Search extension. However, even after complete elimination users see remnants in browsers, because settings remain unchanged. Although, Ad-Aware is vendor of security solutions, such alliance with advertising companies may only have bad influence on overall computer security and users privacy.
KEYPASS Ransomware is one of the varieties of STOP Ransomware, described by our team earlier. Virus already attacked users from 25 countries including Brazil, Chile, Vietnam, USA, United Arab Emirates, Egypt, Algeria, Indonesia, India, Iran, Poland, Belarus, Ukraine. This variation uses uses symmetric and asymmetric cryptography and adds .KEYPASS extension to the files after encryption. Intruders demand $300 ransom for decryption. They offer to decrypt up to 3 random files for free, to prove that decryption is possible. Hackers also warn, that if amount is not paid within 72 hours data restoration will be impossible.
Search.mapseasy.net or MapsEasy New Tab is deleterious browser hijacker, that is the part of browser extension called MapsEasy. Add-on can be installed in Google Chrome or Mozilla Firefox. It features in-built toolbar with quick access links to online map services, yellow and white pages, road traffic websites and other resources. It is free, but in exchange it replaces default homepage, search engine and new tab settings to Search.mapseasy.com. This search engine cam be powered by Bing.com, which is lesser evil, or by questionable Search.tools, that has zero information available and provides poor search results. First of all, third-party add-ons like MapsEasy may compromise browser security and user privacy, by getting access to sensitive data, stored in browsers and generating ads inside SERPs.