BugsFighter

FAST Ransomware is a type of malware that our research team recently discovered while investigating submissions on the VirusTotal website. This particular malicious program is classified as ransomware, which means it is designed to encrypt data on a victim's computer and demand a ransom in exchange for its decryption. When we tested the ransomware on our own machine, we observed that it encrypted files and modified their filenames. The original file titles were altered by appending the cyber criminals' email address, a unique victim ID, and the .FAST extension. For example, a file named sample.pdf would appear as sample.pdf.EMAIL=[fastdec@tutanota.com]ID=[RANDOM].FAST after encryption. After completing the encryption process, FAST ransomware dropped a ransom note titled #FILEENCRYPTED.txt onto the victim's desktop.

EXISC is a form of malware known as ransomware that came to our attention during our investigation. Its primary purpose is to encrypt data and demand payment in exchange for the decryption key. Upon executing a sample of this ransomware on our test system, we observed that it encrypted files and appended the .EXISC extension to their original filenames. For instance, a file named sample.pdf would appear as sample.pdf.EXISC. The ransomware also created a ransom note titled Please Contact Us To Restore.txt. Based on the message contained in the note, it became evident that EXISC primarily targets large organizations rather than individual home users. Victims often do not receive the promised decryption keys or software, even after complying with the ransom demands. Therefore, we strongly discourage paying the ransom, as it does not guarantee data recovery and only perpetuates criminal activities.

Vaze Ransomware (a.k.a. STOP Ransomware or Djvu Ransomware) is wide-spread file-encrypting virus-extortionist. This is one of the most dangerous ransomware with a high damaging effect and prevalence rate. It uses the AES-256 encryption algorithm in CFB mode with zero IV and a single 32-byte key for all files. A maximum of 0x500000 bytes (~5 Mb) of data at the beginning of each file is encrypted. The virus appends .vaze extensions to encoded files. The infection affects important and valuable files. These are MS Office documents, OpenOffice, PDF, text files, databases, photos, music, video, image files, archives, application files, etc. Djvu Ransomware does not encrypt system files, to make sure Windows operates correctly and users are able to browse the internet, visit the payment page and pay the ransom. Vaze Ransomware creates _readme.txt file, that is called "ransom note" and it contains instructions to make payment and contact details. The virus places it on the desktop and in the folders with encrypted files. Developers offer following contact details: support@freshmail.top and datarestorehelp@airmail.cc.

Bestsearch-online.com is a fraudulent Internet search engine that shares similarities with other fake search engines. Its developers claim that Bestsearch-online.com enhances the browsing experience by providing improved search results. This deceptive tactic often tricks users into thinking that Bestsearch-online.com is a legitimate and helpful search engine. However, the truth is that Bestsearch-online.com collects various browsing-related information without the user's consent, and its promotion involves utilizing rogue software download/installation setups that hijack internet browsers and make unauthorized modifications. Research has revealed that Bestsearch-online.com infiltrates popular browsers such as Internet Explorer, Google Chrome, and Mozilla Firefox through rogue setups. These setups modify the browser's new tab URL, homepage, and default search engine settings, redirecting them to bestsearch-online.com/search.php. Additionally, the setups modify the browser shortcuts' targets, automatically redirecting users to Bestsearch-online.com when they open a browser, new tab, or perform searches using the URL bar. These unwanted modifications are made without the user's consent and significantly degrade the browsing experience. Attempts to revert the changes are futile, as the setups stealthily install third-party applications and browser plug-ins, known as "helper objects," which reassign the modified settings whenever users try to change them.

Captchagenius.top is a website that utilizes push notifications to display advertisements. It falls under the category of potentially unwanted programs (PUPs) or browser hijackers. It primarily affects web browsers on desktop and mobile devices, including popular options like Google Chrome, Mozilla Firefox, Microsoft Edge, Safari, and Opera. These types of threats are designed to generate revenue for their creators by bombarding users with intrusive ads. Upon visiting Captchagenius.top or related websites, users may receive a prompt asking for permission to show notifications. If granted, the website gains the ability to send push notifications directly to the user's device, even when the browser is closed. This allows Captchagenius.top to display unwanted advertisements, pop-ups, or even redirect the user to other questionable websites. Understanding the nature and impact of Captchagenius.top is crucial in order to take appropriate steps to remove it and prevent further disruptions to your browsing experience. On this page we provide simple instructions to remove Captchagenius.top completely.

Disastrous virus known as STOP Ransomware, in particular, its latest variation Vapo Ransomware doesn't loosen up and continues its malicious activity even during the peak of actual human coronavirus pandemic. Hackers release new variations every 3-4 days, and it is still hard to prevent the infection and recover from it. Recent versions have modified extensions, that are added to the end of affected files, now they are: .vapo. Although, there are decryption tools from Emsisoft available for previous versions, the newest ones are usually non-decryptable. The penetration, infection, and encryption processes remain the same: spam malvertising campaigns, peer-to-peer downloads, user's inattentiveness, and lack of decent protection lead to a severe loss of data after encryption using strong AES-256 algorithms. After finishing its devastating activity Vapo Ransomware leaves the text file – a ransom note, called _readme.txt, from which we can learn, that decryption costs from $490 to $980, and it is impossible without a certain decryption key.

Bestsearch.live is a type of browser hijacker that affects web browsers by altering their settings without the user's consent. It typically targets popular browsers such as Google Chrome, Mozilla Firefox, and Microsoft Edge. Once installed, Bestsearch.live changes the browser's default search engine, homepage, and new tab settings to redirect the user's searches to its own search engine or other unwanted websites. The primary purpose of Bestsearch.live and similar browser hijackers is to generate revenue through advertising and potentially collect user data. By redirecting users to specific search engines or sponsored websites, they aim to increase traffic and promote certain products or services. Additionally, they may employ tracking mechanisms to gather information about users' browsing habits, which can then be used for targeted advertising. In this article we provide detailed instructions to remove Bestsearch.live from browsers and restore browser's settings.

The Hacker Who Has Access To Your Operating System email scam is a type of deceptive communication that can be classified as "sextortion". Cybercriminals send out a large volume of these emails, claiming that they have gained control over the recipient's computer and recorded a compromising video. However, it is crucial to recognize that this is nothing more than a scam, and these emails should be disregarded. In this email scam, the message alleges that the recipient's computer has been infected with a trojan while supposedly visiting an adult website. The criminals further claim that they have utilized the computer's webcam and microphone to record a video of the recipient engaged in explicit activities, as well as stolen their contact information. Following these assertions, the scammers issue a threat and demand a ransom. They threaten to send the recorded video, along with an alleged video that the recipient had watched, to all of their contacts unless a payment of $500 is made. The recipients are given a deadline of 50 hours to pay the ransom, and they are instructed to use Bitcoin cryptocurrency for the transaction.