BugsFighter

New instances of STOP Ransomware (DjVu Ransomware) continue to damage users files all over the world. STOP/Djvu Ransomware is a specific type of ransomware that has been active since 2017. It is a type of file-encrypting malware that encrypts victims' files and demands payment in exchange for the decryption key. This crypto-virus uses a complex AES encryption algorithm to block users' access to their data and extort a ransom of $490 or $980. One of the new variations of extension, that appeared in October 2022, is: .cosw. Corresponding ransomware got the name Cosw Ransomware. The virus adds such suffixes to the end of encrypted files. If your files got such an ending and are not accessible, it means your PC is infected with STOP Ransomware. Malware developers slightly modify the virus technically.

Luckypuppy.xyz is a malicious website that can cause pop-ups, ads, and notifications to appear on your computer or mobile device. Users can get infected, while visiting adult, betting websites, or sites with pirated content and torrents. Such types of websites often distributes adware, that can affect Google Chrome, Mozilla Firefox, Safari, or Edge. In most cases, the reason of Luckypuppy.xyz is just small record in browsers settings, that allows the website to display push-notifications. This record appears, when victims allow it on purpose or occasionally, while browsing the web. Landing pages of Luckypuppy.xyz provoke allowing notifications by showing delusive inscriptions, that users can benefit from it. It can be difficult to stop these intrusive notifications, but there are steps you can take to get rid of Luckypuppy.xyz from your device. This article will provide you with information on how to effectively remove the Luckypuppy.xyz virus from your computer or mobile device and prevent it from coming back in the future.

Torrent Extension is categorized as an adware extension. Upon installation, it injects unwanted changes to settings in order to promote different kinds of intrusive content (in form of ads, pop-ups, banners, coupons, overlay buttons, hyperlinks, etc.) This adware uses virtual layers to display its advertising content over any visited page, including completely legitimate ones. Clicking on such content promoted by Torrent Extension should be avoided as it may lead to various unwanted or malicious pages (e.g., online scams, deceptive pages, websites promoting unwanted software, adult pages, casinos/gambling sites, and so forth). While opening various pages, users may also see that Torrent Extension loads the apiscr.com address in the bottom left corner ("waiting for apiscr.com").

Seeing search.safestwaytosearch.com instead of the default homepage/search engine might be a sign that you are affected by a browser-hijacking app called Safest Way To Search. Such software is not technically malware, however, it does promote unwanted changes that may lead to various privacy threats and malicious infections in the future. For instance, despite the visually innocent and even helpful look of search.safestwaytosearch.com (weather forecasts, latest news, etc.), the browser hijacker may show dubious ads, cause redirects to suspicious pages, and generate untrustworthy results.

Goba Ransomware, which is actually next generation of STOP Ransomware appeared in the beginning of March 2023. This virus encrypts users' essential files, such as documents, photos, databases, music with AES encryption and adds .goba extensions to affected files. This ransomware is almost identical to numerous previous versions of the malware, that we described earlier, and belongs to the same authors, and uses the same e-mail addresses (support@freshmail.top and datarestorehelp@airmail.cc) and the same Bitcoin wallets. Full decryption is almost impossible, however, partially your data can be restored using instructions in this article. After the virus finishes, it creates _readme.txt file with the ransom note on the desktop and in the folders with affected files.

If your files have been suddenly altered with the .wannasmile extension (for example, 1.pdf.wannasmile) and you are now shown a ransom-demanding message in the pop-up window, then you are likely dealing with WannaSmile Ransomware. Although there is not enough justification for this, WannaSmile could be a new version of another identically named ransomware from 2017 (by Iranian developers), which assigned the .WSmile extension. In general, such malware is typically designed to render data inaccessible (by running encryption) and then extort money from victims for its decryption.

"Someone Matched With You On Tinder!" is likely a fake e-mail notification that is not related to Tinder. Although Tinder does send similar or even identical notifications to users, the one you received may be distributed by scammers. The purpose of this and other similar scam e-mail campaigns is to trick users into clicking on buttons or hyperlinks. One of the messages that got under the microscope of our team was encouraging users to click on the "FIND OUT WHO" button to see who is ostensibly a user's match. The website that this button led to asks users to pass a short questionnaire in order to reveal a list of neighboring women who "want to have sex" with the recipient.

Developed by the Djvu family, Goaq Ransomware is a malicious program that runs extensive encryption of personal data. It uses popular, yet strong algorithms to put the stored files under severe lock. This, therefore, prevents users from succeeding in manual decryption. Knowing that users will not be able to recover files on their own, cybercriminals offer to decrypt data using their tools for a certain amount of money. The details that are presented inside a text note called _readme.txt, which is created after Goaq assigns new extensions to data. Specifically, it adds the .goaq extension so that encrypted files would look something like this 1.pdf.goaq. As soon as such changes are done, users will be no longer eligible to access their data.