BugsFighter

Vash-Sorena is a ransomware virus that encrypts files and demands to pay a fee to decrypt it. Some rumors say that it is another version developed by Dharma(CrySiS) or Banks1 family. Likewise, Vash-Sorena encrypts files according to this pattern -.[].crypto which has not been that popular around extortionists. Here is an example of compromised files reported by one of the victims - eula.1041.txt.Id-JGPXXOBN.[yourfile2020@protonmail.com].crypto. ID numbers with random hexadecimal characters are used presumably to highlight the relevance and identify victims. After successful encryption, the virus creates a text file called How_To_Decrypt_Files.txt. In this note, users are said that none of the tools can decrypt Vash-Sorena since it uses military-grade algorithms (AES and RSA 256). However, one of the victims managed to decrypt them via Kaspersky RannohDecryptor only losing file names. But, as it turned out later, you can decrypt only small files (PDFs, documents, images, etc.). Not excluded that further updates of Vash-Sorena will rectify that flaw soon. For now, there is no need in contacting them via e-mail or Telegram channel to buy their software unless you need to decrypt bigger data and do not have any backup of it. Either way, you can find all instructions and tips upon decryption in the article below.

Snatch is another malicious piece discovered by Michael Gillespie and categorized as ransomware. This virus snatches your data by encrypting it with cryptographic algorithms. Once your files get locked, you will see a new extension appended to it right away (.snatch, .wbqczq, .gdjlosvtnib, .FileSlack). For instance, normal 1.mp4 will be changed to 1.mp4.FileSlack or similarly. As usual, after the encryption process is completed, the ransomware drops a text file called Readme_Restore_Files.txt (in recent cases HOW TO RESTORE YOUR FILES.TXT). In this document, ransomware developers provide brief instructions on how to salvage your data. For this, you should contact them via attached e-mail to get further commands. Unfortunately, because Snatch Ransomware always updates and improves its algorithms, there is no free tool that can decrypt files ciphered by Snatch. Even if you venture to pay for software offered by cybercriminals, there is a high risk that you will be dumbed and hijacked. The only workable way to get your files back is delete Snatch Ransomware and copy your files back from external backups.

There have been lots of fake push notifications pop-ups deconstructed in our blog so far. Captcha.info is not an exception either proving that there is a countless amount of such tools around the web that you should know how to pass over. Captcha.info itself is a social engineering trick that stands for push notification pop-ups. In fact, push notifications is a wonderfull tool supposed to notify users about the latest updates on Blogs and other informative resources. Although, some gurus of the internet can make a reverse effect out of it by camouflaging malicious content under it. These kinds of advertisements generated by Captcha.info provide lots of malicious links and resources that can infect your computer and result in the inevitable leak of personal data, files and other sorts of information contained on your computer.

Amazon Assistant is a legitimate browser extension that helps you in shopping on Amazon. Its algorithms provide best-selling offers, comparison of prices, and other features to find the most lucrative deals. Unfortunately, the story ends once Amazon Assistant starts causing additional problems. Users report that enabled Amazon assistant leads to an increased number of ads and banners overlaying pages. Plus, due to the high consumption of resources, this add-on may slow down the performance of browsers and lead to sudden crashes or freezes. Amongst browsers supported by Amazon Assistant are Chrome, Mozilla Firefox, Edge, and others. It starts each time at system bootup running in Task Manager. Any manual attempts to delete the program end up in its eventual reinstallation. Finally, because Amazon Assistant has data-tracking capabilities, your personal data can be gathered and spread around dark figures for revenue purposes.

WinOptimizer is a dubious utility that carries out performance optimizations. It has a user-friendly interface accompanied by a set of effective tools to clean up your system. WinOptimizer claims that it can empty your system from irrelevant rubbish and other entries that overload your PC. Unfortunately, as Malwarebytes researchers determined, WinOptimizer creates a fake list of positives to allure users into buying extended versions of their software. By doing so, you will maintain your PC clean and stable. Note that WinOptimizer is not a virus, it is just one of the potentially unwanted programs that earn money on gullible people. Besides that, WinOptimizer supports web push notifications so that you could be informed about the latest news and products.

Crypren Ransomware is a type of malware that compromises your data by running encryption with the .ENCRYPTED extension. For instance, 1.mp4 or other regular files will be changed to 1.mp4.ENCRYPTED or similarly. Usually, due to asymmetric algorithms that are applied during encryption, the inflicted data becomes almost impossible to unlock. However, thanks to a security researcher named pekeinfo, there is no need in paying for decryption software. Besides that, we should point out that after the malware has finished the first step, it drops the READ_THIS_TO_DECRYPT.html file in each folder containing affected files. In this note, swindlers inform users about paid decryption service that requires buying a private key. Also, you are given 1 week to contact cybercriminals before your unique key will be destroyed. This key costs precisely 0.1 BTC (approximately 900 dollars). Luckily, you can download and use the decryption tool developed by pekeinfo in the article below. It turned out that Crypren Ransomware had a serious crack - they stored their keys locally.

Determined by Michael Gillespie (ransomware researcher), Mr.Dec Ransomware is a file-encrypting virus that makes money on desperate users who have their data locked. This virus exploits randomly-generated extension according to this pattern: [ID]victim's_ID[ID]. Extensions are meant to highlight encrypted files from normal ones. All files stored on your system including photos, videos, text documents, and other regular information, will be changed to 1.jpg[ID]gh839ag14hiol4ag[ID], for example. This makes your data impossible to open because of the generated gateway. After this, the ransomware drops a ransom note in the form of an HTML file (Decoding help.hta). In this message, you can see that extortionists prompt you to make a fast-pace decision on purchasing the decryption key. Otherwise, it will be destroyed and you will not be able to decrypt your data once the countdown is finished. To decode the compromised files, you should contact them via e-mail attached on top of the note. Most cybercriminals actively use cunning techniques to prompt users on buying the key by allowing them to send a couple of files for free decryption. Although it may seem like truth, you should never follow criminals' instructions unless you want to empty your pocket.

Developed by British company, SkyScanner is a legitimate application designed for Mac that analyzes flights, hotels and car hire databases to offer the cheapest and best deals from providers. Likewise other similar platforms, SkyScanner is very useful since it saves tons of time on searching for the tickets and combines them into a single application. However, SkyScanner is commonly distributed via malicious repacks that contain other potentially unwanted programs. Extortionists abuse its legitimacy to infect users with additional software like adware or browser hijackers without permission. This is why you should download SkyScanner and other legitimate software solely from official providers, especially if it is totally free. Unwanted applications can endanger your privacy and eat a lot of resources that slow down your PC. They are known to be altering browser settings in order to generate malicious redirects, ads, banners, fake pop-ups, and others. If clicked, all of this content can cause various infections like trojans, adware, browser hijackers and ransomware (which is the most dangerous) since it irreparably encrypts user's data.