BugsFighter

Scarab-Danger is a ransomware-type virus that encrypts data and extorts money from its victims. After penetration, it assigns a new .danger extension to each file that was encrypted. As an example, the original 1.mp4 will be changed to 1.mp4.danger. Besides that, Scarab-Danger always updates adding new extensions like .inchin, .btchelp@xmpp.jp, .fastrecovery@xmppp, .fastrecovery@xmpp.jp, .online24files@airmail.cc and many others. Basically, it does not matter which one replaced your file since all of them are for the same purpose. After the virus successfully locks your data, it drops a text file with ransom information. In most cases it is called HOW TO RECOVER ENCRYPTED FILES.TXT.

Besides targetting regular users, Kazkavkovkiz a.k.a. NetWalker a.k.a Mailto also draws its strands towards business figures. Like other ransomware, it encrypts data by assigning a unique extension and dropping a text file as a result. However, instead of using one common extension, it generates various versions according to these patterns - .mailto[kkeessnnkkaa@cock.li].{random-alphanumerical-sequence}, .mailto[sevenoneone@cock.li].{random-alphanumerical-sequence} or .mailto[kazkavkovkiz@cock.li].{random-alphanumerical-sequence}. For example, the non-affected 1.mp4 will migrate to .mailto[kazkavkovkiz@cock.li].14b1 or similarly. In the note, victims are told that their files got heavily encrypted and require a fast decision, otherwise, they will disappear forever. Malefactores have used following naming pattern for ransom note from the beginning {random id}-Readme.txt.

At some point, you may be wondering why your browser is constantly redirecting your homepage to search.optimum.icu. Unfortunately, this is because your system is infected with a browser hijacker (OptimumSearch extension), that altered some settings. Often, such applications are meant to bring ostensibly good value. They assign new search engines and add a couple of features that smoothen the browsing experience. OptimumSearch is not an exception, however, its activity seems to be very suspicious and useless. It does not generate any unique results, instead, it just copies them from legitimate pages like Yahoo, Google, or Bang. Furthermore, the main target of such programs is collecting sensitive data for revenue purposes. The recorded intel is therefore shared with cybercriminals that put your identity under a threat.

Browser hijackers have been one of the most prevalent methods for generating money and Select-search.net is not an exception. Unfortunately, most users remain unaware that potentially unwanted programs can lead to various privacy issues. Luckily, it is easy to detect the activity of Select-search.net. After installation, it changes your address bar and search engine to select-search.net which ostensibly improves the browsing experience. Instead, they generate fake advertisements and display results from legitimate Google search engine.

If you spotted that your browser has changed its search engine and the whole homepage to Searchactiv.com, then your PC is infected with a browser hijacker. Browser hijackers are a type of malware, that sneaks into the systems without the user's consent. After doing so, they modify browser settings and apply a couple of changes. Searchactiv.com assigns a new search engine that allegedly improves browsing. Instead, it displays malicious ads and other banners that can endanger your device. Furthermore, potentially unwanted programs expose browser-related data for cybercriminals. Thereby, such information like passwords, IP-addresses, and geolocations can be misused by third-parties for revenue purposes.

LockBit is a ransomware-type threat that attacks user's data with encryption algorithms and holds it locked until those pay a ransom. To do so, it retitles files with the .lockbit, .lock2bits or .abcd extensions. When finished, the malicious program will generate a text file named Restore-My-Files.txt. This file is saturated with the necessary steps that victims have to do in order to decrypt their data. Firstly, you have to contact cyber criminals via their e-mail, then they will instruct you on how to pay for the decryption software. Besides that, you are allowed to send them any blocked file (not more than 1 MB) so that they could show that they can be trusted. Despite this, it is not recommended to purchase something from extortionists since there have been multiple times when those did not keep their promises and fooled gullible users.

If you are constantly being redirected to Search-aholic.com, then your browser is being controlled by a browser hijacker. Programs of this type are ostensibly meant to provide better search queries based on innovative algorithms delivered by its developers. In fact, it looks a bit awkward when a shady organization claims its software to outrace Google or other world-class companies. The research throws away all doubts and proves that Search-aholic.com indeed gathers personal data and simply shows queries from legitimate engines like Google or Yahoo. With the help of SearchAholic browser extension, the hijacker controls the settings in Google Chrome, Mozilla Firefox, and Safari.

Like Select-search.com and other clones, Search-space.net is a suspicious redirect forced by browser extension or hijacker that is installed on your PC. These apps are supposed to improve browsing, however, the affected changes allow its creators to collect personal data (e.g. passwords, geolocations, IP-addresses, etc.) and share it with cybercriminals for making a profit. These changes include a new search engine (search-space.net), customizable interface, and other insignificant features. Search-space.net generates no unique results, instead, it simply replicates them from legitimate platforms like Google.