BugsFighter

If you spotted that your browser settings have been changed, then it is because a browser hijacker is installed on your computer. After infiltration, this specific virus alters your homepage to Securedsearch.org which will be seen each time you boot a browser. Unfortunately, any attempts to restore the settings are useless since Secured Search immediately changes them back. Browser hijackers are supposedly meant to improve the browsing experience by adding various features. For example, Secured Search extension assigns a new securedsearch.org search engine that ostensibly generates more accurate and sorted results. However, after entering a query, you will be redirected to legitimate Yahoo.com. Not only browser hijackers can bother your browsing by showing intrusive ads, banners, and links without your consent, but they are also capable of gathering personal data (passwords, IP-addresses, geolocations, history, etc.) that can be sold to third-parties. Securedsearch.org is fake and brings no promised value, therefore, it needs to be removed from your PC to secure your data.

PwndLocker Ransomware is a file-encrypting virus created for targeting business networks and local governments. However, regular users can also become a victim of cybercriminals. After penetration, PwndLocker damages settings of multiple Windows Services and encrypts both internal and network data by changing extensions and creating a ransom note. The number of assigned extensions may vary depending on file formats. The virus uses .ProLock, .pwnd or .key extensions, however, it does not make any sense which one altered your files because they implement the same function. For example, in some cases, the original 1.mp4 will be transformed into 1.mp4.ProLock. In other scenarios, the affected data can experience ".pwnd" or ".key" extensions. The ransom note (H0w_T0_Rec0very_Files.txt), that is therefore dropped on the desktop, suggests that your network has been penetrated and encrypted with strong algorithms.

Phobos is a fraudulent organization, that has made a strong statement in the ransomware world. Since 2017, it has piled its collection up to numerous different variations, recent ones include Eight Ransomware, Eject Ransomware, Eking Ransomware, and Iso Ransomware. Like in other ransomware, its developers decided to use a more traditional process of encryption. It scans your system for various file formats like MS Office documents, OpenOffice, PDF, text files, databases, images, videos, and others. Once done, it gets set up for the encryption according to this formula 1.mp4.[ID-random-user-id-number].[cybercriminals-e-mail].{extension}. Depending on which version attacked your computer, extensions may vary between .eight, .eject, .eking, or .iso. Here are some samples of infected files: 1.mp4.id[XXXXXXXX-2776].[use_harrd@protonmail.com].eight; 1.jpg.id[XXXXXXXX-2833].[cynthia-it@protonmail.com].eject; 1.doc.id[XXXXXXXX-2275].[decphob@tuta.io].eking;1.jpg.id[XXXXXXXX-2589].[backup.iso@aol.com].iso. After the encryption completes, users are presented with a text file (info.txt or info.hta) that explains how to decrypt your data.

Major is a file-encryption virus classified as ransomware. Once installed, it encrypts the entirety of files stored on the system that remain unlocked until a ransom is paid. The recent version of the virulent program appends brand new .Air extension to each file that consists of a unique ID number and e-mail address of intruders at the end. After encryption, the inflicted file would like like this: 1.mp4.33868453691972502380.ex_parvis@aol.com.AIR. Previously, the ransomware used: .onix, .cube, .mars, .orion and .legacy extensions with similar naming pattern. After the process is finished, the program will, therefore, create an HTML or text file (READ_ME.txt, TRY_TO_READ.html) and change the wallpaper of the desktop.

Referring to the name, PC Win Booster is a system optimization tool that allegedly keeps your system safe and clear. Unfortunately, this name is dubious and cannot be considered literal. Developers claim that their software is capable of eliminating viruses and cleaning data leftovers to free your disk storage. Instead, it shows a randomly generated list of junk and malware that urgently needs to removed from your system. In fact, your PC may be absolutely virus-free and does not require any additional maintenance. Alas, the trial version cannot rectify detected threats and therefore asks users to purchase the paid edition that will ostensibly delete all of these intimidating items. As mentioned above, the list of threats is more likely to be fabricated meaning that after buying the full version it will just clear the previously created list.

DeathHiddenTear Ransomware is a file-encryption virus discovered by Michael Gillespie. Being classified as ransomware, it ciphers the entire data (e.g. images, videos, text files, etc.) that is stored on PC or other external devices like flashcards connected to your computer. Ransomware is designed to demand a ransom that needs to be paid to retrieve your files. Alike other ransomware, DeathHiddenTear assigns .encryptedS (for small files) and .encryptedL (to big files) extensions. Most recent variations utilize .enc suffix. To illustrate, after encryption, 1.mp4 will be transformed into 1.mp4.encryptedS and restricts you from opening these files. After that, the program will drop a text file (Decrypt Instructions.txt) onto your desktop which contains the information about the locked data.

Scarab-Danger is a ransomware-type virus that encrypts data and extorts money from its victims. After penetration, it assigns a new .danger extension to each file that was encrypted. As an example, the original 1.mp4 will be changed to 1.mp4.danger. Besides that, Scarab-Danger always updates adding new extensions like .inchin, .btchelp@xmpp.jp, .fastrecovery@xmppp, .fastrecovery@xmpp.jp, .online24files@airmail.cc and many others. Basically, it does not matter which one replaced your file since all of them are for the same purpose. After the virus successfully locks your data, it drops a text file with ransom information. In most cases it is called HOW TO RECOVER ENCRYPTED FILES.TXT.

Besides targetting regular users, Kazkavkovkiz a.k.a. NetWalker a.k.a Mailto also draws its strands towards business figures. Like other ransomware, it encrypts data by assigning a unique extension and dropping a text file as a result. However, instead of using one common extension, it generates various versions according to these patterns - .mailto[kkeessnnkkaa@cock.li].{random-alphanumerical-sequence}, .mailto[sevenoneone@cock.li].{random-alphanumerical-sequence} or .mailto[kazkavkovkiz@cock.li].{random-alphanumerical-sequence}. For example, the non-affected 1.mp4 will migrate to .mailto[kazkavkovkiz@cock.li].14b1 or similarly. In the note, victims are told that their files got heavily encrypted and require a fast decision, otherwise, they will disappear forever. Malefactores have used following naming pattern for ransom note from the beginning {random id}-Readme.txt.