BugsFighter

BitPyLock was discovered by MalwareHunterTeam and therefore categorized as ransomware. The penetration of this kind of malware leads to instant encryption to all of the files stored on your computer. BitPyLock primarily attacks photos, videos, databases and office projects which appear to be most valuable for regular users. The program uses strong military-grade encryption algorithm, RSA-4096 to be exact, thereafter changing each file extension to .bitpy. For example, 1.mp4 will be transformed into 1.mp4.bitpy which makes it impossible to open any of those. There are also other forms of this ransomware that exploit data with .domain_name or .andradegalvao extensions. BitPyLock Ransomware makes everything possible to restrict you from manual recovery by deleting backup files from the system as well. By the end of encryption, it creates an HTML note with ransom payment details.

We have already deconstructed lots of ransomware like Ouroboros, Ako, NEMTY, and others. Today, we are topping up our list with MedusaLocker Ransomware. This dreadful software is known to be encrypting the files of innocent users, therefore, making them unretrievable until a ransom is paid. Virus got its name because of the name of the project file, that says: MedusaLocker.pdb. Also, the "Medusa" section is created in the registry. Once installed on a computer, it rapidly blocks off the access to your data by assigning a unique .encrypted or .readtheinstructions or .readinstructions extensions to each file. This way, 1.jpg changes itself to 1.jpg.readtheinstructions. Unfortunately, any manipulations are useless because of the strong cipher that is hard to break manually. When encrypting files, AES encryption will be used to encrypt each file, and then the AES key will be encrypted with the RSA-2048 public key included in the Ransomware executable. Depending on ransomware edition, extensions may also look like .bomber, .boroff, .breakingbad, .locker16, .newlock, .nlocker, and .skynet as well. After successful encryption of data, extortionists add an HTML or text file, called ransom note, that contains the necessary information on how to recover your data.

MacReviver is a disputable optimizing and cleaning tool designed for Mac operating systems. It usually comes along with costless programs that include corporate setup procedure. MacReviver is considered as another sneaky adware bundled to them and installed on your computer without a ring. In most cases, users have no idea how this program crouched into their systems. Some of them do not even realize how negative it can affect their PCs thinking that it helps their pc employing by means of cleanup and optimization. Woefully, it does not properly implement its initial purpose because it mainly focuses on baiting users to pay for the full and extended versions that will give allegedly more accurate clean-up and malware elimination. If you really care about making your pc work faster and stay clear, then install the popular and reliable program called Spyhunter for Mac. It is also necessary to point out that MacReviver is an ad-supported program that gobbles up optional system resources to display unwanted ads and force you into clicking on them as a result.

Web Bar is a tricky mixture of both adware and toolbar that is capable of collecting personal data and promoting additional malware infections. Designed by Web Bar Media, it is a legitimately-looking application that is meant to aid instant access to browsers from the desktop, improve searching results and, most importantly, automatically eliminate clutter (cash & other unnecessary data) that will boost up the browsing experience. However, as mentioned above, Web Bar is an adware-type application that broadcasts deceptive advertisements appearing in the right corner of the screen and intentionally forcing users into clicking on them. This action, therefore, may cause redirects to suspicious websites that can spread malicious content. Besides that, it alters browser interface ostensibly providing more convenient homepage and enhanced searching algorithms. Although, a recent investigation showed that Web Bar is able to gather personal data like passwords, browsing history and other user-based information that can be ultimately transferred to third-parties for revenue goals.

Searchpowerapp.com redirects are caused by a deceptive browser hijacker called Power App or Flash App + that might be sneaking on your computer. According to its name, it is meant to provide powerful searching tools that will show more accurate results based on users' surfing habits. Searchpowerapp.com mainly targets the Google Chrome browser which has the biggest user database. Once installed, it instantly changes your homepage address to https:/searchpowerapp.com/ that relocates search queries to the Yahoo search engine. This is one downside that reveals its foolish behavior and has to bail you out already. Moreover, it violates surfing experience by altering browser settings and showing random ads from different resources that can contain redirects to adult websites, free-hosting domains, and other unwanted types. Such manipulations may, therefore, lead to severe data loss like passwords and other sensitive information. In addition, if you open a description of the extension, you will find: This extension configures your Default Search to Power App (searchpowerapp.com)" message.

GarrantyDecrypt has taken cemented position around the ransomware category and already deprived a fair amount of nerves and money of its victims. Like other ransomware, it infiltrates your computer by running encryption scripts that scan your device and therefore assign unbreakable cipher to each file. The first versions of this malware used .garrantydecrypt, .decryptgarranty, .protected, .NOSTRO, .odin, .cosanostra, .cammora, .metan, .spyhunter, .tater, .zorin extensions. However, encryption virus gets constantly modified and suffixes are changed too. Most recent extensions used by GarrantyDecrypt Ransomware are: .bigbosshorse, .heronpiston or .horsedeal. To illustrate, after encryption, 1.mp4 will be changed to 1.mp4.bigbosshorse or other abovementioned extensions. Unfortunately, any manual attempts to unlock the data are desperate. Once the encryption is finished, you will be presented with a ransom note created on desktop notifying that your data has been blocked.

The odds of getting hacked are progressively escalating each day because of the wide distribution of malware and other social engineering tricks. NEMTY Ransomware is not an exception either, that was originally revealed in 2019 and revived with a new force with NEMTY 2.5 REVENGE Ransomware in 2020. Like other types of ransomware, it is meant to encrypt files stored on the user's PCs by using the AES-256 encryption algorithm. However, the algorithm is used with a mistake and looks more like AES-128/192. It appends unbreakable code that restricts access to data like .docx, .xlsx, .pptx, .mp3, .mp4, .png and other types of files. Once it has encrypted your data, the virus, therefore, alters the extension name to .NEMTY. The most recent varieties use the complex extension .NEMTY_XXXXXXX, where XXXXXXX is a random 7-digit alphanumerical sequence. After the encryption process is finished NEMTY leaves a note on desktop notifying that your data was encrypted and the only way you to recover it is by paying a ransom (approximately 1000$).

Search.gratziany.com is a fake search engine, controlled by malicious Gratziany extension, that Mac users should be worried about. Likewise other shady extensions it is classified as a potentially unwanted application (PUA). Once installed on your computer, it alters the homepage domain to search.gratziany.com, therefore, changing the browser interface. Searching queries are displayed by the Yahoo engine which means that search.gratziany.com search engine is only a cover of fraudulent activity. Unfortunately, search.gratziany.com does not bring any benefit, on the contrary, it is capable of tracking your browser activity that means gathering a bunch of personal data like Passwords, Searching history and other types of information that can make up a big value for extortionists. In addition, search.gratziany.com is known to be disturbing browsing by spreading deceptive ads that are displayed across pages you visit.