Qtipr.com is domain that is used by browser hijackers to override browser settings in Google Chrome, Mozilla Firefox and Internet Explorer. It is almost identical to previously described Fanli90.cn hijacker. The purpose of this computer threat is to display ads, pop-ups and lead users to certain websites, while browsing. Qtipr.com website has yellow header and “Funny collection” name, like all the threats of this type.
Hakunamatata Ransomware is new version of NMoreira Ransomware (NMoreira 2.0). Virus encrypts user files with RSA-2048 and AES-256 encryption algorithms and adds .hakunamatata suffix to affected files. After finishing infection process Hakunamatata creates file “Recovers files yako.html” on the desktop. Hackers offer users to contact them using Bitmessage system and pay the ransom. Amount of ransom is currently unknown, but likely it is somewhere between $300 and $1500. Decryption key is generated during encryption, and currently unknown. Therefore, there is no way to decrypt or restore files unless users has backup.
Spora Ransomware is advanced virus, that encrypts different types of files on Windows machines with RSA cryptography. Possibly, originates in Russia. Spora disables Windows Startup Repair, removes Shadow Volume copies, and modifies BootStatusPolicy, which makes it difficult to restore files using standard methods. In addition, private decryption key is also encrypted with AES cryptography, and currently the only way to return your files is restoring from backup (if you have it). Some of the features of Spora Ransomware are: it can work without internet connection, it doesn’t modify file names or file extensions. Ransom must be paid in BitCoins and estimates between $79 and $280, depending on the options user chooses.
Secure Search Bar is malicious browser extension, that adds search bar to the top of browser windows in Google Chrome, Mozilla Firefox and Internet Explorer. If user tries to type query in search box, it redirects to securesurf.biz, which then leads to plusnetwork.com. It also generates random ads and redirects, when users surf internet. Secure Search Bar mostly comes as add-on, but sometimes it can be malicious program module or shortcut hijack.
Secure-surf.net is browser hijacker presumably originated in Russia. It hits Google Chrome, Mozilla Firefox and Internet Explorer browsers modifying homepage, search and newtab settings. It has minimalistic design, that can resemble Google or Bing search engines. It redirects searches to http://nova.rambler.ru/, which is sub-domain of famous Russian search engine and news portal. Secure-surf.net also infects browser shortcuts on the desktop.