STOP Ransomware is a prevalent encryption virus and blackmailer, that targets valuable personal files. After infection and data encoding hackers start extorting the ransom. There have been more than 200 versions of the ransomware, each version gets slightly modified to circumvent the protection, but main footprints remain the same. The malware uses AES-256 in CFB mode. Shortly after launch, the STOP family cryptographer executable connects to C&C, retrieves the encryption key and infection ID for the victim's PC. Data is transmitted over simple HTTP in the form of JSON. If C&C is not available (the PC is not connected to the Internet, the server itself is not working), the cryptographer uses the hard-coded key and ID in it and performs offline encryption. In this case, you can decrypt the files without paying a ransom. Variations of STOP Ransomware can be distinguished from each other by ransom notes and extensions it adds to encrypted files. For STOP Ransomware under research today, extensions are: .bboo, .rooe, .repp or .alka. The ransom note file _readme.txt is presented below in the text box and picture.
Package Tracking Pro is a regular browser extension that entrenches deeply into your computer meanwhile changing the style of the homepage and other sides of the interface. As developers say, Package Tracking Pro escalates the uploading speed and refines searching results making up the best efficiency you can possibly get in 2020. But that is obviously all fake news. Under the shroud of transparency hides its actual face which is snatching your browser data like visited pages and browser history. In addition to that, the hijacker modifies the default browser's search and homepage settings to search.searchm3p1.com, search.searchptp1.com or other search domain. All stollen data can then be easily sent to third parties for analyzing your interests. This can eventually lead to some kind of fraudulent scheme like ransom that implies an equal exchange. I have experienced it myself and know what it actually looks like. It is the time when you get lots of threats and unwanted stuff to your address. On top of that, once it gets installed on your PC it blocks off the access to browser settings so you cannot feasibly change them.
xxxVido is an adware-type infection that bombards users' browsers with intrusive advertisements, therefore, spoiling the entire experience. Most users encounter with these kinds of infiltrations inadvertently. Once installed, xxxVido vigorously modifies the browser settings that cannot be rolled back. These changes commonly lead to the endless appearance of malicious ads hovering on any pages you visit. Such ads can potentially contain suspicious redirects to adult-based websites broadcasting pornography content. On top of that, after infecting your system with adware, extortionists can easily track the whole spectrum of information like passwords, geolocations, IP-addresses, browsing history and other sorts that can be traded to third-parties for monetary means.
Download-alert.com is a rogue website that is commonly appeared due to the presence of adware installed on your computer. You can also encounter with such domains as a redirect whilst surfing malicious pages. The website says that your download is ready (on the blue screen) and you should click on the "Allow" button to download the file. However, you should beware allowing push-notifications because it is a social-engineering trick aimed to push multiple on-screen ads right after subscription. These advertisements can, therefore, spread a bunch of dubious redirects that may put your device under risk of infection. Such infiltrations can cause multiple privacy issues because extortionists can secretly gather personal data like passwords, IP-addresses, geolocations in order to sell it to third-parties. Download-alert.com can disturb the user's activity significantly by constantly appearing at the start of the browser and promoting malicious banners along the way.
Fuq.com is a malicious redirect classified as a browser hijacker that aggressively transmits people to adult-based pages. It has been spotted targetting solely Mac users, however, there are various similar pieces that pursue other operating systems either. The very first symptom that may hint on the presence of some Unwanted Application installed on your computer is unexpected browser changes that alter default homepage to http:/www.fuq.com and internal settings as a result. Fuq.com is designed to promote porn content which is a crafty way to tantalize and curb gullible users. However, these redirects lead to tremendous information leaks like passwords, credentials, IP-addresses, geolocations and other data that can be transferred to third-parties for enriching their wallets. These nasty extortionists are capable of tracking down browsing activity, therefore, putting your data under a huge risk.
Myloginhelper.com, developed by Eightpoint Technologies is an intrusive redirect classified as a browser hijacker. It is accompanied by a browser extension called My Login Helper (alternatively My Login Hub). Myloginhelper.com can be caused either by clicking on suspicious advertisements or due to Potentially Unwanted Applications like adware that can be lurking on your system. On the one hand, Myloginhelper.com provides a wide range of helpful features like fast access to mail services and popular websites. However, on the other hand, under the veil of usefulness, Myloginhelper.com can also promote additional add-ons, new tabs and malicious ads alongside browsing. Once installed on your PC, this type of extension will alter browser settings for fraudulent means, therefore, adding a minimalistic homepage and changing the standard search engine to search.hmyloginhelper.com or hp.hmyloginhub.co, that are ostensibly meant to improve browsing. In fact, all of these features are just visual and do not ensure more convenient usability. Instead, they allow extortionists to garner personal data such as passwords, credentials and other browser-related information.