DJVU Ransomware is, in fact, a subtype of notorious STOP Ransomware, that has been active since December, 2017. Virus uses AES-256 (CFB-mode) encryption algorithm. This new version adds .kiratos, .hofos, .roldat or .todarius extensions to encrypted files. STOP Ransomware belongs to family of crypto-viruses, that demand money in exchange for decryption. The good news are, that most of previous versions of STOP Ransomware could be decrypted using special tool called STOPDecrypter (download link below in the article). Kiratos Ransomware and Todarius Ransomware use exactly the same e-mails, ransom note patterns and other parameters: email@example.com and firstname.lastname@example.org. Victims can also contact extortionists using Telegram messenger account: @datarestore.
Search Encrypt or Searchencrypt.com is internet search engine, that, according to its developers, prioritises users’s privacy while web search. Company, that developed this site is based in Limassol, Cyprus. Search Encrypt uses AES-256 encryption to encode search terms, and creates short-living key to encrypt user’s queries. Searchencrypt.com can be used independently, or along with Google Chrome or Mozilla Firefox add-ons called Search Encrypt and Privacy Toolkit. Although, website seems to be legitimate, many users complain, that extensions are installed without their consent. Search Encrypt gets its revenue from ads, and advertising policy, as well as encryption technology are not transparent. These facts give a birth to concerns about its safety and privacy. In this tutorial we show how to completely remove Search Encrypt and restore preferred homepage and search engine settings.
New generation of STOP Ransomware (DJVU Ransomware) started to add .norvas, .hrosas, .moresa or .verasto extensions to encrypted files since April, 17th. We remind you, that STOP Ransomware belongs to family of crypto-viruses, that extort money in exchange for data decryption. Last examples of STOP Ransomware are sometimes categorised as DJVU Ransomware, as they use identical template of ransom notes since the beginning of 2019, when .djvu extensions were appended. Norvas Ransomware uses new email addresses, that were never used before: email@example.com and firstname.lastname@example.org. In this version, victims can also contact extortionists via Telegram account: @datarestore. The decryption of files encrypted by STOP Ransomware still costs $980 (or $490 if ransom is paid within 72 hours). Our team does not recommend you paying the ransom. There are frequent cases when, hackers don’t reply after receiving the payment. Most of recent versions of STOP (DJVU) Ransomware were successfully decrypted by security specialists and enthusiasts. Below in the article, you can find download button for STOPDecrypter, decryption utility, that is constantly updated by developers. It is able to decrypt .norvas, .hrosas, .moresa or .verasto files for free or will be able to recover them in a few days or weeks.
MacSecurityPlus is advertising virus, that hits Mac systems. It aims Safari, Google Chrome or Mozilla Firefox browsers and wants to control these apps to display ads, pop-ups and get access to private user’s data. MacSecurityPlus does not have any interface, but its activity can be spotted in Activity Monitor. It also generates fake system alerts and causes legal system messages to force users to grant access to browsers for MacSecurityPlus. As a result of virus activity, users may experience unstable browsers operation, modification of browser settings, such as default search engine and homepage, and annoying, unusual advertising. In addition to that, MacSecurityPlus access to browsing data (history, cookies, caches, bookmarks), opens gate to affected computer for advertisers of all kinds.
Search.yourmapsnow.com or Your Maps Now is misleading browser hijacker, that replaces default search engine and homepage in Safari, Google Chrome or Mozilla Firefox on Windows or Mac. Often, it is accompanied with browser extension or application called “Your Maps Now”. This add-on sneaks in browsers and takes control over main browser settings. Of course, it installs without user permission using the deceptive tactic. After installation, user search queries are redirected to query.yourmapsnow.com and then to search.yahoo.com. This allows the hijacker to collect private browser data and share it with advertising companies. The homepage also changes to Search.yourmapsnow.com and, besides search, provides quick links to main map resources such as Google Maps and Bing Maps. Page looks similar to normal search engine page, and some users don’t even see the difference until they start searching for something.