Viruses

Minotaur Ransomware is new type of ransomware, that encrypts user files and demands 0.125 Bitcoins for decryption. All files encrypted by Minotaur receive .Lock extension. According to security specialists, Minotaur Ransomware firstly attacks data on flash drives, and only then switches to local drives. Currently, there is no way to return captured files. If you have backups, you need to remove Minotaur Ransomware from your computer, make sure it is not active and restore from backups. Otherwise, you can make attempt to recover files using instructions below (restore points, previous versions of files, data recovery software). Please, remember, that by paying to racketeers, you put your credentials at risk. Often, after some time antivirus companies or individual enthusiasts break encryption algorithms amd release decryption tools. Of you won't succeed in restoring your files today, preserve important data for possible recovery in future.

In this article we descrbe third generation of STOP Ransomware, previous two versions were described by our team earlier. This variation was actively spreaded in August and September, 2018. Virus already attacked users from 25 countries including Brazil, Chile, Vietnam, USA, United Arab Emirates, Egypt, Algeria, Indonesia, India, Iran, Poland, Belarus, Ukraine. This variation uses uses symmetric and asymmetric cryptography and adds .KEYPASS, .WHY or .SAVEfiles extensions to the files after encryption. Intruders demand $300 ransom for decryption. They offer to decrypt up to 3 random files for free, to prove that decryption is possible. Hackers also warn, that if amount is not paid within 72 hours data restoration will be impossible.

Facebook.com (a.k.a Facebook App or just Facebook) is advertising application for Mac, that opens Facebook.com website on MacOS startup and adds itself to the Dock. At a first sight, it seems harmless, however with this application malefactors can get access to browser data and settings, and use it to display targeted advertising, pop-ups in Safari or Google Chrome. We recommend you to remove Facebook.com virus application from Mac and remove residual data.

Magniber My Decryptor Ransomware is wide-spread crypto-virus, that targets Windows-PCs. Focuses on English and South Korean users. Since June 2018, Magniber attacks have shifted to other countries in the Asia-Pacific region: China, Hong Kong, Taiwan, Singapore, Malaysia, Brunei, Nepal and others. Virus got its name from the combination of the two words Magnitude + Cerber. Here, Magnitude is a collection of exploits, the last for Cerber is the vector of infection. With this threat, the Cerber malware ended its distribution in September 2017. But on the Tor site of the ransomware it is stated: My Decryptor, here is where second part of the name came from. After encryption Magniber My Decryptor Ransomware can add 5-6-7-8 or 9 random letters as file extension. Magniber My Decryptor Ransomware demands 0.2 BitCois for file decryption. Hackers threaten to double the amount in 5 days. Virus can encrypt almost any file on your computer, including MS Office documents, OpenOffice, PDF, text files, databases, photos, music, video, image files, archives.

"YOUR COMPUTER HAS BEEN BLOCKED" is fake pop-ups alert or message, that may appear in Google Chrome, Mozilla Firefox, Edge or Internet Explorer. It is categorized as Tech support scam, as in many cases it compels or provokes users to dial some "toll free" number. Virus can imitate virus infection or Windows error directly in browser. On the other end of the line you will hear an experienced Indian fraudster, who will introduce himeself as "technical support specialist", who will encourage you to pay cetain fee to fix problems with your computer, that did not ever existed. "YOUR COMPUTER HAS BEEN BLOCKED" pop-up has many variations of design, texts and reasons of its appearance can also be different. In some cases, such alerts may offer some rubbish "windows optimization" software for download.

Gamma Ransomware is file-encrypting virus, categorized as ransomware and belonging to Crysis-Dharma-Cezar family. This is one of the most widespread ransomware families. It got its name due to file extension it adds to encrypted files. Virus uses complex extenion that consists of e-mail adress and unique 8-digit identification number (randomly generated). Gamma Ransomware developers demand from 0.05 to 0.5 BTC (BitCoins) for decryption, but offer to decrypt 1 non-archived file for free. The file should be less than 1 Mb. We recommend you to recover 1 random file, as it can help fo possible decoding in future. Keep the pair of encrypted and decrypted samples. Currently, there is no decryption tools available for Gamma Ransomware, however, we recommend you to use instructions and tools below. Often, users remove copies and duplicates of docmunets, photos, videos - infection may not affect deleted files. Some of removed files can be restored by using file recovery software.

Java Ransomware is extremely harmful file-encrypting virus, that belongs to the family of Dharma/Crysis ransomware. It adds .java extension to all encrypted files. Usually, this is complex suffix that contains unique id and e-mail. Java Ransomware uses spam mailing with malicious .docx attachments. Such attachments have malicios macros, that runs when user opens the file. This macros downloads executable from the remote server, that, in its turn, starts encryption process.

Nozelesn Ransomware is new type of ransomware, that uses AES-128 encryption to encode user files. It appends .nozelesn extension to "in cipher" files. According ro researchers Nozelesn Ransomware firstly targeted Poland, but then expanded to other european countries. After successful encryption virus drops HOW_FIX_NOZELESN_FILES.htm file with ransom-demanding message on the desktop and in the folders with affected files. The price for decryption is 0.10 BitCoins, that is currently ~$650. Malefactors promise to send decryption key within 10 days. However, cybercrooks cannot be trusted as, according to our experience, oftne do not hold out promises not to put their encryption algorithm at risk. At the moment of writing this article there is no decryptors released, but we keep abreast of the situation.