Viruses

ChinaHelper is a ransomware virus designed to encrypt personal data and blackmail victims into paying the ransom. While restricting access to data with the help of AES-256 and RSA-2048 algorithms, the virus assigns the .cnh extension so that a file like 1.pdf turns into 1.pdf.cnh, for instance. The next thing ChinaHelper does is creating a text note called README.txt. There is also another variant spotted in a later distribution, which assigned .cnhelp or .charm extension to files and created the HOW_TO_RETURN_FILES.txt file instead.

Bom is the name of a ransomware infection. Malware within this category encrypts system-stored data and demands victims to pay money for its return. This ransomware variant is also a by-product of the VoidCrypt family. During encryption, the virus renames all targeted files according to this example - 1.png.[tormented.soul@tuta.io][MJ-KB3756421908].bom. Your renamed files may slightly vary (e.g., different string of characters), but the basis will remain the same. After successfully restricting access to data, the ransomware creates a text note called Scratch - to provide decryption guidelines.

DASHA Ransomware is a new variant of Eternity Ransomware. This malware is designed to encrypt system-stored data and demand money for its decryption. While restricting access to files (e.g., photos, videos, documents, databases, etc.), the virus alters file appearance with the .ecrp extension. For instance, a file previously named 1.pdf will therefore change to 1.pdf.ecrp and become no longer accessible. Once this process gets to a close and all targeted files are eventually renamed, DASHA replaces the desktop wallpapers and displays a pop-up window with ransom instructions.

You may experience Your computer is low on memory message on 2 different occasions. Number one is a legitimate alert presented by the Mac system when you are running out of RAM. The system will, therefore, ask you to close some apps to free up space. This is quite common, especially if you have lots of programs working in the background that upload the PC. Sometimes malware can secretly gobble up memory resources and result in significant productivity loss. The second reason is that your PC was infected with adware or browser hijackers that modified your browser settings. In this case, "Your computer is low on memory" popup is fabricated and forces users into clicking on the "Close" button. Whilst it may seem innocent, frauds usually hide invisible buttons that can initiate multiple other processes that allow extortionists to take control over your browser. On top of that, browser hijackers tend to alter your homepage and replace the default search engine. This is made to push irritating ads, banners, and coupons along browsing to damage your Mac with other infections. In this article, we have presented a list of solutions for both malware and memory issues.

Loki Locker is the name of a ransomware virus designed to extort money from victims by running strong encryption of data. It uses a combination of AES-256 and RSA-2048 algorithms and also alters the names of encrypted data according to this template - [][]original_file.Loki. For instance, a file previously named 1.pdf will change to [DecNow@TutaMail.Com][C279F237]1.pdf.Loki and become no longer accessible. It is worth noting that there are also some newer versions of Loki Locker, which rename data with .Rainman, .Adair, .Boresh, .PayForKey, or .Spyro extensions. Following the successful blockade of files, the virus creates two files (Restore-My-Files.txt and info.hta) with similar ransom-demanding instructions. In addition, Loki Locker also replaces the desktop wallpapers to display brief steps on what should be done.

Being a new variant of PGPCoder Ransomware, LOL! is also designed to encrypt system-stored data with the help of asymmetric RSA and AES algorithms. Such algorithms are oftentimes strong making manual decryption next to impossible, however, this is yet to be discussed in detail further below. During encryption, the virus also appends its .LOL! extension to each file affected. For an instance, if it was 1.pdf attacked by the encryptor, it would change to 1.pdf.LOL! and become no longer usable. As soon as all targeted files end up access-restricted, the virus drops the get data.txt file to each folder containing encrypted data (including desktop). This file is meant to explain what happened and most importantly instruct victims through the recovery process.

IceFire is the name of a computer infection classified as ransomware. Cybercriminals behind it target data encryption of business users and then extort money (in Monero cryptocurrency) for file decryption. While analyzing technical reports of the virus, we saw it using a combination of cryptographic AES + RSA algorithms to encipher important pieces of data. Just like other infections of such, IceFire Ransomware uses its own extension - .iFire to highlight the restricted data. To illustrate, a file previously titled 1.pdf will change to 1.pdf.iFire and become no longer accessible. Following successful encryption, cybercriminals lay out instructions on what recovery steps should be taken within the iFire-readme.txt note.

Venus is a ransomware-type virus that was recently discovered by a malware researcher called S!Ri. Its main function is file encryption and also the extortion of money for decryption from victims. While enciphering data with cryptographic algorithms, all the affected files get changed with the .venus extension. To illustrate, if 1.pdf ends up affected by the infection, it will become 1.pdf.venus also and reset its original icon. After this, victims get to familiarize themselves with decryption instructions inside of the README.txt note. Desktop wallpapers get replaced as well.