Viruses

Rs-jon is a ransomware infection that encrypts system-stored data and demands victims to pay 50$ for its decryption. While restricting access to files, it assigns the .rsjon extension. For instance, a file previously named 1.pdf will change to 1.pdf.rsjon and reset its original icon. Following successful file encryption, the virus changes desktop wallpapers and instructs victims to follow instructions inside of the READ_ME_PLZ.txt note.

Lumino_Ransom is a ransomware infection designed to encrypt access to data. During encryption, it appends the .lumino_locked extension to all blocked data. For instance, a file previously named 1.pdf will change to 1.pdf.lumino_locked and become no longer accessible. In addition, the researched variant of Lumino_Ransom Ransomware also created four hundred completely empty files on the desktop (named from Lumine1 to Lumine400 in sequential order). Immediately after successful encryption, the ransomware displayed an untitled note with gradually appearing instructions (both in English and French).

Based on another ransomware called Jigsaw, Roblox Ransomware is a malicious program that functions as a file encryptor. In other words, it runs encryption of system-stored data and encourages victims to perform some actions. Note that this virus has nothing to do with the official Roblox online video game, despite having references to it. While encryption is underway, the file encryptor assigns the .Encrypted_Roblox@mail.com extension, which makes files no longer accessible. Another ransomware variant was also spotted appending the .fun_VB extension instead. For instance, a file previously named 1.pdf will change to 1.pdf.Encrypted_Roblox@mail.com or 1.pdf.fun_VB and reset its original icon. After successfully restricting access to data, Roblox Ransomware displays an executable pop-up window (Jigsaw.exe) with decryption instructions.

CMLOCKER is a ransomware infection that encrypts system-stored data with RSA cryptographic algorithms and appends the new .CMLOCKER extension. For instance, a file previously named 1.pdf will change to 1.pdf.CMLOCKER and reset its original icon. After all files end up access-restricted, the virus creates a text note called HELP_DECRYPT_YOUR_FILES.txt to blackmail victims into paying money for data decryption.

HARDBIT is a ransomware virus that targets Windows users to encrypt system-stored data and blackmail victims into paying a fee for decryption and non-disclosure of exfiltrated data. While rendering files inaccessible, the file-encryptor assigns some visual changes to highlight the blocked data. For instance, a file originally named 1.pdf will change to something like 1.pdf.[id-GSD557NO60].[boos@keemail.me].hardbit at the end of encryption. This newly-assigned string of symbols consists of the victim's ID, cybercriminals' e-mail address, and .hardbit extension. Immediately after the encryption process approaches its end, HARDBIT changes the desktop wallpapers and drops two files explaining decryption instructions - Help_me_for_Decrypt.hta and How To Restore Your Files.txt.

FlyTrap is a trojan infection designed to steal Facebook accounts and use them for future abuse. An authoritative security company named Zimperium researched this malware and confirmed its activity across 100+ countries with at least 10,000 users affected by it. According to reports, many have been affected by FlyTrap via a malicious application that promotes coupons, discounts, and other similar content. Clicking on such content can lead to a fake verification window demanding login credentials for a Facebook account. After successfully retrieving the inserted data and accessing the targetted Facebook account, FlyTrap becomes able to inject malicious JavaScript code in order to collect sensitive information (e.g., IP-addresses, geolocations, e-mail addresses, internet cookies, tokens, etc.). The stolen accounts may thereafter be abused for scamming friends or spreading malware via malicious links or attachments. Thus, FlyTrap is a dangerous infection that may lead to massive security problems and compromise users' identities. Follow our guide below to get rid of the virus from your Android smartphone. After doing so, it is important to change passwords and notify your friends/contacts about the committed hacking.

FBI Ransomware is a file encryptor that restricts access to data and blackmails victims into paying $250 for the recovery. While running encryption, the virus renames all affected files by adding the .fbi extension. For instance, a file like 1.pdf will be renamed to 1.pdf.fbi and reset its original icon as a result of this change. After this, the malicious program creates three totally empty notes (readme.txt, LOCKEDBYFBI.hta, and decryptfiles.html), which contain no information at all. The actual message is displayed in the intractable full-screen window, which opens automatically after the encryption is finished.

Payroll Timetable is a malicious e-mail campaign designed to trick users into downloading a devastating trojan called TrickBot. Developers in charge of this campaign send thousands of identical messages representing fake information about some payroll timetable. By impersonating the name of a legitimate company named PricewaterhouseCoopers and pretending to be its employees, cybercriminals encourage users to review some "irregularities" by opening the attached file. Such text is usually random to users and simply meant to raise curiosity for opening a malicious attachment in .docx, .xls, or other MS Office formats. If you ever receive a message accompanied by some attachment, chances are, this is an attempt to deliver a virus infection. The distributed TrickBot trojan is meant to record sensitive information (e.g., passwords, usernames, e-mails, etc.) and use it for stealing related accounts. The scope of cybercriminals is especially towards various finance-related applications, such as pocket banks or crypto-wallets. Unfortunately, if you trusted the Payroll Timetable e-mail message and opened the attached document, then your system is more likely infected. Use our guide below to avert the damage by running complete deletion of the infection.