Viruses

CryptoJoker is a ransomware family that releases every new file-encryptor each year. Alike other ransomware infections, CryptoJocker pursues data encryption of potentially valuable data (e.g. pictures, videos, music, documents, databases, etc.) to demand money for its complete return. Depending on which version attacked your system, the encrypted files will be appended with one of these following extensions - .encrypter@tuta.io.encrypted, .crjoker, .cryptolocker, .cryptoNar, .cryptolocker, .nocry, .devos, .devoscpu. Those are often accompanied by .fully and .partially suffixes, suposed to mean, that some files are fully or partially encrypted. For instance, a file like 1.pdf may change to 1.pdf.crjoker, 1.pdf.encrypter@tuta.io.encrypted, and so forth. Different versions of CryptoJocker used different formats of presenting ransom instructions. Some display an interactive window, while others create separate text notes.

Discovered by a researcher named S!Ri, Foxxy is a malicious program that belongs to the malware category known as ransomware. Its main goal is to encrypt personal data and demand money for its recovery. The moment Foxxy starts enciphering data, all files will get a new .foxxy extension and reset their shortcut icons. This is how an encrypted file like 1.pdf will finally look like - 1.pdf.foxxy. Then, as soon as the encryption process is done, the virus displays a full-screen window and creates a text note called ___RECOVER__FILES__.foxxy.txt. Both of them feature ransom instructions to recover the data. You can check the full content of both ransom notes down below:

STRRAT is a malicious program distributing through e-mail spam messages. Decoded, STRRAT refers to Remote Administration Trojan (RAT), which aims at hijacking sensitive data. The object of focus is usually hanging around login data saved in browsers or e-mail clients. A list of data usually includes banking credentials, passwords, history, IP addresses, and more personal intel representing the money value sought by the developers. STRRAT allows the extortionists standing behind to manage a PC of victims remotely. By doing so, they are able to read and sort out the information they need to extort. Web browsers like Google Chrome, Mozilla Firefox, Internet Explorer, and e-mail clients like Foxmail, Microsoft Outlook, and Mozilla Thunderbird can be easily tracked by the virus once it gets on the system. The stolen information can therefore be abused to perform illegitimate transactions and other fraudulent steps pursuing personal benefit. Technically, as STRRAT developers have access to affect your entire system, they are more than capable of installing other potentially dangerous software (e.g. ransomware, cryptocurrency mining programs, adware, browser hijackers, etc.).

Being a successor of Kronos, Ares is another trojan designed to collect banking data. Trojans are programs, which force the download of other malware. In our case, Ares is meant to install a program-spy called Ares Stealer. Once it settles down your system, the trojan will be able to read and record sensitive data entered during the usage. The main target is usually passwords, credit/debit card numbers, usernames, e-mail, and other banking-related information used on various websites or desktop applications. The worst part is that some users might not know that they are surveilled. They continue using and entering confidential data, which leaks to servers of cybercriminals. All credentials and other types of private intel collected by swindlers can be abused to make online transactions, sell your personal details, and more. Overall, the most obvious sign of trojans infesting your system is unusual computer behavior.

Udacha is a ransomware virus that encrypts data with AES+RSA algorithms and demands payment of 490$ (0.013 BTC) in order to return it. This information is visible inside of the ReadMe_Instruction.mht file, which is created after encryption puts its finishing touches onto the data. Prior to this, however, users will see their files changed with the .udacha extension. To illustrate, a file like 1.pdf will change to 1.pdf.udacha and reset its shortcut icon. Below, you can see the full information that is written within the ransom note.

Also known as Trojan:Win32/Wacatac, Wacatac is a trojan-type infection that is capable of doing truly irreversible damage. Trojans are generally the virus used to distribute other malicious software. When trojan gets on your computer, it forces so-called "chain installations". The amount of software that can be delivered may vary broadly, however, the most popular is Ransomware that encrypts files stored on your PC asking to pay a ransom as a result. Unfortunately, these infiltrations can lead to massive privacy loss by handing personal data to third parties for making a profit. IP addresses, passwords, credentials, and location are often the most valuable information that extortionists are looking for. Since the rise of Bitcoin, trojans also started distributing crypto mining software that mines cryptocurrencies without users' consent. These manipulations require a vast amount of system resources which can slow down the computer or even lead to the entire system collapse. Sometimes, trojans can contain adware and browser hijackers that disseminate deceptive ads and redirects. This can also lead to system infection that can put you in a meltdown.

Zloader (also known as DELoader and Terdot) is a malicious piece of software classified as a virus-type program. Research shows that it is distributed through third parties web pages displaying fabricated error notifications like this 'The Roboto Condensed' font was not found. There has been an investigation conducted and it turned out that it is bundled in another malvertising program called Zeus, a banking trojan designed to gain access to confidential information stored or processed through online banking systems. When a malicious page is opened, it displays a message saying that the page failed to upload properly because the Roboto Condensed font was not detected for some reason. Depending on the browser you are using It offers visitors to fix this error by downloading and installing the font through either Mozilla Font Pack or Chrome Font Pack. These folders contain Chrome_Font.js or Mozilla_Font.js. The extensions stand for JavaScript file that is meant to install Zloader and thereby distribute Zeus banking trojan which is able to hijack passwords along with other credentials hence leave you without a penny in the back. In this article, we are going to discuss the most acute reasons and solutions you can apply to get rid of this virus.

GABUTS PROJECT is a ransomware virus that encrypts system-stored data to extort money for its return. It does so by appending the .im back extension to each modified file. Files like music, videos, pictures, and documents will acquire the new extension and reset their original shortcut icons. Here is an example of how encrypted files will look like - 1.pdf.im back; 1.mp4.im back; 1.png.im back, 1.docx.im back, and so forth. After this, the virus features a pop-up window and creates the "gabuts project is back.txt" file containing ransom instructions. The text is written in first person with requests to send 100 BTC for data decryption. This is exactly the price victims should send in order to restore the data. It is also mentioned this payment has to be done within 1 day after infection. To begin communication, victims should write to the pinned e-mail address. According to the text, there is also an option to decrypt 1 file by accessing the tor link. Unfortunately, nobody will pay the price of 100 Bitcoins (5,712,670$) unless it is a big corporation that lost extremely important data.