Viruses

H0rus Ransomware is a malicious software designed to extort money from its victims by encrypting their files and demanding a ransom for the decryption key. Once it infects a system, it scans the victim's computer for specific file types and then encrypts them, making them inaccessible without the unique decryption key possessed by the attackers. The ransomware appends a unique file extension, typically .h0rus13, to the encrypted files, signaling that the victim's data has been taken hostage. This makes it immediately evident to the user that their files have been compromised. The encryption algorithm employed by H0rus Ransomware is often highly sophisticated, using strong cryptographic methods such as AES (Advanced Encryption Standard) or RSA (Rivest-Shamir-Adleman) encryption, ensuring that decrypting the files without the private key is practically impossible. In addition to encrypting files, H0rus Ransomware leaves a ransom note, usually named #Recovery.txt, in each folder that contains the encrypted files.

PXRECVOWEIWOEI Stealer is a sophisticated piece of malware classified as an information stealer. It is primarily distributed through email, often disguised as a legitimate communication prompting recipients to download a malicious attachment. Once installed, this Trojan goes to work silently, extracting a wide range of sensitive data from infected systems, including passwords, credit card information, and autofill data. Additionally, it targets communication and gaming applications like Discord, Skype, and Steam, making it particularly dangerous. This malware can also compromise crypto wallets and FTP hosts, further broadening the scope of potential damage. Cybercriminals utilize the stolen data for identity theft, unauthorized financial transactions, and other malicious activities. Due to its stealthy nature, victims often remain unaware of the breach until significant damage has been done, underscoring the importance of robust cybersecurity measures.

Key Group Ransomware is a malicious software identified while inspecting new submissions to VirusTotal and belongs to the Xorist ransomware family. After infiltrating a system, Key Group Ransomware encrypts victim files and appends specific extensions such as .keygroup, .keygroup777, or .keygroup777tg, depending on the variant. For instance, a file initially named document.docx would be renamed to document.docx.keygroup777 if compromised by this ransomware. The encryption algorithm used, typically found in Xorist ransomware, is a strong cryptographic method intended to prevent unauthorized access without a decryption key. Once the encryption is complete, the ransomware displays a pop-up window and leaves a text file named HOW TO DECRYPT FILES.txt on the infected system. Both the pop-up and the text file instruct victims to contact the attackers for file decryption, stating that incorrect entry of the decryption code could result in permanent data loss.

Itlock Ransomware is part of the MedusaLocker family, a notorious group of ransomware variants known for disrupting personal and organizational workflows by encrypting essential files. This ransomware appends the extension .itlock20 to the filenames of affected files, rendering them inaccessible without a specific decryption key. The number in the extension can vary, but it consistently follows the "itlock" format. The encryption method employed by Itlock ransomware involves a combination of RSA and AES encryption, which ensures that files are securely locked, and only the attackers possess the decryption keys required to restore the files. Once the encryption process is complete, Itlock ransomware generates a ransom note named How_to_back_files.html, which appears on the infected device. This HTML file states that the user's files are encrypted and safe but modified, emphasizing that only the attackers can resolve the issue. The note warns against using third-party software to restore the files, as this could result in permanent corruption.

CYBORG Ransomware is a type of malicious software identified by the malware researcher GrujaRS. This ransomware is designed to encrypt user data and demand a ransom for decryption tools or software. During its encryption process, CYBORG renames files by appending the .petra extension, among others like .lazareus and .Cyborg1. For instance, an original file named 1.jpg would be renamed to 1.jpg.petra after encryption. Once the process is completed, CYBORG stores a text file named Cyborg_DECRYPT.txt on the desktop and even changes the wallpaper to inform users that their data has been encrypted. The ransom note generally demands a payment of $300 in Bitcoin, providing an email address for further contact. As is the norm with ransomware, meeting these ransom demands is strongly discouraged since there is no guarantee that the perpetrators will provide the necessary decryption tools.

Datablack Ransomware is a malicious software that cybercriminals deploy to encrypt valuable data on infected systems and extort ransom payments from victims. Upon infection, the ransomware identifies and encrypts sensitive files, altering their filenames with a randomly generated string and appending the .Datablack extension. For example, a file named report.docx would be renamed to something like abc123.docx.Datablack. This transformation renders files inaccessible without a decryption key, which the attackers promise to provide in exchange for a ransom. Typically, the ransomware drops a text file named #Recovery.txt on the victim's system, usually on the desktop or within affected directories, to inform users about the breach. The ransom note pressures victims to contact the attackers via designated email addresses and threatens to increase the ransom if payment demands are not met within 48 hours.

Banshee Stealer is a malicious software specifically targeting Mac operating systems, designed to exfiltrate sensitive data such as system information, browser details, and cryptocurrency wallet credentials. Once it infiltrates a Mac, it begins by collecting device data including the device name, OS version, and hardware specifics. This stealer can extract information from the macOS Notes app, system/user passwords, and login credentials stored in the Keychain. Additionally, it targets browsers to steal cookies, auto-fills, passwords, and payment details, affecting a wide range of browsers including Chrome, Firefox, and Safari, though with varying data extraction capabilities. Banshee also compromises cryptocurrency wallets, both browser extensions and desktop applications, by stealing valuable wallet information. The presence of such malware can lead to severe privacy breaches, financial losses, and identity theft. Users are advised to scan their systems with reputable antivirus software to detect and remove Banshee Stealer, thereby protecting their sensitive information from unauthorized access.

Allarich Ransomware is a sophisticated form of ransomware designed to encrypt files on infected systems, rendering them unusable until a ransom is paid. This malware appends the .allarich extension to the filenames of encrypted files, making it easy to identify but challenging to recover without the decryption key. For instance, a file named photo.jpg would be renamed to photo.jpg.allarich once encrypted. Upon successful encryption, the ransomware generates a ransom note named README.txt, typically placed in directories containing encrypted files. This note usually instructs the victim to contact the cybercriminals via a provided email address and warns against using third-party decryption services, albeit without mentioning the exact decryption method or ransom amount, emphasizing that the cost depends on the promptness of the victim’s response.