Trojans category archyve:

The Brotherhood Ransomware

The Brotherhood Ransomware

The Brotherhood Ransomware is a file-encrypting threat our researchers encountered recently. According to them, it is doubtful the malicious application is being distributed yet as they believe it is still in the development stage. If you read the rest of our article, we will explain to you why we think the malware is not finished yet and how it works at the moment. What’s more, at the end of this article you should find our prepared deletion instructions. They might help users to get rid of The Brotherhood Ransomware if the hackers start distributing it. However, it is essential to understand the given steps might not necessarily work because if the malicious application ever gets finished, its working manner could change as well, for example, it could place data on the system that we would not expect to see at the moment of writing. Therefore, it might be safer to use a legitimate antimalware tool instead. Read more »

Scarab-Bin Ransomware

Scarab-Bin Ransomware

Scarab-Bin Ransomware could change your Desktop picture with an image that should have a text on it saying: “Hello my friend! For instructions for decrypting files, please write here: mrbin775@gmx.de mrbin775@protonmail.com.” Unfortunately, users who encounter this malicious application might need decryption tools since the infection locks various private files with a secure encryption algorithm. Nonetheless, we would still recommend against contacting the malware’s creators as it could lead to them asking for a ransom and if you pay it, you might find you have lost the money in vain. That is because there is always a possibility the hackers will not bother to send decryption tools even if they promise or guarantee it. Therefore, if you do not like the idea of being tricked, we would advise erasing Scarab-Bin Ransomware with the instructions located at the end of the article or a legitimate antimalware tool. Read more »

Gollum Ransomware

Gollum Ransomware, also known as Bitshifter Ransomware, is a malicious application that locks files on victims’ computers. It is a typical ransomware infection that has been designed to encrypt data. There is only one thing that distinguishes it from other ransomware-type infections – it has been observed that it might also try to steal cryptocurrency wallets and some other personal information. In other words, it makes files unusable and, on top of that, it works as an info-stealer. If you have opened this report because you have encountered this malicious application, make sure you erase it from your system because it might be launched again incidentally and lock all your new files. It will not need your permission to do this. Ransomware infections are one of the nastiest malicious applications that are available on the market, but, luckily, Gollum Ransomware does not seem to be anywhere near sophisticated malicious software, i.e. it does not block system utilities, does not drop a bunch of different components, and it does not make any changes in the Run registry key, so you should be able to delete it from the system manually quite easily. Unfortunately, none of your files will be decrypted. Read more »

AnimusLocker Ransomware

AnimusLocker Ransomware

AnimusLocker Ransomware is a newly-discovered malicious application you might encounter if you keep your system completely unprotected, i.e. security software is not installed on it. Ransomware infections are one of the nastiest malicious applications available because they target the most valuable user’s asset – personal files. If this infection ever slithers onto your computer, you will find a bunch of files, including your documents, images, and music, completely encrypted. Additionally, the ransomware infection will kill Windows Explorer. The process should restart automatically, but you will need to launch it yourself if it does not revive. Technically, AnimusLocker Ransomware is not sophisticated malware, but it might still cause a lot of problems, so it would be best not to encounter it. As mentioned, you can prevent malicious software from entering your computer by installing a security application. If it is already too late for prevention, i.e. the ransomware infection has infiltrated your computer and locked your files, you must delete this infection as soon as possible so that it could not encrypt your new files. Unfortunately, you will not unlock your files even if you delete the ransomware infection fully. Most probably, you could not find a free decryptor either. Read more »

Patagonia92@tutanota.com Ransomware

Patagonia92@tutanota.com Ransomware

Patagonia92@tutanota.com Ransomware is a malicious file-encrypting program that employs a secure cryptosystem called RSA to lock all of their victims’ personal files. The worst part is the malware is set to restart with the operating system so if the user turns the computer off and then on again the threat might start encrypting his files once more. In which case, data that you might have added or created after the computer got infected would be damaged as well. Because of this, our researchers at Anti-spyware-101.com urge users to remove Patagonia92@tutanota.com Ransomware before it ruins more of their files. The malware can be eliminated manually and if you have a look at the instructions available below you can learn how to get rid of it. As for learning more about the threat you could review our full text. Read more »

Scarab-Bomber Ransomware

Scarab-Bomber Ransomware

Scarab-Bomber Ransomware is a tricky infection because it has at least two versions, but it is certain that this program is a ransomware infection that encrypts user’s files and then demands that the victims paid a ransom fee. We always say this when we deal with ransomware: paying is not an option because you would only encourage these criminals to continue committing the same cybercrimes. Therefore, you need to remove Scarab-Bomber Ransomware, and then look for ways to either restore your files or you simply start anew. Please remember that ransomware infections are really dangerous, and sometimes it is impossible to decrypt the affected data. Read more »

Omerta Ransomware

Omerta Ransomware

Omerta Ransomware is, without a doubt, the one that has locked files on your computer if you can locate a new .[XAVAX@PM.ME].omerta extension appended to those files you find impossible to open, because this filename extension is one of its distinctive features. It has not been developed for the purpose of making users annoyed. Instead, it is used to obtain money from users. Do not send money to malicious software developers by any means because they will use your money to develop more threats that you yourself might encounter in the future. Also, even though Omerta Ransomware promises to decrypt users’ files right after the money is received, there are no guarantees that it will be given to you, so, in our opinion, it would be smarter to restore files from a backup rather than pay money for the decryption tool that might not be even sent to you. Make sure you remove the ransomware infection first before you go to restore your encrypted data. It is not sophisticated malware, and it even deletes itself automatically once it is done with users’ personal files, but you will still need to remove two components associated with it (its Value and its ransom note) from your system. Additionally, you will have to change your Wallpaper because the ransomware infection will set its image with an email address. Read more »

Scarab-Danger Ransomware

Scarab-Danger Ransomware belongs to Scarab Ransomware family. It is a threat that enciphers targeted files located on the infected computer and then displays a note saying the user has to pay a ransom if he wishes to get his data back. As you see recovering it on your own could be impossible if you do not have any backup copies. Nonetheless, we do not think it would be wise to pay these cybercriminals. It is entirely possible they may not bother to help even if they promise to do so once you send the requested sum. Therefore, to victims who are not prepared to risk losing their money for recovery of their data that might never happen, we can only suggest removing Scarab-Danger Ransomware. If you think it is the best option as well, we encourage you to have a closer look at the deletion instructions located below, but if you have not yet decided what to do, it could be a good idea to read the rest of this text and learn more about the malware in question. Read more »

Kingouroboros Ransomware

Kingouroboros Ransomware

Kingouroboros Ransomware might be a new version of a dangerous file-encrypting threat called CryptoWire Ransomware. Our researchers tell they noticed a lot of similarities in the malicious applications’ codes and their working manner. Of course, we will explain how the new infection works further in the text, so if you came here to learn all about this malware, you should read our full article. As usual, we do not advise contacting it’s developers or sending them money, even if their offered decryption tools could be the only way to get your data back. Keep it in mind, the hackers who created Kingouroboros Ransomware might have the needed decryption tools, but it does not mean they will be willing to provide them once you pay the ransom. In other words, for users who do not want to risk losing their money in vain, we advise deleting the malicious application. To remove it manually you could follow the instructions located below, and if you prefer automatic features, you could employ a legitimate antimalware tool instead. Read more »

CyberSCCP Cryptor Ransomware

CyberSCCP Cryptor Ransomware

CyberSCCP Cryptor Ransomware is an infection that was built to push you into communicating with cyber criminals and paying a ransom for a decryptor that would, allegedly, save your personal files. The infection is most likely to spread using spam emails with a misleading message that is meant to trick you into opening a corrupted file attachment or link. Note that both messages and the email addresses via which they are sent can be extremely misguiding, and you need to be careful. For example, if it appears that you have been sent a legitimate message from a postal service, you need to think if you are expecting a package. If you are not careful enough, you could execute the infection without even realizing it. Once executed, it can perform in a malicious way, and it was found that it can indeed encrypt your personal files. In this situation, you might be focusing on the decryption of your files, but we suggest redirecting your focus to the removal of CyberSCCP Cryptor Ransomware. You can learn all about that by reading this report prepared by Anti-Spyware-101.com researchers. Read more »