Friday, November 18, 2016

Microsoft calling? Mind the tech support scammer!

blog_main_tech


After a long day, there is nothing like sitting down at your computer with a cup of tea to catch up on the news online. But what would you do if you were faced with a pop-up telling you that your computer has a virus and that ‘tech support’ is conveniently letting you know?


The solution seems only a quick call away. The popup even provides you with the 1800 number.


But, it’s the people who are claiming to help you that are about to load your computer full of junk and charge your credit card for the privilege.


What these scams look like


These tech scams can appear in various ways, whether by a popup on your browser or a call on your home phone number. Here’s what to look out for:


Over the phone

Usually calling from places such as India, these scammers target any person listed in the phone directories of the U.S, Canada, the UK, or Australia.


The scam is simple. Someone calls, pretending to be calling from Microsoft or a partner company. They ask you to give them remote control access of the machine, trick you into installing their software after they show you lists of fake error reports.


Once the installation is complete, they ask for your credit card details to charge you for the ‘anti-virus’ they have just installed. In the meantime, you have absolutely no way of knowing what has been installed and what kind of private information you have just given away. Microsoft is aware of these scams and reports on their website:


“You will never receive a legitimate call from Microsoft or our partners to charge you for computer fixes.”



Pop-ups:

Causing further distress, Bleeping computer recently reported on a particular type of scam that prevents users from even closing their browser without calling the number on their screen to have the message removed. This kind of scam borders on the edge of ransomware as you feel forced to call and inevitably pay to have your system ‘cleaned.’


These popups flood websites with high amounts of traffic and popular search engines. Even if you google tech support online these scammers have paid to reach the top of search engine listings. Even if they don’t convince you with the popup, they can easily convince you from a google search that they are a legitimate online tech service.


blog_content_breaker_tech


Consequences for scammers


Recently, a collection of US companies were reported and caught for running this kind of scam by using popups to scare users into calling for tech support and pushing them into purchasing services they didn’t need. CSO Australia reports:


“Charges have been filed against Missouri-registered firms Global Access Technical Support, Global sMind, Source Pundit, Helios Digital Media, and an Indian company, Global Ites Private Limited. Defendants include three individuals who own the firms.”



What you can do


  • Ignore pop-ups within your browser that lock up your screen or ask you to call a number to ‘clean your system.’

  • If your browser is locked by the popup, move your mouse to the clock in the bottom right hand corner of your screen and right click to open the ‘task manager.’ Select your web browser from the list and close the program.

  • If the popups continue, run Emsisoft Emergency Kit to clear your computer of potentially unwanted programs (PUPs) that may be causing the constant popups.

  • If you receive phone calls claiming to be tech support or Microsoft, simply hang up.

  • If you are already infected and have paid for the service offered over the phone, immediately dispute the transaction with your bank and contact a trusted computer technician to remove the software that was installed by the scammer.

  • Use a reputable anti-malware solution such as Emsisoft Anti-Malware to keep nasty popups out of your browser.

Have a great (scam-free) day!



Related Posts:


  • WhatsApp scam falsely promises early access to voice calling

  • Emsisoft Alert: Netflix Tech Support Scam

  • Beware of these popular WhatsApp scams

  • What Happens When a Tech Support Scammer Cold Calls…

  • Criminals defraud victims with terrifying persistency




Microsoft calling? Mind the tech support scammer!

Monday, October 17, 2016

30 seconds and 50 dollars is all it takes to steal your PC login

blog_main_login


Imagine you’ve been at work for a few hours. It’s time to get up, grab a coffee and some morning tea. You’ll only be away from your desk for ten minutes so you know it will be easier to just hit the lock screen on your workstation than to completely log out and then log back in again when you return. No one has your password so your workstation is safe, right?


Many people believe that leaving their computer unattended won’t pose any security risks as long as the device is locked. However, researcher Rob Fuller, principal security engineer at R5 Industries demonstrates that an attacker with physical access to your device can capture your login credentials (username and password) in under a minute if your computer is still logged in.


Credit: Rob Fuller

Credit: Rob Fuller



How it works


Fuller tested the attack method using USB Armory and Hak5 LAN Turtle, two USB drive-size complete computers designed for security application and penetration testing. Each was loaded with hacking app ‘Responder’. When plugged in, these devices capture credentials from a locked, logged-in system by disguising them as a USB Ethernet adapter.


He explained that the hack worked on all versions of Windows and expressed disbelief at how easily he was able to obtain the login details of the workstation. Sure, the data is encrypted, but it can be decrypted easily at another time. The success of this attack is the speed with which credentials can be taken to be used later.


In his report Fuller writes that he “tested it so many ways to confirm” since he had such a hard time believing it was possible. “This is dead simple and shouldn’t work, but it does.”


What it looks like



In an email to Ars Technica, Fuller explained:


“What is happening in the video, is the USB Armory is being plugged into a locked (but logged in) system. It boots up via the USB power, and starts up a DHCP server, and Responder. While it’s doing this, the victim is recognizing it as a Ethernet adapter. The victim then makes route decisions and starts sending the traffic it was already creating to the Armory instead of the “real” network connection. Responder does its job and responds to all kinds of services asking for authentication, and since most OSs treat their local network as “trusted” it sees the authentication request and automatically authenticates. Seeing that the database of Responder has been modified the Armory shuts down (LED goes solid).”



Surely the scariest thing is how easily and quickly this technology can be adapted to perform more efficiently for less. Mubix reported that some people have already had success with a similar setup on a RaspberriPi Zero, making the cost of this hack around $5 with 10 minutes of configuration.


For further technical information on how his hack works, you can read Fuller’s full report.


Credit: Rob Fuller

Credit: Rob Fuller



What you can do


Anti-Malware programs can’t block attacks like this one. This kind of attack is completed by an entire computer within a usb stick that uses a design flaw in Windows to get in and is how many operating systems deal with newly connected hardware.


Fuller endorses this prevention post: An intro to Windows Device Guard.


But, your simplest and best defence?


Don’t leave your workstation logged in while it is unattended. As seen above, even if you lock the screen, your login credentials can be obtained in under a minute.


Have a great (malware-free) day!



Related Posts:


  • ALERT: Google Drive Phishing Scam

  • Hacker group LizardSquad used home routers to attack Xbox…

  • Protecting your information with hard disk encryption –…

  • Large scale Windows SMB vulnerability puts user login…

  • Will passwords become a thing of the past?




30 seconds and 50 dollars is all it takes to steal your PC login

Friday, October 14, 2016

Malware in sex toys: How private is your playtime?

blog_main_malware_toys


In a time where fridges self-monitor their own food levels and cars can drive themselves, it was inevitable that the Internet of Things would catch up with the sex toy industry. Our playthings can now be controlled by an app and that can be paired to another person’s phone from wherever in the world they happen to be. But what would you do if you found out that the person at the other end of the controls was not your partner?


The We-Vibe, a device released by Standard Innovation, allows users to exchange text messages and engage in video chats when their smartphone is paired with the We-Connect app. It also allows a partner to control the device remotely. Beyond the security issues, such as a man-in-the-middle attack, a woman recently filed a lawsuit claiming the device measured highly personal information such as the date and time of each use, the intensity and mode chosen by the user, the email address of registered users and the device’s temperature at various times. This data was transmitted by the device back to the manufacturer with no explanation of how this information was being used.


Read the complaint (PDF).


CNET reports that “potential issues with the product came to light last month at the annual Defcon hacking convention when two researchers demonstrated how flaws in the software could let a hacker take over the vibrator while it’s in use. They also learned what kinds of data are being sent back to the company by taking the vibrator apart and studying the information it sends and receives.”


But, what if this information was stolen? Hacks of large companies, such as the recent attack on Yahoo which compromised over 500 million user demonstrate the magnitude of information that can be illegally obtained. One can only imagine the implications of large scale hack of very personal information such as the data held by Standard Innovation.


blog_content_breaker


Is it sexual assault?


Couples toys that can be controlled by your partner remotely have been growing more and more popular. With built-in video calling and messaging, your partner can see you and control the device simultaneously.


It was revealed in the Defcon demonstration that an unknown person could easily hack the application, access your webcam and be in control of the toy without your knowledge. As well as being a gross violation of your privacy, some organisations are suggesting a far more serious crime is in play.


According to The Guardian, “a lot of people in the past have said it’s not really a serious issue, but if you come back to the face that we’re talking about people, unwanted activation of a vibrator is potentially sexual assault.”


Implications for manufacturers


In addition to the violation of a user’s privacy, there are significant security risks for manufacturers collecting such private information.


“If I hack a vibrator it’s just fun,” Raimund Genes, Chief Technology Officer at Tokyo-listed Trend Micro, told reporters at the CeBIT technology fair in Hannover.


“But if I can get to the back-end, I can blackmail the manufacturer,” he added, referring to the programming system behind a device’s interface.


Ransomware in the medical profession is highly profitable. A recent attack on a hospital in the US saw patient files held to ransom. The hospital felt forced to pay to ensure that the daily operation of the hospital was not interrupted and patient data could be returned. The collection of highly sensitive information such as that held by Standard Innovation is a prime target for a ransomware attack, risking the privacy of WeVibe’s users and the integrity of it’s manufacturer.


blog_content_breaker2


Sex toys that can be accessed by anyone anywhere anytime have implications for users and for the toy’s manufacturers. So, how can you stay safe?


Read the User Policies upon purchase, particularly with regards to what information apps are able to collect and how this information will be used.


Have a nice (malware-free) day!



Related Posts:


  • The alarming state of computer security in healthcare

  • Keysweeper: proof that it’s relatively simple to hack…

  • iPhones having spyware built-in?

  • LinkedIn Lawsuit: Mining Email Contact Lists

  • Privacy Alert: Adobe’s Digital Editions eReader is…




Malware in sex toys: How private is your playtime?

Monday, October 3, 2016

No honour among thieves: hackers who hack each other

blog_main_hackers_vs_hackers


In ransomware, as in any profitable business, there is a constant struggle to compete in the marketplace. Ransomware, the strain of malware which crypto locks a victim’s hard drive until the developer of the malware is paid, is a highly lucrative – and illegal- income earner for its authors. The strategy is so successful that some ransomware developers have even begun sabotaging other’s ransomware in a bid to secure their share of victims.


An exploitative crime, ransomware is a type of malware that encrypts your personal data or locks your entire PC. You are asked to pay a “ransom” via an anonymous service in order to unlock your computer and free your data. Ransomware makes up a huge part of today’s active threats as it turned out to be one of the easiest income earners for attackers. Most other malware makes its developers money indirectly (by using or selling your computer power), but ransomware directly asks you (the victim) for cash to return your data or access to your PC. This is usually achieved through a lockout screen with a countdown timer and a link to a payment page where you are required to pay your ransom and receive a decryption key to unlock your files or computer.


To gain a competitive edge, hackers recently gained access to 3500 decryption keys for a competing organisation’s ransomware with a plan to release them to the public. Thus, rendering entire strains of their competition’s ransomware completely ineffective.


Fake ransomware has also become an issue which undermines the profitability of actual ransomware types, or, families. Actual ransomware developers are hacking developers of fake ransomware to ensure the continued profitability of this kind of crime.


blog_content_breaker_hackers_vs_hackers


F-secure recently reported that corporate sabotage has also been revealed as a key income generator in this field. A ransomware group claims they were paid handsomely by a Fortune 500 company to hack and infect a competing business. By locking the files of the competitor, the offending company was able to halt the competing company’s production and release a similar product first. This ransomware developer was paid twice, first by the offending company and secondly by the infected company via the ransomware lockout instructions.


If the profitability of ransomware is being threatened at all, it is being defended by those who know it best. This kind of malware shows no signs of disappearing any time soon.


How can you protect yourself from ransomware?


Though the basic features of ransomware are the same, there are many different ransomware families. We tested our product against 20 crypto-ransomware families to see how Emsisoft Anti-Malware held up. See the results here.


So, it’s not all bad. There are preventative steps you can take to keep your data free from ransomware.


  1. Make sure all your software is up to date – especially your operating system, your web browser and all browser plugins like Adobe Flash Player or Oracle’s Java Platform.

  2. Be cautious. Ask questions before you click. Read about how threats (and scams) work to avoid becoming a victim.

  3. Backup all of your personal files and documents. If somehow your computer is infected with ransomware, you can reinstall your system and restore your files.

  4. Make sure you run a strong anti-malware software with real-time protection and surf protection such as Emsisoft Anti-Malware.

  5. Run an occasional scan with a second opinion scanner, such as Emsisoft Emergency Kit, Malwarebytes Anti-Malware or Hitman Pro to check whether your PC is ransomware-free.

Have a great (malware-free) day!



Related Posts:


  • The smartest way to stay unaffected by ransomware? Backup!

  • Strong indications that ransomware devs don’t like…

  • Warning: File Encrypting Ransomware, Now on Android

  • Stay one step ahead of ransomware – Emsisoft’s…

  • The malware landscape has shifted – These online…




No honour among thieves: hackers who hack each other

Monday, September 26, 2016

Yahoo hack hits half a billion users

blog_main_yahoo


Yahoo announces that data from as many as 500 million user accounts were stolen in a breach during 2014. The data breach poses many problems for Yahoo CEO Marissa Mayer as she tries to close a $4.8bn sale to Verizon Communication who were only made aware of the leak two days ago. With the deal not set to close until early 2017, Verizon still has plenty of time to negotiate price or decide whether the takeover is worth it. But what does the biggest ever data leak made public mean for you?


“The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers,” Yahoo claimed in a recent statement on their tumblr.


Yahoo suggest the hack may have been performed by a ‘state sponsored actor’ – polite jargon suggesting the hacker(s) were potentially acting on behalf of a foreign government. The California-based company did not explain why it had taken so long to disclose the breach or how it reached its conclusions about the hacker.


Last month, Motherboard reported that a hacker known as “Peace” claimed that he had account information belonging to 200 million Yahoo users and was trying to sell the data on the dark web. However, given the timing, the significant size of the leak and the suggestion of state interference, this breach not only appears to be different but is also far more serious. Yahoo claims the FBI is now involved.


An FBI Spokesperson told CNN, “the FBI is aware of the intrusion and investigating the matter. We take these types of breaches very seriously and will determine how this occurred and who is responsible. We will continue to work with the private sector and share information so they can safeguard their systems against the actions of persistent cyber criminals.”


What you need to do


  • Change your Yahoo passwords whether you believe your account has been compromised or not.

  • Check your account for ANY suspicious activity.

  • All Yahoo users should also update all security questions and answers.

  • Other steps to protect your data include regularly changing your passwords, never using the same password twice and developing unique passwords with a password manager. This PCMag guide compares different options.

Have a nice (malware-free) day!



Related Posts:


  • Researcher claims Yahoo! servers have been compromised using

  • ALERT: You need to change your eBay password, now.

  • Change your passwords now: Dropbox hack affects 68 million…

  • Emsisoft Alert: Kickstarter Data Breach

  • Twitch user accounts possibly compromised




Yahoo hack hits half a billion users

Friday, September 23, 2016

Are all hackers criminals?

Not all hackers are created equal. The terms ‘hacker’ and ‘cyber criminal’ seem to be used interchangeably in online media which is both misleading and reductive. A cybercriminal uses online means to profit from illegal activity regardless of the cost to its many victims. Hacker is a blanket term that doesn’t allow for much differentiation between those who hack for good and those who hack for evil. Many hackers hack for profit. But not all hack to profit from online crime.


blog_main_good_bad_hacker


In the US, western films between the 1920s and 40s contrasted heroes and villains with the use of black hats (villains) and white hats (heroes). This term has been adopted to define classes of hacker. There are essentially four kinds of hackers; black hat, white hat, grey hat and hactivists. The key to distinguishing between them lies with the permission to hack.


Black Hats


Black-hat hackers, or simply ‘black hats,’ are the type of hacker that violate computer security for personal gain. Examples of this include stealing credit cards numbers or mining for personal data to be sold to identity thieves. An example of just how lucrative this can be made the headlines recently when a hacker offered over 650,000 patient records for sale on the dark web; a class of different locations online that are hidden from public search engines and regular internet users. The data, stolen from various medical institutions, included names, addresses and social security numbers. The perpetrator will likely make close to USD$800,000.


Black hat hackers are online criminals who hack without permission for illegal financial or personal gain. Some simply hack for revenge or to prove that they can. The term ‘black hat’ is also used in everyday tech language to describe any kind of person or activity that is considered underhanded or somewhat dodgy, such as SEO black hats who drain website traffic and sell it back to the site owner.


Grey Hats


As in life, between black and white there are various shades of grey. A grey-hat hacker falls in the space between a black hat and a white hat. A grey hat doesn’t work for their own personal gain or to cause damage, but their actions may technically be illegal. A grey hat hacker does not ask permission to hack. If a flaw is found a grey hat may reveal the flaw to an organisation privately, enabling them to fix it. Sometimes, however, a grey hat may reveal the flaw publicly which is not necessarily malicious but exposes organisations to black hats who can and will exploit the vulnerability.


Hacktivists


Under the same umbrella as grey hats, hacktivists hack systems as a form of political protest. Anonymous, perhaps the most notorious hacktivists blur the lines of good and bad, always hacking without permission but for what they believe is the greater good. Anonymous have gained a lot of exposure for their Robin Hood type takedowns, such as the hacking and shutting down of child porn sites. They took it one step further however when they leaked the names of visitors to these sites.


When Michael Brown was shot by a police officer in Ferguson on August 9, 2014, Anonymous intervened, collecting evidence to expose Brown’s killer in the name of justice. However, after collating all the data they had collected, Anonymous came to the incorrect conclusion and released the name of an innocent man.


Another attempt to seek justice saw Anonymous leak details of thousands of Bay Area Rapid Transport (BART) users. The hack was in retaliation for BART shutting down cell service during a protest to stop activists communicating with each other. Many innocent personal users were caught in the crossfire and had their personal information leaked online.


Though their intentions are good, the means of hacktivists are illegal and the outcome often display mixed results. Additionally, the key objective of a hacktivist is to hack without permission to further a political cause.


blog_content_breaker_good_bad_hacker


White Hats


White hats hack with permission in what can be a lucrative industry for the highly skilled. Looking for vulnerabilities in companies, hackers are hired to find bugs and alert developers or companies so that they can be resolved. White hats often work for profit but don’t gain from the exploitation of others.


HackerOne is a company founded by two twenty-five year old hackers who discovered a vulnerability in their university’s grading system. After the university was alerted, and the boys were paid handsomely, they founded a business based on the idea that companies will play good money to be informed of breach points before black hats do.


Ethical Hackers are certified by a means of an exam involving penetration tests, whereby hackers seen to penetrate networks and computer systems with the purpose of finding and fixing any vulnerable access points they encounter. While unauthorized hacking, black hat hacking, is illegal, testing that is authorised by an organisation is not.


At Emsisoft, we invite ethical white hat hackers to put our software to the test. We’re keen to improve our products continuously, as we all know such a thing as perfect code doesn’t exist.


Summary


So, as you can see, not all hackers are the same. The key is the permission to hack and the means of receiving any kind of gain from found vulnerabilities.

A grey hat does not ask for permission but has no intention to cause harm or damage though their means may be illegal. A white hat is hired and permitted to do his work. A black hat is not.


Have a great (malware-free day!)



Related Posts:


  • Professional hackers available for hire, charge over US$200…

  • Hackers Anonymous declare (cyber)war on terrorists after…

  • Watch out for this new iPhone infrared pin number hack

  • When a surveillance state hacking firm gets hacked

  • Hacking Identity Theft: Entry points, tools and prevention




Are all hackers criminals?

Thursday, September 22, 2016

How to identify your ransomware infection to find the right decrypter tool

blog_main_gillespie


How would you feel if you opened your computer to find it had been locked with a ransom note demanding cash immediately? Ransomware is the most common online threat of 2016, making up a huge percentage of today’s active threats. It has turned out to be one of the easiest and highest income earners for attackers. All other malware makes its developers money indirectly (by using or selling your computer power), but ransomware directly asks you (the victim) for cash by putting you in a situation in which you feel forced to pay.


The Emsisoft team spends a lot of time looking for ways to prevent ransomware from finding it’s way onto your computer. But, what if your system is already infected? Don’t panic. Downloading various tools to attempt to unlock your system will only make matters worse. If you have ransomware, look no further.


Emsisoft is proud to support Malware Hunter Team, a group of researchers who share our commitment to protecting you and your data.


Malware Hunter Team does a great job of raising awareness of not only online threats themselves, but how to remove them if you find yourself the victim. What does this mean for you? If you find yourself with ransomware, you can identify the strain you have and find out if there is a decryption tool available.


We spoke with Michael Gillespie at Malware Hunter Team, the creator of ID Ransomware, the website that will help you to figure out what kind of ransomware you have been infected with based on the specific signatures that can be found in the ransom note you receive. He walked us through the process of identifying ransomware families.


Who are Malware Hunter Team and what do they/you do?


Malware Hunter Team is basically a small group of security researchers interested in tracking down malware and promoting cyber security. They do a great job of hunting phishing sites and other threats on a daily basis. I recently joined the team with my ransomware research, and have been coordinating with them on tracking and identifying new threats.


I personally coordinate with ransomware victims and try to hunt down new samples, and help with reverse engineering when I can – with the goal of trying to decrypt if at all possible of course.


So, if someone’s computer has been infected with ransomware, what is the first thing they should do?


I would say the first step is definitely quarantining the system – for an organization this may include finding the affected system. The system should be either shutdown, or put in ‘hibernate’ if possible. From there, the threat needs to be identified just like any other malware infection.


And that’s where you guys come in? My understanding is you specialise in working out what type of malware a user has?


Yes. That can sometimes be the tricky part, especially lately with new strains mimicking others, or flying under the radar.


With so many families and new strains, how do you tell them apart? I saw you have 100’s that can be decrypted for free through your site.


That’s the hard part. In general, we’ll classify them by the symptoms – what extension does it use, what ransom note is left, etc. Sometimes we do have to get more technical to recognize if it is the same author based on their coding style, or certain strings left in the malware.


And for a user, for example, they have a ransom lockout screen, they go to your site, what would they need to do? What is the process?


I’ve tried to make ID Ransomware as simple as possible for the user. They simply upload a ransom note left by the malware, and one of their encrypted files (I recommend something not confidential), and the website will use several methods of trying to identify which ransomware it is. If it is a positive match, it will provide an easy status on “can it be decrypted”, since that is the #1 thought to a victim at that time. It then gives a link to more information either way so they can learn more about what hit them, and possibly find how it came in in the first place.


I use a few techniques to identify by the filename of the ransom note, certain known email addresses or BitCoin addresses in the note, the pattern of the encrypted file’s name (e.g. a certain added extension), and even some hex patterns that some ransomware leave in the files. I also have some custom “plugins” for a few more advanced techniques, such as detecting an embedded image in one certain strain.


With the amount of work that goes into it. Why do you offer the service for free?


Part of it is inspiration from other volunteers in the area. I get most of my information from sources such as victims, Twitter, and Emsisoft Malware Lab. Also, I don’t want to hold a ransom on helping someone decrypt their files – that makes me no better than the criminals in some sense. The information itself should be free to all.


It seems like the appearance of ransomware is increasing constantly. What does the future of malware look like in your opinion?


I definitely see it becoming more and more of a threat in all sectors as we are seeing with the Internet of Things, and how insecure devices are found to be from the factory. In just the past year I’ve been involved with this, I’ve seen a lot of adaptations and “creativity”. We have recent ransomware we discovered that mimics a Windows Update while it decrypts, one that also creates a backdoor to the system, one that uploads passwords, etc. Malware authors are bundling more features together into one package it seems.


How should people best protect themselves?


The best protection is definitely awareness of what you are clicking on. Having good anti-malware protection is a great step, but knowing how to use it, and how to not HAVE to use it. I want to bluntly say “common sense” when it comes to what you are doing online and what you are trusting to run on your computer.


I also want to say BACKUPS BACKUPS BACKUPS. (The Emsisoft Team explored this in a recent article ‘Prevent Ransomware – Backup!’)


blog_content_breaker_gillespie


Which ransomwares are detected in ID Ransomware?


This service currently detects 163 different ransomwares. Here is a complete, dynamic list of what is currently detected:


777, 7ev3n, 7h9r, 8lock8, ACCDFISA v2.0, Alfa, Alma Locker, Alpha, AMBA, Apocalypse, Apocalypse (Unavailable), ApocalypseVM, AutoLocky, AxCrypter, BadBlock, Bandarchor, BankAccountSummary, Bart, Bart v2.0, BitCrypt, BitCrypt 2.0, BitCryptor, BitMessage, BitStak, Black Shades, Blocatto, Booyah, Brazilian Ransomware, Bucbi, BuyUnlockCode, Cerber, Cerber 2.0, Cerber 3.0, Chimera, Coin Locker, CoinVault, Coverton, Cryakl, CryFile, CrypMic, Crypren, Crypt0L0cker, Crypt38, CryptFuck, CryptInfinite, CryptoDefense, CryptoFinancial, CryptoFortress, CryptoHasYou, CryptoHitman, CryptoJoker, CryptoMix, CryptorBit, CryptoRoger, CryptoShocker, CryptoTorLocker, CryptoWall 2.0, CryptoWall 3.0, CryptoWall 4.0, CryptXXX, CryptXXX 2.0, CryptXXX 3.0, CryptXXX 4.0, CrySiS, CTB-Faker, CTB-Locker, DEDCryptor, DirtyDecrypt, DMA Locker, DMA Locker 3.0, DMA Locker 4.0,Domino, ECLR Ransomware, EduCrypt, El Polocker, Encryptor RaaS, Enigma, Fantom, GhostCrypt, Globe, Gomasom, Herbst, Hi Buddy!, HolyCrypt, HydraCrypt, Jager, Jigsaw, JobCrypter, JuicyLemon, KeRanger, KEYHolder, KimcilWare, Kozy.Jozy, KratosCrypt, Kriptovor, KryptoLocker, LeChiffre, Locky, Lortok, Magic, Maktub Locker, MirCop, MireWare, Mischa, Mobef, NanoLocker, NegozI, Nemucod, Nemucod-7z, NullByte, ODCODC, OMG! Ransomcrypt, PadCrypt, PayForNature, PClock, PowerLocky, PowerWare, Protected Ransomware, R980, RAA-SEP, Radamant, Radamant v2.1, Razy, REKTLocker, RemindMe, Rokku, Russian EDA2, SamSam, Sanction, Satana, ShinoLocker, Shujin, Simple_Encoder, Smrss32, SNSLocker, Sport, Stampado, SuperCrypt, Surprise, SZFLocker, TeslaCrypt 0.x, TeslaCrypt 2.x, TeslaCrypt 3.0, TeslaCrypt 4.0, TowerWeb, ToxCrypt, Troldesh, TrueCrypter, UCCU, UmbreCrypt, Unlock92, Unlock92 2.0, Uyari, VaultCrypt, VenusLocker, WildFire Locker, WonderCrypter, Xorist, Xort, XRTN, zCrypt, ZimbraCryptor, Zyklon


If you have been infected by ransomware head straight to the ID Ransomware site. If you want to learn more about Malware Hunter Team you can visit them at malwarehunterteam.com.


Have a great (malware-free) day!



Related Posts:


  • Free decryption keys for CryptXXX Ransomware

  • Fabiansomware: when hackers lose it

  • Ransomware “Locker” automatically decrypts all…

  • Apocalypse: Ransomware which targets companies through…

  • Copycat Ransomware “Locker” Emerges




How to identify your ransomware infection to find the right decrypter tool