New ransomware unable to restore files it encrypted

A Brand new ransomware attack widely distributed and infected the users based on their geolocation by checking the infected device IP address.

The ransomware was discovered by Doctor Web security experts and cybercriminals, who warned that the malicious program attacks users of Windows operating systems for profit.

The preventive protection of Dr.Web Antivirus detects this Trojan under the name DPH: Trojan encoder 9 or Trojan.Encoder.25129. This is a Trojan cipher that encodes data on an infected computer.
After launch, it checks the user's location by the IP address of the infected device. According to the analysis carried out by the researchers, it seems that the malware authors designed this ransomware to avoid encrypting files for specific countries such as Russia, Belarus and Kazakhstan, as well as in the case where the Windows regional parameters were in Russian and the Russian language. However, as a result of an error in its code, the ransomware encrypts files regardless of the geographic location of the IP address and restoration of the files affected by this malware is impossible in the majority of the cases.

The Trojan encodes the contents of the folders of the current user, the Windows desktop, and the service folders AppData and LocalAppData. Encryption is carried out using the algorithms AES-256-CBC, encrypted files are assigned the extension .tron.

Files larger than 30,000,000 bytes (approximately 28.6 MB) are not affected. Once the encryption is complete, the Trojan creates a file% ProgramData% \\ trig in which it writes the value "123" (if such a file already exists, the encryption is not done). Then the malware sends a request to the iplogger site whose address is registered in his body. Then the malware displays a window with a ransom request.

This ransomware mainly distributed through Social media that contains a malicious Payload and also it distributed through network shares.

Google's Messaging Service "Chat" Raises Security Concern



Amid worldwide acrimony over the Facebook scam, controversy surrounds Google after the largest internet search engine on the planet launched Chat which a section of experts has called an utter contempt for users’ privacy.

The first one expert to have raised the concern is none but Joe Westby who termed the new messaging service nothing but a huge gift to the gang of cyber criminals and spies to enable them to strike at ease.

Westby, who is known for his extensive studies at the Amnesty International technology and human research further said the product in question would provide the cybercriminals with unstoppable access to the content of the Andriod users’ communications on every passing moment.

Quoting a recent revelation by another American expert on end-to-end encryption being a reliable mechanism to safeguard the users’ privacy, Westby charges Google with disregarding its millions of customers and their human rights.

He said Google has never taken into consideration of the consequences of the Facebook faux pas and resorted to the hasty decision to launch the product which simply sounds dangerous.

End-to-end encryption is the reliable and minimum mechanism to safeguard the privacy of the users and that’s what the specified area as the global rights body regards and its absence would be a risky operation, observed the cyber expert.  The Google product hit the market sans the end-to-end encryption as has been confirmed by the top internet search engine who is learned to have invested in a few other messaging soon-to-be-launched products or services.

Same it took place in the case of the  Android Auto when the app from Android smartphones on a car displayed on the screen too many information much to major security concern.  Even the vehicle speed, oil temperature, and engine revs were on displayed sensing an impending danger. Then the mechanism reached Google forcing Toyota to shy away from deploying the Android Auto in their cars. The reason is the privacy concern.

Zero-day vulnerability in Internet Explorer discovered

According to security researchers at Chinese web giant Quihoo 360, hackers are using a zero-day vulnerability in Internet Explorer kernel code to infect Windows computers with malware.

The researchers say that an advanced persistent threat (APT) group is using the vulnerability to infect victims on a global scale by sending malicious Office documents to selected targets.


These documents are loaded with what they call a "double-kill" vulnerability, which affects the latest versions of Internet Explorer and any other applications that use IE kernel. When victims open the office document, the bug launches a malicious webpage in the background to deliver malware from a remote server.

"After the target opens the document, all exploit code and malicious payloads are loaded from a remote server," the researchers wrote in a blog post on the Chinese platform Weibo.

The researchers said that the attack involves the use of a public User Account Control (UAC) bypass, reflective DLL loading, fileless execution, and steganography; they also provided a diagram that roughly outlines the attack, with Chinese annotations.


The company says that it has reported the vulnerability to Microsoft and will be giving them appropriate time to find a patch before it reveals more details about the bug.

Microsoft has neither confirmed nor denied the attacks, but has given the following statement:

Windows has a customer commitment to investigate reported security issues, and proactively update impacted devices as soon as possible. We recommend customers use Windows 10 and the Microsoft Edge browser for the best protection. Our standard policy is to provide remediation via our current Update Tuesday schedule.

Attention! The Ad-Blocker Installed In Your Browser May Actually Turn Out To Be a Malware


The co-founder of Ad-blocker Ad Guard as of late has reviewed various ad blockers on the Google Chrome Web Store. The purpose behind being that the Ad-Blocker that the users' may have installed in their browsers may in reality turn out to be a malware.

Posing like the world's most well-known advertisement blocking software, a false extension made it onto the Chrome Web Store and deceived countless of victims into installing what ended up being an exceptionally irritating bit of adware.

A large portion of these extensions are styled to look genuine yet they are really carrying malware in their code, says Andrey Meshkov, the co-founder of the advertisement blocker software Ad Guard, who got inquisitive about the expanding number of knock-off ad-blocking extensions accessible for Google's prominent browser Chrome quite recently.

"Basically I downloaded it and checked what requests the extension was making and some very strange requests caught my attention."

-Said Meshkov in a recent interview with Kaleigh Rogers, who writes for Motherboard.

He additionally found that the AdRemover extension for Chrome had a script loaded from the remote command server, giving the extension engineer the ability to change its functionality without restoring the current code.

In spite of the fact that Meshkov didn't forthwith notice what the extension was really gathering the information for, he said that having a connection to a remote server is perilous on the grounds that it could change the way your browser behaves in many ways, later including that the extension could modify the appearance of the website pages that a user visits.

What's more is that, this by itself is against Google's policy, and after Meshkov expounded on a couple of cases on Ad Guard’s blog, a large number of which had millions of downloads, Chrome removed the extensions from the store.

“For instance, the extension could probably man-in-the-middle all the requests coming from your browser, but it can’t, for instance, read your browser’s encrypted password database, because that is not a privilege that extensions can have,” explained  Yan Zhu, a software engineer who works for the privacy-conscious browser Brave, over a Twitter direct message.

Now while Google rushed to expel the extensions that Meshkov hailed, there is still no legitimate notice about whether the store is still brimming with these sorts of Chrome extensions or not , by and by the users are as yet encouraged to continue  but with caution.


SunTrust Bank's former employee stole details of 1.5 million customers

Accounts of more than a million clients may have been stolen by a former employee at SunTrust Banks, and now the company is working with law enforcement.

"In conjunction with law enforcement, we discovered that a former employee while employed at SunTrust may have attempted to print information on approximately 1.5 million clients and share this information with a criminal third party," SunTrust CEO William Rogers said in a statement.

The Bank believe the information that is compromised includes customer names, addresses, phone numbers, and certain account balances. However, passwords, social security numbers, account numbers, IDs, or driver's license numbers are intact.

"The company became aware of potential theft by a former employee of information from some of its contact lists. Although the investigation is ongoing, SunTrust is proactively notifying approximately 1.5 million clients that certain information, such as name, address, phone number and certain account balances may have been exposed. The contact lists did not include personally identifying information, such as social security number, account number, PIN, User ID, password, or driver's license information. SunTrust is also working with outside experts and coordinating with law enforcement."

"Ensuring personal information security is fundamental to our purpose as a company of advancing financial well-being," said Rogers.

 "We apologize to clients who may have been affected by this. We have heightened our monitoring of accounts and increased other security measures. While we have not identified the significant fraudulent activity, we will reinforce our promise to clients that they will not be held responsible for any loss on their accounts as a result."


The Bank has now started an identity protection for all current and new consumer clients free of cost on an ongoing basis. To avail this service which is provided via Experian IDnotify, clients have to log in to online banking at suntrust.com to enroll.