Hotel Data Breach’ at FastBooking server affects Hotels Worldwide!

User data, of the thousands of guests, at hotels from all over the world was stolen from a Paris based firm, FastBooking, which deals in Hotel booking software, on June 14 2018. The company sells its software to more than 4000 strategic partner hotels in about 100 countries with around 1.2 million transactions annually and about 10 million server requests on their CRS servers each day.

This Hotel Data breach was detected by the FastBooking employees after about 5 days, on June 19 2018. The malware tool installed in the servers by the attacker(s) allowed them remote access to the FastBooking servers. The attacker(s) had gained access by exploiting a vulnerability in an application that was hosted on the FastBooking servers. The attacker(s) then installed a malware tool to gain access and steal the data of hundreds of thousands of users. The data contained personal details and banking card details of the guests who had stayed at the strategic partner hotels which are currently using the FastBooking software for their hotels.

In a more detailed analysis, at the time, by FastBooking, it was found that the attacker(s) had targeted guests’ first names, home address, nationality, e-mail address and hotel check-in, & check-out details.

The attacker(s) had managed to obtain personal banking card details of some of the customers from the servers that had this data stored on them. It contained holder’s name on the card, expiration date and the card’s number.

Read Full Article

Guide to remove HomeworkSimplified from the system

HomeworkSimplified is a browser extension that is considered to be a browser hijacker.  Designed with the malicious purpose to extort user and generate revenue, Homeworksimplified may seem legitimate and useful as it deceives user to provide significant information relating to school subjects. However HomeworkSimplified is a deceptive application and installs without user consent and modifies browser settings and track user’s internet browsing activity.

An attempt to revert the changes made by the pernicious program is futile as this browser hijacker reassigns the settings. Once infiltrated this malicious infection modifies the browser settings and changes the default search engine, homepage and new tab.

If a user seeks for any search result they are automatically redirected to hp.myway.com. This is a sponsored domain and displays search results as per domain preference. This ruins user online surfing routine as the sites they are redirected to may be malicious and could end up infecting the OS with nasty software program.

The presence of this pernicious app may lead to serious privacy issue or even identity thefts. It is therefore advised to protect the system against such malware intruders and if infested get rid of them as soon as possible.
Threats posed by the invasion of HomeworkSimplified in the system:

 HomeworkSimplified is a monetized app that is deceitful, malicious and intrusive. The malware targets high school students and bluffs them to assist with their homework on various subjects like math, Science, English etc. However it is better we understand the fact that every positive such free tools offer is surpassed by the negative they enforce.

Following are the threats posed by this pernicious Browser Hijacker:

The malware infiltration poses a threat to user security and privacy. This nasty software program keeps an eye on user browsing activities and gathers their confidential information like banking details. The collected data is used to either exploit user or is sold to third parties.

Read Full Article

How to Remove RotorCrypt Ransomware from the System?

RotorCrypt is a dangerous and destructive malware. It is categorized as a Ransomware which is used to infect the computer and encrypt the files with a .mail extension. The RotorCrypt Ransomware infects systems through spam email messages that contain attached files of popular extensions such as .doc, .txt, .zip, .pdf, .jpeg etc.

The RotorCrypt Ransomware was first detected in 2016 and the cyber criminals have been updating and adding new .mail extensions to the ransomware. The latest version of the RotorCrypt Ransomware was released in June 2018 with!@#$%__PANAMA1@TUTAMAIL.com__%$#@.mail’ extension, !@#$_____ISKANDER@TUTAMAIL.COM_____$#@!.RAR extension and the!@!@!@_contact mail___boroznsalyuda@gmail.com___!@!@.psd .mail extension as the new additions.
RotorCrypt Ransomware – Threat Behavior

The RotorCrypt Ransomware infiltrates the system through spam email campaigns where the user receives mails which contain infectious attachments. These attachments are from popular file type extensions such as .doc, .txt, .zip, .pdf, .jpeg etc. that require ‘editing to be enabled’ in the software to open these file. Once the user enables editing the file then sends a command to hacker’s servers which then download the virus payload in the user’s system. These files may also be executable files which will download the virus payload on execution.

The main executable file of the RotorCrypt Ransomware makes changes to the important folders in the victim’s system. The folders that may undergo the changes are %AppData%, %Temp% and %Local%. The ransomware Virus uses windows command prompt and may delete the Shadow Volume copies and may disable system recovery.

Read Full Blog

Apple prohibits cryptocurrency mining apps from its app store!

In a recent change in its guidelines for app developers, Apple prohibited cryptocurrency mining from its App Store. The new rule was applied to all Apple Devices and platforms. Apple was forced to take this step as the cryptocurrency mining apps have to be in active mode always that was draining the battery faster.  These Cryptocurrency apps deteriorated the OS performance by engaging all the major device resources. The heat generated by the device was a cause of concerns for many users.

Apple prohibited Cryptocurrency mining from its app store after it removed Calendar 2 App from the Mac App Store in March. The calendar 2 app had offered the premium services to the users in exchange of cryptocurrency mining on the user’s devices. This was a service infringement to what apple had promised its users in terms of device performance. This app drained the battery and caused the device to heat up while affecting the OS, causing it to lag and freeze.

It was a first from apple when it took action against cryptocurrency mining apps on its app store. Apple made significant changes on how it allowed cryptocurrency apps to function in its app store. The new rules stated by apple in its new guidelines are stated below:

1. Developers who have enrolled themselves as organizations will be allowed to create apps which allow virtual currency wallets.

2. Cryptocurrency mining apps will only be allowed on the device if the cryptocurrency mining is done outside the device i.e. cloud-based mining.

3. Cryptocurrency apps can help users in trading, receiving and paying via these apps only if the apps are approved by a legitimate currency exchange. The apps need to be from the exchange themselves to have credibility for the users.

Read Full Article

How to remove Iron Ransomware?

What is Iron Ransomware?

The Iron ransomware is an updated version of the Maktub Ransomware. This malware infection encrypts all the system data with the help of an RSA algorithm. As per the security experts, the developers of this malware program have used the layout from the DMA Locker Ransomware.

After encrypting the data files, this ransomware leaves a ransom note on the computer system that is called as “!HELP_Your_FILES.HTML”. This ransom note displays the same information as given below.

Threat Summary

* Name: Iron Ransomware
* Targeted Operating System: Windows XP, Windows 7, Windows Vista, Windows 8/10
* Category: Ransomware
* Symptoms: Hinders system performance and encrypts all the data files on the system

Why is Iron Ransomware dangerous for your computer system?

The Iron Ransomware is a dangerous malware infection that can gain complete access to the user’s computer system and implement various strategies to exploit the computer users. This ransomware infection can lock your data files that cannot be recovered without a decryption key. Once these data files are encrypted, the ransomware leaves a ransom note on the computer system that asks the user to pay a hefty amount of ransom to get the decryption key.

This ransomware adds a .encry extension to all the data files. For eg. the data files with Doc.jpg will change to Doc.jpg.encry. Generally, the system users pay this hefty amount of ransom and do not get the decryption key in return. That is why it is highly recommended not to fall for such tricks. Rather invest your hard earned money on an effective backup and internet security software that can guard you against such brutal malware attacks in the future.

How did Iron Ransomware get installed on your PC?

The cyber criminals use various strategies for malware distribution which include –

1. Software Bundling: Software bundling is the process in which a malicious program is distributed with other free software, to get an unnoticed entry into your computer system. When a user installs a free application, the malicious programs gains a front door entry with the free application, the user has downloaded. Thus, it is a good idea to keep an eye on the installation screens while installing these free applications.

2. Infected Storage Devices: Your system can also get infected by using removable media such as USB hard drives and jump drives without scanning them with an anti-virus.

3. Spam Emails – Spamming is the most economic and common method used for the distribution of such malware. The targeted users get genuine looking emails which contain .doc, .txt, and other similar attachments. These attachments can be named as anything which can grab the user’s attention and triggers him/her to open the attachment. As soon as the user opens this attachment, the malware infects the user’s computer system.

4. Malicious Websites or Malevolent Advertisements: The malicious websites are the ones which are created just for promoting the malware infections. Such websites include but are not limited to porn sites, torrent sites and other free downloading platforms. By visiting such websites, the adware infects the user’s computer without permission. Fake advertisements and updates like Flash player and windows updates which ask the user to update to the latest version are a few examples. When the users click on such links, their computer system gets infected. That is why, it is highly recommended to resist clicking on such links. Also avoid clicking on advertisements offering free stuff such as Win an iPhones, cars or free overseas trips etc.

How to remove Iron Ransomware?              

Using a decryption key is the only way of unlocking the encrypted data. There are many online platforms that will offer you a ransomware removal guide but unfortunately, none of them can provide a full-fledged solution to recover all the encrypted data files. That is why; it is highly advisable not to waste your time on such ransomware removal guides. In case your system’s data has been locked then the best thing you can do is restore the encrypted data through the windows previous version.

Resource:- www.virusremovalguidelines.com/ransomware/how-to-remove-iron-ransomware

How to remove CryptoPriceSearch redirects?

What is CryptoPriceSearch?

The CryptoPriceSearch is a notorious Browser Hijacker that is prone to infringe your computer’s security and attract other vulnerabilities to your computer system. This malicious program poses as a browser extension that allows the users to browse the web and know more about cryptocurrencies.

In reality, this genuine looking browser extension is a malicious program that hinders your computer’s performance and attracts other vulnerabilities. This malware program redirects the user’s searches to http://search.myway.com. This search engine promotes other malevolent websites to your computer system.  That is why it is highly required to removeCryptoPriceSearch Redirect from your computer and restore its safety.

Threat Summary

• Name:CryptoPriceSearch redirect
• Browsers Affected:Mozilla Firefox, Google Chrome and Internet Explorer
• Targeted Operating System: Windows XP, Windows 7, Windows Vista and windows 8/10
• Category: Browser Hijacker
• Symptoms: Changed browser home page, Slow system performance and frequent browser redirects

Why is CryptoPriceSearch dangerous for your computer system?

The CryptoPriceSearch is a notorious Browser extension which is prone to infect your computer and attract other malicious programs to the computer system. This malware program deploys various tactics to infringe your computer’s security and may even expose your sensitive information to third party users. This Browser Hijacker has the potential to infect your browser applications such as Google Chrome, Mozilla Firefox and Internet Explorer. It assigns a New Tab URL, Default search engine and home page option to the web browser as soon as it infects the computer system.

The CryptoPriceSearch is a major threat that can lead to major security issues in the user’s computer system. It can not only hijack your browser home page and new tab page but also assists the installation of other malware programs. Unfortunately, it is difficult to detect such suspicious installations if the malware program does not ask for the user’s permission prior to installation.
Luckily, this Browser Hijacker asks for the user permission and displays a list of all the malicious changes it is about to make in the computer system.

Still, most of the system users ignore all such warnings and click on the install button. Thai is why it is highly advisable not to rush through the steps of installations and read every step carefully to assure that you do not permit any malicious program to infringe your system security.

Resource:- http://www.virusremovalguidelines.com/browser-hijacker/how-to-remove-cryptopricesearch-redirects

How to Remove Mysearch.com Redirect Virus?

What is Mysearch.com?

Mysearch.com is an annoying adware program which hijacks the user’s search engine and direct to http://mysearch.com. This website seems to be legitimate but in reality it is not. If your system has been infected by mysearch.com then this is who your browser will look like.

Threat Summary

* Name: mysearch.com
* Browsers Affected: Google chrome, Mozilla Firefox, Internet Explorer
* Targeted Operating System: Windows XP, Windows 7, Windows Vista and Windows 8/10
* Category: Browser Hijacker and adware
* Symptoms: Frequent browser redirects, annoying ads popups, slow system performance and changed browser home page


Why should I worry about mysearch.com?

There are numerous reasons for why a particular malware infection is dangerous. If we particularly talk about mysearch.com then there many reasons to worry. This adware infection not only changes the browser home page but also redirects the user to other malicious sites. Once a computer system is infected by this browser hijacker, it exposes the computer to other vulnerabilities. That is why it is important to remove mysearch.com redirects as soon as you can.

Mysearch.com is distributed as a free add-on with the muzikFury.com extension. As soon as a user installs the muzikfury.com, the user gets redirected to the thank you page which asks the user to install the mysearch.com extension for Chrome.

How did mysearch.com got installed on your PC?

The cybercriminals use various strategies for malware distribution which include –

1. Software Bundling: Software bundling is the process in which a malicious program is distributed with other free software, to get an unnoticed entry into your computer system. When a user installs a free application, the malicious programs gains a front door entry with the free application, the user has downloaded. Thus, it is a good idea to keep an eye on the installation screens while installing these free applications.

2. Infected Storage Devices: Your system can also get infected by using removable media such as USB hard drives and jump drives without scanning them with an anti-virus.

3. Spam Emails – Spamming is the most economic and common method used for the distribution of such malware. The targeted users get genuine looking emails which contain .doc, .txt, and other similar attachments. These attachments can be named as anything which can grab the user’s attention and triggers him/her to open the attachment. As soon as the user opens this attachment, the malware infects the user’s computer system.

4. Malicious Websites or Malevolent Advertisements: The malicious websites are the ones which are created just for promoting the malware infections. Such websites include but are not limited to porn sites, torrent sites and other free downloading platforms. By visiting such websites, the adware infects the user’s computer without permission. Fake advertisements and updates like Flash player and windows updates which ask the user to update to the latest version are a few examples. When the users click on such links, their computer system gets infected. That is why, it is highly recommended to resist clicking on such links. Also avoid clicking on advertisements offering free stuff such as Win an iPhones, cars or free overseas trips etc.

Resource:- http://www.virusremovalguidelines.com/adware/how-to-remove-mysearch-com-redirect-virus