Category Archives: Ransomware

Ransom Trojan KDV.153863 – Call Me, Pay The Fee, And I’ll Unlock Your Kidnapped Windows System

imageRansomware is a vicious form of malware, given that that it generally encrypts the victim’s files, or restricts the user’s ability to access the computer in some way. Payment of a ransom fee is the commonality in all ransomware attacks.

According to F-Secure, a new form of ransomware (KDV.153863), which reportedly locks the victim’s computer, leaving the machine essentially unusable, is currently circulating on the Internet .

An infection by KDV.153863 will lead to the following boot screen.

image

Graphic courtesy of F-Secure – click to expand.

In line with previous versions of this type of malware, an unlock code can be had (ostensibly for free), by following a set of specific instructions.

The following graphic sets out the method to be followed by the victim to obtain an activation code. The activation code does, in fact, unlock the victim’s computer. Cybercriminals with a conscience, or just good business strategy?

image

Graphic courtesy of F-Secure – click to expand.

You’ll notice in the screenshot that all of the available telephone numbers are international, and it’s by way of this recovery construction that the cyber crook profits.

The Trojan author, collaborating with rogue call center operators, has designed a four minute message routine which the victim is forced to listen to while exorbitant long distance toll fees are being generated. Similar, in a sense, to the old 900 premium-rate telephone number scams  Apparently, these fees are shared between the cyber crook and the call center operators.

Following the forced four minute message routine, the victim is given an unlock code (1351236) which, according to F-Secure, appears to be the same every time the number is called.

We’ve been dealing with this type of malware, on and off, for years. If previous experience is any indication (and it is), we can expect to see more of this type of malware, in a more general release, through the balance of this year.

Reduce the possibilities of infection by this and other malware, by taking the following precautions:

Don’t open unknown email attachments

Don’t run programs of unknown origin

Disable hidden filename extensions

Keep all applications (including your operating system) patched

Turn off your computer or disconnect from the network when not in use

Disable Java, JavaScript, and ActiveX if possible

Disable scripting features in email programs

Make regular backups of critical data. If you are infected this may be your only solution

Make a boot disk in case your computer is damaged or compromised

Turn off file and printer sharing on the computer

Install a personal firewall on the computer

Install anti-virus/anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet

Ensure your anti-virus software scans all e-mail attachments

Don’t store critical data on the system partition

Adhering to the best practices, as noted above, is no guarantee that your system won’t be penetrated. All things considered, running your computer in virtualization mode, while surfing the Net, is highly recommended.

Please read Free BufferZone Pro – Maybe The Best Surfing Virtualization Application At Any Price, on this site, for information on virtualization.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

12 Comments

Filed under Cyber Crime, Cyber Criminals, cybercrime, Don't Get Scammed, Don't Get Hacked, Internet Security Alerts, Malware Advisories, Malware Alert, Ransomware, Software, trojans, Windows Tips and Tools

Hard Drive Kidnapping – GpCode Ransomware On The Attack Again!

imageWhen we think of kidnapping, extortion, or blackmail, I think it’s safe to say, not many of us would consider our computer files being a likely victim. That is, unless we were familiar with a particular form of malware known as Ransomware.

Ransomware is a particular vicious form of malware – malware that encrypts the victim’s files, and then demands a monetary ransom to decrypt those kidnapped files.

Once again the Ransomware Trojan Gpcode, first encountered some years back by Kaspersky Lab, is on the loose. This is the fourth release of GpCode that we’ve covered here in the last few years, and as expected, this version continues to use RSA-1024 and AES-256 encryption.

As opposed to past variants though, this time around GpCode doesn’t delete files after encryption. Instead, to make it more difficult for a victim to recover from the attack – files are overwritten.

Once GpCode has finished its nasty work, the victim is presented with the following Desktop message.

Followed by a ransom note via Notepad, which is launched automatically by GpCode. The ransom note demands payment of a $120 fee.

image

Preliminary indications are; the attack vector is a malicious PDF which when opened, downloads and installs, the ransomware.

Vitaly Kamluk over at Kaspersky Lab’s Securelist site, offers the following advice – “If you think you are infected, we recommend that you do not change anything on your system as it may prevent potential data recovery if we find a solution.

It is safe to shutdown the computer or restart it despite claims by the malware writer that files are deleted after N days – we haven’t seen any evidence of time-based file deleting mechanism. But nevertheless, it is better to stay away from any changes that could be made to the file system which, for example, may be caused by computer restart”.

Reduce the possibilities of infection by this and other malware, by taking the following precautions:

Don’t open unknown email attachments

Don’t run programs of unknown origin

Disable hidden filename extensions

Keep all applications (including your operating system) patched

Turn off your computer or disconnect from the network when not in use

Disable Java, JavaScript, and ActiveX if possible

Disable scripting features in email programs

Make regular backups of critical data. If you are infected this may be your only solution

Make a boot disk in case your computer is damaged or compromised

Turn off file and printer sharing on the computer

Install a personal firewall on the computer

Install anti-virus/anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet

Ensure your anti-virus software scans all e-mail attachments

Don’t store critical data on the system partition

Let me reemphasize – Make regular backups of critical data. If you become infected, this may be your only recovery option.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

3 Comments

Filed under cybercrime, Don't Get Scammed, Don't Get Hacked, Internet Safety, internet scams, Internet Security Alerts, Malware Advisories, Ransomware, Windows Tips and Tools

Download Dangers – Download Sites Are Not All Equal

malware 5 Regular readers on this site are aware, that virtually all downloads I recommend, are hosted on CNET’s (download.com), site. There is good reason for this – CNET scrupulously audits hosted downloads, to ensure they are not contaminated by malware.

The same cannot be said for many other download sites.  As a result, downloading can be extremely risky, especially for unaware users.

Ransomware is a particularly vicious form of malware which often piggybacks on what appears to be legitimate software. In most instances ransomeware encrypts the victim’s files, after which the cyber-criminal demands a ransom to decrypt the kidnapped files.

Security researchers at CA, one of the world’s largest IT management software providers, have discovered a new piece of ransomware that blocks an infected computer from connecting to the Internet. On payment of a fee (to be paid by SMS), the victim’s machine will be unlocked.

This new piece of ransomeware uses the uFast Download Manager application download, as an entry point, to infect victims computers. Following installation, the victim is presented with the following screen:

image

(Graphic courtesy of CA)

The following is a rough English translation:

Internet access is blocked due to violation of the license agreement schedules of uFast Download Manager

You must activate your copy

Get a registration code by sending an SMS with the following code fw0004199 to number 7122

In response you will receive an activation message.

Enter the activation message received from the SMS response  ________

Don’t relax your guard simply because this malware seems to be currently focused on Russia. This type of attack knows no borders. Ransomeware attacks seem to be escalating.

If you should become infected by this Trojan your best course of action, assuming your installed malware scanners cannot remove the infection, is to take advantage of the multiple online scanners offered by the major anti-malware software developers.

For a review and list of online malware scanners please read “Free Online Spyware/Virus Scanners – Multiply Your Protection”, on this site.

Note: Download managers are one of the most popular applications offered for download on the Internet, as the following graphic of a Google search indicates – 24,600,000 returned links.

The Browser security application WOT, indicates, that on this page, half of these links are unsafe, or require caution.

Download managers

Regular readers are familiar with the following security precautions – but they bear repeating.

Make regular backups of critical data. If you are infected this may be your only solution

Don’t store critical data on the system partition

Don’t open unknown email attachments

Download ONLY from well established sites, or sites that are known to you

Don’t run programs of unknown origin

Disable hidden filename extensions

Keep all applications (including your operating system) patched

Turn off your computer or disconnect from the network when not in use

Disable scripting features in email programs

Make a boot disk in case your computer is damaged or compromised

Turn off file and printer sharing on the computer

Install a personal firewall on the computer

Install anti-virus/anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet

Ensure your anti-virus software scans all e-mail attachments

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

8 Comments

Filed under Browser add-ons, cybercrime, Don't Get Scammed, Don't Get Hacked, downloads, Internet Safety, Malware Advisories, Online Safety, Ransomware, Spyware - Adware Protection, System Security, trojans, Windows Tips and Tools, WOT (Web of Trust)

Ransom.K, Bifrost.GEN and Safety Center Fake Antivirus – PandaLabs Takes a Look

Courtesy of Panda Security.

This week’s PandaLabs report looks at two Trojans and a new fake antivirus.

Bifrost.GEN is a backdoor-type Trojan whose objective is to go resident, concealing its presence and displaying no visible symptoms. The malware inserts its code into Internet Explorer and runs it in the background, leaving an open connection to await instructions from the attacker to access the infected computer.

The second Trojan we are looking at today is Ransom.K. It reaches computers with an icon that resembles an application Help file and encrypts the code of the .TXT, .DOC, .XLS and .JPG files detected on the computer, using a file it downloads called CryptLogFile.txt. Additionally, it replaces the desktop wallpaper with a message asking users to pay for the credentials for decrypting the code.

image

This type of extortion is known as “ransomware”. The solution to this problem
is simple, and involves deleting the CryptLogFile.txt file from C:\Windows and re-running the Trojan. When it can’t find the file with the list of documents, it will automatically return the files it encrypted to their original status.

Finally, Safety Center is a new fake antivirus. It is presented as an unregistered multi-tool product.

image

It asks users to purchase the license by registering online in order to use or update all the tools. On reaching computers it carries out a fake hard-disk scan, displaying false infections to trick users. If victims fall for the trap and pay, they will not only be paying for a fraudulent product, but will also have their bank details exposed.

More information about these and other malicious codes is available in the Panda Security Encyclopedia. You can also follow Panda Security’s online activity on its Twitter and PandaLabs blog.

Safety Center Removal:

If you have become infected by Safety Center, or other scareware (rogue software), have your PC worked on by a certified computer technician, who will have the tools, and the competency, to determine if the infection can be removed without causing system damage. Computer technicians do not provide services at no cost, so be prepared for the costs involved.

If you feel you have the necessary skills, and you want to try your hand at removal, then by all means do so.

The following free resources can provide tools and the advice you will need to attempt removal.

Malwarebytes, a very reliable anti-malware company, offers a free version of Malwarebytes’ Anti-Malware, a highly rated anti-malware application which is capable of removing many newer rogue applications.

411 Spyware – a site that specializes in malware removal. I highly recommend this site.

Bleeping Computer – a web site where help is available for many computer related problems, including the removal of rogue software. This is another site I highly recommend.

SmitFraudFix, available for download at Geekstogo is a free tool that is continuously updated to assist victims of rogue security applications.

What you can do to reduce the chances of infecting your system with rogue software.

Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.

Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on, that offers substantial protection against questionable or unsafe websites.

Do not click on unsolicited invitations to download software of any kind.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

2 Comments

Filed under Anti-Malware Tools, Browser add-ons, Don't Get Scammed, Don't Get Hacked, downloads, Encryption, Free Anti-malware Software, Free Security Programs, Freeware, Internet Safety Tools, internet scams, Internet Security Alerts, Malware Advisories, Panda Security, PandaLabs, Ransomware, Rogue Software, Rogue Software Removal Tips, Scareware Removal Tips, Software, trojans, Windows Tips and Tools

Total Security 2009 – PandaLabs Fights Back by Offering Free Serial Numbers

image Once again ransomware is on the loose; but it’s a little bit different this time around. In previous versions of this type of malware, after installation, the victim was informed that the computer’s files had been encrypted and a decrypting tool had to be purchased from the cyber-criminal in order to decrypt the affected files.

Now we have a another new form of ransomware to deal with. Cyber criminals are now combining rogueware with ransomware, enabling them to hijack users’ information and block computer use.

Courtesy of PandaLabs:

PandaLabs, Panda Security‘s malware analysis and detection laboratory, has identified a new, more aggressive trend cyber criminals are using to sell fake anti-virus programs, otherwise known as rogueware. Cyber criminals are now combining rogueware with ransomware, hijacking users’ computers and rendering them useless until victims purchase fake anti-virus programs.

The fake program that PandaLabs has discovered, called Total Security 2009, is being offered to victims for approximately $79.95. Victims can also purchase ‘premium’ tech support services for an additional $19.95.

image

Users who pay the ransom receive a serial number that releases all files and executables, allowing them to work normally and recover their information. The fake anti-virus, however, remains on their systems.

PandaLabs has published a list of serial numbers that victims can use to unblock their computers, as well as a video demonstrating how this scam operates. To obtain a serial number click here.

Previously, when computers were infected by this type of malware, users would typically see a series of warnings prompting them to buy a paid version of the program. The new method of selling rogueware blocks users’ attempts to run programs or open documents, displaying a message falsely informing them that all files on their computers are infected and the only solution is to buy fake anti-virus.

“Users are often infected unknowingly – in most cases through visiting hacked Web sites. Once a computer is infected, it is extremely difficult to eliminate the threat, even for those with a certain degree of technical knowledge,” said Luis Corrons, technical director of PandaLabs.

“Users are also prevented from using any type of detection or disinfection tool, as all programs are blocked. The only application that can be used is the Internet browser, conveniently allowing the victim to pay for the fake anti-virus. For this reason, on the PandaLabs blog, we have published the serial numbers required to unblock the computer if it has been hijacked. Users can then install genuine security software to scan the computer in-depth and eliminate all traces of this fake anti-virus.”

“The way this rogueware operates presents a dual risk: First, users are tricked into paying money simply in order to use their computers; and second, these same users may believe that they have a genuine anti-virus installed on the computer, thereby leaving the system unprotected,” adds Corrons.

“This shift toward hijacking computers indicates either that users are becoming more adept at recognizing these threats or that security companies are beginning to close the gap on this highly sophisticated level of cybercriminal behavior. This would explain why hackers are becoming more aggressive in the methods used to force the victims into purchasing fake anti-virus programs.”

You can download a free trial of Panda Global Protection 2010 to completely remove the infection, once the ransomware feature is removed.

PandaLabs recently published a report about the lucrative business of rogueware. The report is available here.

More information about these and other malicious codes is available in the Panda Security Encyclopedia. You can also follow Panda Security’s online activity on its Twitter and PandaLabs blog.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

6 Comments

Filed under Anti-Malware Tools, Don't Get Scammed, Don't Get Hacked, downloads, Internet Security Alerts, Malware Advisories, Online Safety, Panda Security, PandaLabs, Ransomware, Rogue Software, Rogue Software Removal Tips, Software Trial Versions, System Security, Windows Tips and Tools

Smart Meters Make Us Dumb

Smart MeterSo what did Shakespeare mean, when he wrote “A Rose by any other name would smell as sweet”. Simply this  –  what something is, matters; not what it is called.

I can’t recall that electric meters were ever referred to as “dumb meters”, nevertheless, we now have a new breed of meters that the industry is calling “smart meters”. But are they really?

More to the point, are we being smart in adopting this new technology without a complete and probing review of the security implications posed by the rush to implement this technology? (I was forced to accept the installation of a smart meter earlier this year).

Smart Meters, on the face of it, sound ultra cool.  A Smart Meter, by definition, can monitor electricity usage and communicate with your electricity supplier. The supplier will then bill you on factors that include your consumption, cost adjusted, based on the time of day and the season. Use during high demand, or peak periods, will cost more money.

The stated objective is – billing consumers by how much electricity is consumed, and at what time of day, will force us to adjust our consumption habits to be more responsive to perceived savings, or additional costs. Hopefully, according to energy gurus, this will delay or eliminate the construction of additional generating facilities, and the associated environmental costs.

So what could be the downside to getting on board the speeding locomotive called the “green movement”, which is designed (we’re told), to make all of us more environmentally conscious?

Well here’s the rub with smart meters – according to industry sources, communication technologies being considered, or already in use for smart meters, include cell and pager networks, licensed radio or unlicensed radio, power line communication, and others.

So here’s my question – haven’t we learned anything when it comes to cost benefit and risk association?

The one indisputable commonality of communication technologies is this: each and every one can be intercepted, or hacked – and hacked easily.

image

Should we worry, should we be concerned, that the major lifeline (try living without electricity), to our way of life can, or will, be compromised? You bet!

In a recent article “Building the Smart Grid: Proven Methods to Secure the Future” by Joshua Pennell and Michael Davis, of security firm IOActive

They wrote:

“IOActive researchers were able to identify multiple programming errors on a series of smart meter platforms ranging from the inappropriate use of banned functions to protocol implementation issues.

The research team was able to “weaponize” these attack vectors, and create an in-flash rootkit, which allowed them to assume full system control of all exposed smart meter capabilities, including remote power on, power off, usage reporting, and communication configurations.

The initial attack vector could also be leveraged to deploy a worm, much like the Blaster worm that wreaked havoc on computer systems in 2003. The consequences of such threats are potentially widespread and devastating”.

Still not convinced; then read the CNN report by Jeanne Meserve, CNN Homeland Security Correspondent, “Smart Grid may be vulnerable to hackers

Excerpt:

…… cyber security experts said some types of meters can be hacked, as can other points in the Smart Grid’s communications systems. IOActive, a professional security services firm, determined that an attacker with $500 of equipment and materials and a background in electronics and software engineering could “take command and control of the (advanced meter infrastructure) allowing for the en-masse manipulation of service to homes and businesses.”

Experts said that once in the system, a hacker could gain control of thousands, even millions, of meters and shut them off simultaneously.

A hacker also might be able to dramatically increase or decrease the demand for power, disrupting the load balance on the local power grid and causing a blackout. These experts said such a localized power outage would cascade to other parts of the grid, expanding the blackout. No one knows how big it could get.

image

Not worried yet? Then you should be. If you’re unfamiliar with the prevalence of hacking and cybercrime, let me offer you this quote from my good friend TechPaul, “The Internet shadow economy is worth over $105 billion/year.  No country, no person, no business and no government is immune from Cybercrime”.

I find it impossible to believe that cyber criminals will not take advantage of the enormous attack surface that smart meters will present. These are the same cyber criminals, who frequently hold individual Internet connected computers for ransom using a vicious form of malware.

I don’t know about you, but I’m very tired of being held as a “hostage to fortune” in a present, and a future, created by and large, by the same illogical thinking patterns and by the same careless people (I’m being kind here), who in many cases, are responsible for the economic meltdown we are now forced to deal with.

Whatever happened to the application of logic? We need to stop listening to these morons – right now. They certainly don’t have your best interest at heart.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

4 Comments

Filed under Application Vulnerabilities, Don't Get Hacked, Green Living, Interconnectivity, Networking, Personal Perspective, Ransomware, Smart Meters, System Security

Ransomware in Your Browser

image Ransomware, a vicious form of malware, is nothing new. It has been around in one form or another, since the late 1980’s.

Once installed on a victim’s computer, the Trojan will generally encrypt the victim’s files, after which the cyber-criminal demands a monetary ransom to decrypt the kidnapped files.

The ever creative cyber criminal community has now gone one better, with the release of Trojan.Ransompage. This piece of malware is designed to kidnap the victim’s Internet browser, including Internet Explorer, Firefox and Opera.

Note: The latest update of Firefox is apparently unaffected. Another good reason to update.

According to Symantec, Trojan.Ransompage “uses scare or nuisance tactics – similar to rogue antivirus programs, in an attempt to demand ransom from its victims. Once infected with Trojan.Ransompage, a victim’s browser will display a persistent inline ad on every page that the victim visits”.

image

Roughly translated from Russian, the ransom demand reads in part:

To remove the informer, send SMS message with text [5-digit number] to number [4-digit number].
Enter the code, received in response, MC

Affected Systems: Windows 95, 98, NT, 2000, XP, Vista, Server 2003

System Impact:

Deletes Files: Deletes Web Browser files.

Modifies Files: Modifies Web Browser files.

Releases Confidential Info: May send confidential information to a remote location.

Degrades Performance: Displayed image may degrade Web Browser performance.

Action you can take if infected:

According to Symantec, “the ransomware is designed to expire in 30 days, so anyone who falls victim to the infection can remove it simply by setting their system clock forward one month”.

Common sense security precautions:

Make regular backups of critical data. If you are infected this may be your only solution

Don’t store critical data on the system partition

Don’t open unknown email attachments

Don’t run programs of unknown origin

Disable hidden filename extensions

Keep all applications (including your operating system) patched

Turn off your computer or disconnect from the network when not in use

Disable scripting features in email programs

Make a boot disk in case your computer is damaged or compromised

Turn off file and printer sharing on the computer

Install a personal firewall on the computer

Install anti-virus/anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet

Ensure your anti-virus software scans all e-mail attachments

The authorities need to kick some ass here, and determine who owns the contact phone number and close it down. How hard is that?

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

8 Comments

Filed under Browsers, Don't Get Scammed, Don't Get Hacked, Firefox, Interconnectivity, Internet Explorer, internet scams, Internet Security Alerts, Malware Advisories, Ransomware, Rogue Software, scareware, Symantec, System Security, trojans, Windows Tips and Tools

Show Me the Money – I’ll Show You Your Files (Ransomeware is Back)!

Ransom38 Have you ever considered that your computer files could be a victim of kidnapping, extortion, or blackmail? Hard to believe; right? Well believe it!

Ransomware is a vicious form of malware, given that that it encrypts the victim’s files, after which the cyber-criminal demands a ransom to decrypt the kidnapped files.

Once again ransomware is on the loose; but a little bit different in this iteration. In previous versions of this type of malware, after installation, the victim was informed that the computer’s files had been encrypted and a decrypting tool had to be purchased from the cyber-criminal in order to decrypt the affected files.

According to PandaLabs, they recently discovered a new form of ransomware, Trj/SMSlock.A, which reportedly locks the victim’s entire computer, leaving the machine essentially unusable. In line with previous versions of this type of malware, a ransom, in this case in the form of a premium SMS, is demanded to allow the victim access to the infected machine.

While the original message on an infected computer is in Russian, the following English translation has been provided by Panda.

To unlock you need to send an SMS with the text

4121800286

to the number

3649

Enter the resulting code:

Any attempt to reinstall the system may lead to loss of important information and computer damage.

ransomware

Infection methods: Floppy disks, CD-ROMs, email messages with attached files, Internet downloads, FTP, IRC channels, peer-to-peer (P2P) file sharing networks, etc.

Affected systems: Windows 2003/XP/2000/NT/ME/98/95/3.X

We should not relax our guard on this simply because this malware is currently affecting only Russian users. If previous experience is any indication (and it is), we can expect to see more of this type of malware, in a more general release, through the balance of this year.

In the event that you become infected by this piece of nasty work, check out Dr.Web, where you can obtain a generator for deactivation codes.

Reduce the possibilities of infection by this and other malware, by taking the following precautions:

Don’t open unknown email attachments

Don’t run programs of unknown origin

Disable hidden filename extensions

Keep all applications (including your operating system) patched

Turn off your computer or disconnect from the network when not in use

Disable Java, JavaScript, and ActiveX if possible

Disable scripting features in email programs

Make regular backups of critical data. If you are infected this may be your only solution

Make a boot disk in case your computer is damaged or compromised

Turn off file and printer sharing on the computer

Install a personal firewall on the computer

Install anti-virus/anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet

Ensure your anti-virus software scans all e-mail attachments

Don’t store critical data on the system partition

For additional information on this type of threat see “Gpcode Trojan Ransomeware Kidnapping Again!”, on this site.

1 Comment

Filed under Don't Get Hacked, Interconnectivity, internet scams, Malware Advisories, Online Safety, Ransomware, System File Protection, System Security, trojans, Viruses, Windows Tips and Tools