Vortex Ransomware is a cryptographic virus, that mostly attacks users in Poland, but may also be distributed in other counties. Vortex Ransomware code is based on AESxWin - a free program for encryption and decryption. It uses AES-256 cryptography and adds .aes and .ZABLOKOWANE extensions to encrypted files. After encoding, Vortex creates a text files (ODZSZYFRUJ-DANE.txt (or "#$# JAK-ODZYSKAC-PLIIKI.txt")), and places it on the desktop. Various versions of this virus demand from $100 to $200 in BitCoins. One of the alternative versions of Vortex Ransomware is called Flotera and it also appends .aes suffix.
Go.bonanzoro.com is a hijacker coming into PC as an extension for Internet Explorer, Mozilla Firefox and Google Chrome without user consent, bundled with freeware's installers and downloaders. At first glance, Go.bonanzoro.com seems very useful search page looks like popular search engines, such as Google, Bing or Yahoo.
Go.deepteep.com is a browser search engine hijacking popular browsers such as Google Chrome, Mozilla Firefox and Internet Explorer. Go.deepteep.com looks like an ordinary search engine, such as Google or Yahoo, but this hijacker is very annoying. Go.deepteep.com changes browser settings, homepage and default search engine.
Go.pajosh.com is a false search page that looks like Yahoo, Bing or Google. According to the developers, it increases the browsing experience, improves search quality and eliminates irrelevant search results. In reality, Go.pajosh.com can become a big problem. More often, most search results are the advertising content.
Greystars Ransomware also known as Greystars@protonmail.com virus is a file encryptor, which locks a user's files on their machines and demands a ransom in bitcoins for decryption tool(0,08 BTC). Every encrypted file gains *.greystars@protonmail.com suffix. For example, 123.doc becomes 123.doc.greystars@protonmail.com. The virus uses RSA an AES encryption methods and targets both English speaking and others countries, including China and Jordan. Some files usually not coded by the virus, for example, all apps with .exe or .msi extensions.
