RL Wana-XD is the name of ransomware that encrypts files. It also appends the ".XD-99" extension to filenames (for example, it renames "1.jpg" to "1.jpg.XD-99", "sample.png" to "sample.png.XD-99"), and creates a text file ("Readme.txt") containing a ransom note. Screenshot of files encrypted b
Phonenow[.]net uses a clickbait technique to trick visitors into agreeing to receive notifications and redirects them to potentially malicious pages. Phonenow[.]net shares these qualities with wholenicenews[.]com, greattypecaptcha[.]top, tropi[.]fun, and hundreds of other pages that users do not v
Sckmedady is ransomware that encrypts files and modifies their filenames. It appends the docexkonc@gmail.com email address, a string of random characters, and the ".sckmedady" extension to filenames. For instance, it renames "1.jpg" to "1.jpg.[docexkonc@gmail.com][MJ-JS8403912576].sckmedady", "2.
NoteIt is advertised as a tool allowing users to send important notes privately. It also bombards users with annoying advertisements. Therefore, it falls into the category of adware/advertising-supported software. It is worth mentioning that users often install adware unknowingly. Adware g
j1k0nxo7 is ransomware designed to encrypt files (and modify their filenames), change the desktop wallpaper, and create the "read_it.txt" file (a ransom note). It appends a randomly generated extension to filenames, for example, it renames "1.jpg" to "1.jpg.yaoc", "document.txt", to "document.txt.
Sbpg is part of the Djvu ransomware family. This ransomware encrypts files and appends the ".sbpg" extension to their filenames. For instance, it renames "1.jpg" to "1.jpg.sbpg", "sample.png" to "sample.png.sbpg", and so on. Also, Sbpg creates the "_readme.txt" file - a ransom note containing cont
Drik ransomware belongs to a family of ransomware called Phobos. This variant encrypts files and appends the victim's ID, jackrasal@privatemail.com email address, and the ".Drik" extension to filenames. It also generates two ransom notes: "info.hta" (a file designed to display a ransom note in a p
Xcmb is ransomware that encrypts files and appends the ".xcmb" extension to filenames. For example, it renames "1.jpg" file to "1.jpg.xcmb", "document.txt" to "document.txt.xcmb", and so on. It provides contact and payment information in a ransom note named "_readme.txt". Xcmb belongs to a ransomw
IntegrationAdmin generates advertisements and changes the web browser's settings (hijacks a web browser) to promote a fake search engine. Most users download and install adware and browser-hijacking apps inadvertently. Thus, IntegrationAdmin and similar apps are called potentially unwanted appli
Search With Incognito is a browser hijacker designed to promote searchwithouthistorysearch.com. It changes the web browser's settings to promote a fake search engine. Usually, browser-hijacking apps are promoted/distributed using questionable methods. Thus, users do not download/install them on pu