Drik ransomware belongs to a family of ransomware called Phobos. This variant encrypts files and appends the victim's ID, jackrasal@privatemail.com email address, and the ".Drik" extension to filenames. It also generates two ransom notes: "info.hta" (a file designed to display a ransom note in a p
Xcmb is ransomware that encrypts files and appends the ".xcmb" extension to filenames. For example, it renames "1.jpg" file to "1.jpg.xcmb", "document.txt" to "document.txt.xcmb", and so on. It provides contact and payment information in a ransom note named "_readme.txt". Xcmb belongs to a ransomw
IntegrationAdmin generates advertisements and changes the web browser's settings (hijacks a web browser) to promote a fake search engine. Most users download and install adware and browser-hijacking apps inadvertently. Thus, IntegrationAdmin and similar apps are called potentially unwanted appli
Search With Incognito is a browser hijacker designed to promote searchwithouthistorysearch.com. It changes the web browser's settings to promote a fake search engine. Usually, browser-hijacking apps are promoted/distributed using questionable methods. Thus, users do not download/install them on pu
Nhuie is ransomware. It encrypts files to make them inaccessible for victims. Also, Nhuie renames all of the encrypted files (it appends a string of random characters and the ".nhuie" extension to filenames) and creates the "8Axs_HOW_TO_DECRYPT.txt" file (a ransom note). For example, it renames "
Surtr is ransomware. Malware of this type encrypts files (and renames them) and generates a ransom note. Surtr appends the decryptmydata@mailfence.com email address and the ".SURT" extension to filenames. For example, it renames "1.jpg" to "1.jpg.[DecryptMyData@mailfence.com].SURT", "2.jpg" to "2
LogStandard generates annoying advertisements and changes web browser's settings to promote a fake search engine. This app has the qualities of advertising-supported and browser-hijacking software. Users rarely download and install such apps knowingly. Thus, LogStandard and similar apps are cate
Razer is ransomware that encrypts files, appends a string of random characters, the razer1115@goat.si email address, and ".razer" extension to filenames. It provides instructions on how to contact the attackers for data decryption in the "readme-warning.txt" text file. An example of how Razer ren
FileClick has two purposes: to generate advertisements and hijack a web browser (promote a fake search engine). Typically, apps like FileClick are promoted and distributed using shady websites, installers, and other deceptive methods. Thus, users download and install them unintentionally.
RED is ransomware - a type of malware that encrypts files. It also modifies filenames, displays a ransom note in a pop-up window, and provides another one as the "info.txt" file. RED renames files by appending the victim's ID, redline@onionmail.org email address, and the ".RED" extension to filena