Easy belongs to the Phobos ransomware family. It is designed to encrypt files, rename each encrypted file, and generate "info.hta" and "info.txt" files (ransom messages). Easy renames files by adding the victim's ID, easybackup@aol.com email address, and appending the ".easy" extension. More prec
check-this[.]news is similar to chat-message[.]live, tlouslyrevor[.]top, yskimmed[.]top and many other rogue web pages. Typically, these sites are promoted via other dubious websites, deceptive advertisements, and potentially unwanted applications (PUAs). I.e., users do not often open/visit these
Bip is part of the Dharma ransomware family. Bip encrypts files, modifies their filenames, displays a pop-up window and creates the "FILES ENCRYPTED.txt" file, which contains instructions about how to contact the ransomware developers. Bip renames encrypted files by adding a unique vict
There are many pages similar to thefreshposts[.]com on the web. For example, chat-message[.]live, tlouslyrevor[.]top and etrolhidde[.]fun. Most users do not visit these sites intentionally - they are promoted via potentially unwanted applications (PUAs) that users do not download or install intent
4help was discovered by Jakub Kroustek and belongs to the Dharma ransomware family. It encrypts and renames files, and generates two ransom messages. 4help renames files by adding the victim's ID, hlper4y@tutanota.com email address, and appending ".4help" as the file extension. For example, "1.jp
In most cases, web pages such as chat-message[.]live are promoted via potentially unwanted applications (PUAs), which most users download and install inadvertently. I.e., sites such as chat-message[.]live are not often visited by users intentionally. Note that most PUAs generate ads and collect b
soap2day[.]to supposedly allows users to watch movies online free of charge. In fact, the service provided by soap2day[.]to is illegal. Furthermore, the site uses rogue advertising networks and promotes (opens) other dubious websites. Therefore, you are advised against trusting this website or usi
Igal belongs to family of ransomware called Djvu. Typically, malware of this type encrypts files, renames them, and generates ransom messages. Igal renames files by appending the ".igal" extension to filenames and creates the "_readme.txt" text file (ransom message) in all folders that contain en
tlouslyrevor[.]top is similar to etrolhidde[.]fun, yourfreshposts[.]com, check-the[.]news and many other sites. These are often promoted via potentially unwanted applications (PUAs), and users do not visit them intentionally. Note that, similarly, PUAs are not often installed intentionally.
The MacBooster (MacBooster 6 and MacBooster 7) application claims to provide various system optimization tools. Many users believe that MacBooster is legitimate and useful, however, developers proliferate this app using the "bundling" method. Therefore, it often infiltrates systems without permi