Saher Blue Eagle was discovered by xiaopao. This ransomware encrypts and renames files, changes the desktop wallpaper, and displays a ransom message in full screen mode. It renames files by appending "..MaxSteel.Saher Blue Eagle" as the filename extensions. For example, "1.jpg" would be renamed t
Websites such as spaceshellvpn[.]com cannot be trusted because they often trick visitors into installing potentially unwanted applications (PUAs). Furthermore, these web pages are promoted via other bogus pages, deceptive advertisements, and PUAs. I.e., users do not often visit them intentionall
Easy belongs to the Phobos ransomware family. It is designed to encrypt files, rename each encrypted file, and generate "info.hta" and "info.txt" files (ransom messages). Easy renames files by adding the victim's ID, easybackup@aol.com email address, and appending the ".easy" extension. More prec
check-this[.]news is similar to chat-message[.]live, tlouslyrevor[.]top, yskimmed[.]top and many other rogue web pages. Typically, these sites are promoted via other dubious websites, deceptive advertisements, and potentially unwanted applications (PUAs). I.e., users do not often open/visit these
Bip is part of the Dharma ransomware family. Bip encrypts files, modifies their filenames, displays a pop-up window and creates the "FILES ENCRYPTED.txt" file, which contains instructions about how to contact the ransomware developers. Bip renames encrypted files by adding a unique vict
There are many pages similar to thefreshposts[.]com on the web. For example, chat-message[.]live, tlouslyrevor[.]top and etrolhidde[.]fun. Most users do not visit these sites intentionally - they are promoted via potentially unwanted applications (PUAs) that users do not download or install intent
4help was discovered by Jakub Kroustek and belongs to the Dharma ransomware family. It encrypts and renames files, and generates two ransom messages. 4help renames files by adding the victim's ID, hlper4y@tutanota.com email address, and appending ".4help" as the file extension. For example, "1.jp
In most cases, web pages such as chat-message[.]live are promoted via potentially unwanted applications (PUAs), which most users download and install inadvertently. I.e., sites such as chat-message[.]live are not often visited by users intentionally. Note that most PUAs generate ads and collect b
soap2day[.]to supposedly allows users to watch movies online free of charge. In fact, the service provided by soap2day[.]to is illegal. Furthermore, the site uses rogue advertising networks and promotes (opens) other dubious websites. Therefore, you are advised against trusting this website or usi
Igal belongs to family of ransomware called Djvu. Typically, malware of this type encrypts files, renames them, and generates ransom messages. Igal renames files by appending the ".igal" extension to filenames and creates the "_readme.txt" text file (ransom message) in all folders that contain en