Dex ransomware belongs to the Dharma family. It encrypts victims' files, renames each encrypted file, displays a pop-up window, and creates the "FILES ENCRYPTED.txt" text file. The pop-up and text file contain instructions about how to contact the ransomware developers. Dex renames files by addin
RequestPlan is designed to function as an adware-type application and a browser hijacker. Therefore, it serves advertisements and promotes a fake search engine address by making changes to certain browser settings. This app can also read sensitive information from browsers that have this app ins
Belonging to the Djvu ransomware family, Sglh encrypts files and renames them by appending the ".sglh" extension to filenames. For example, "1.jpg" is renamed to "1.jpg.sglh", "2.jpg" to "2.jpg.sglh", and so on. Like most programs of this type, Sglh creates a ransom message (in this case, within
TopSportsSearch is rogue software classified as a browser hijacker. Following successful installation, it makes modifications to browser settings to promote topsportssearch.com (a bogus search engine). Additionally, TopSportsSearch collects browsing-related information. Due to the dubious techniq
Hidden is a malicious program belonging to the Voidcrypt ransomware family. It operates by encrypting data and demanding ransoms for decryption tools. During the encryption process, all affected files are renamed following this pattern: original filename, cyber criminals' email address, unique ID
R2block was discovered by xiaopao. In most cases, ransomware is designed to encrypt files, rename them, and generate ransom messages. R2block renames encrypted files by appending the ".r2block" extension. For example, "1.jpg" is renamed to "1.jpg.r2block", "2.jpg" to "2.jpg.r2block", and so on. I
Dpr is a malicious program and part of the VoidCrypt ransomware family. Systems infected with this malware experience data encryption and users receive ransom demands for decryption tools. During the encryption process, all compromised files are renamed following this pattern: original filename,
Typically, cyber criminals behind malspam emails such as this one attempt to trick recipients into downloading and executing a malicious attachment (or opening a file that can be downloaded via a provided website link), which then installs malware. This particular email has a ZIP file attached, w
gsearch.live a fake search engine. Typically, these sites are promoted through browser settings that have been modified by the set-ups of downloaded/installed software. I.e., users do not often intentionally choose to use these fake search engines. Note that gsearch.live is promoted via a fake i
Zimba is a malicious program and part of the Dharma ransomware family. It is designed to encrypt data in order to demand payment for decryption. During the encryption process, files are renamed following this pattern: original filename, unique ID assigned to the victims, cyber criminals' email add