R2block was discovered by xiaopao. In most cases, ransomware is designed to encrypt files, rename them, and generate ransom messages. R2block renames encrypted files by appending the ".r2block" extension. For example, "1.jpg" is renamed to "1.jpg.r2block", "2.jpg" to "2.jpg.r2block", and so on. I
Dpr is a malicious program and part of the VoidCrypt ransomware family. Systems infected with this malware experience data encryption and users receive ransom demands for decryption tools. During the encryption process, all compromised files are renamed following this pattern: original filename,
Typically, cyber criminals behind malspam emails such as this one attempt to trick recipients into downloading and executing a malicious attachment (or opening a file that can be downloaded via a provided website link), which then installs malware. This particular email has a ZIP file attached, w
gsearch.live a fake search engine. Typically, these sites are promoted through browser settings that have been modified by the set-ups of downloaded/installed software. I.e., users do not often intentionally choose to use these fake search engines. Note that gsearch.live is promoted via a fake i
Zimba is a malicious program and part of the Dharma ransomware family. It is designed to encrypt data in order to demand payment for decryption. During the encryption process, files are renamed following this pattern: original filename, unique ID assigned to the victims, cyber criminals' email add
This ransomware-type program belongs to the VoidCrypt ransomware family. The ransomware encrypts victims' files, renames all compromised files, and creates a file designed to launch a ransom message in a pop-up window. Pepe renames files by adding the decodevoid@gmail.com email address, victim's I
Honor is malicious software belonging to the Voidcrypt ransomware family. It operates by encrypting the data of infected systems in order to demand ransoms for decryption tools. During the encryption process, all compromised files are renamed following this pattern: original filename, cyber crimin
Discovered by S!Ri, Pulpit ransomware appends the ".pulpit" extension to the filenames of all encrypted files. For example, "1.jpg" is renamed to "1.jpg.pulpit", "2.jpg" to "2.jpg.pulpit", and so on. It also creates the "HOW_TO_DECYPHER_FILES.txt" text file (a ransom message) in all folders that c
brkdown[.]com is a deceptive site running various scams. At the time of research, this web page has been observed promoting a variant of the "Your Apple iPhone is severely damaged" scheme. This scam states that multiple viruses have been detected on the user's device and pose a significant threa
privex-protection[.]com is an untrusted website that claims to have found an infection on the visitor's device and advises removal of it with a potentially unwanted application (PUA), which can be downloaded via a provided website link. Generally, users do not visit privex-protection[.]com or s